Analysis Overview
SHA256
f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054
Threat Level: Known bad
The file f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054 was found to be: Known bad.
Malicious Activity Summary
Remcos
NirSoft MailPassView
NirSoft WebBrowserPassView
Detected Nirsoft tools
Command and Scripting Interpreter: PowerShell
Checks computer location settings
Reads user/profile data of web browsers
Executes dropped EXE
Adds Run key to start application
Accesses Microsoft Outlook accounts
Suspicious use of SetThreadContext
Enumerates physical storage devices
Suspicious use of FindShellTrayWindow
Modifies registry class
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Scheduled Task/Job: Scheduled Task
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: MapViewOfSection
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-23 08:58
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-23 08:58
Reported
2024-07-23 09:00
Platform
win10v2004-20240709-en
Max time kernel
150s
Max time network
153s
Command Line
Signatures
Remcos
Detected Nirsoft tools
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NirSoft MailPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NirSoft WebBrowserPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook accounts
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-QBT08L = "\"C:\\Users\\Admin\\AppData\\Roaming\\Remcos\\remcos.exe\"" | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rmc-QBT08L = "\"C:\\Users\\Admin\\AppData\\Roaming\\Remcos\\remcos.exe\"" | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-QBT08L = "\"C:\\Users\\Admin\\AppData\\Roaming\\Remcos\\remcos.exe\"" | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rmc-QBT08L = "\"C:\\Users\\Admin\\AppData\\Roaming\\Remcos\\remcos.exe\"" | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
Suspicious use of SetThreadContext
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe
"C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\AZjibU.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AZjibU" /XML "C:\Users\Admin\AppData\Local\Temp\tmpF0D8.tmp"
C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe
"C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe"
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
"C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\AZjibU.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AZjibU" /XML "C:\Users\Admin\AppData\Local\Temp\tmp2788.tmp"
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
"C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe"
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\Admin\AppData\Local\Temp\nrqjskmqhlrgzbt"
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\Admin\AppData\Local\Temp\ylwctdxkvtjtkhpcpn"
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\Admin\AppData\Local\Temp\anbutvimjbbymvdggyesy"
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\Admin\AppData\Local\Temp\anbutvimjbbymvdggyesy"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xbc,0x110,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa09a546f8,0x7ffa09a54708,0x7ffa09a54718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,9217435343960451226,18344653490934688632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 107.173.4.16:2404 | tcp | |
| US | 8.8.8.8:53 | 16.4.173.107.in-addr.arpa | udp |
| US | 107.173.4.16:2404 | tcp | |
| US | 8.8.8.8:53 | geoplugin.net | udp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| US | 8.8.8.8:53 | 50.33.237.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 57.110.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.246.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 13.89.178.27:443 | browser.events.data.microsoft.com | tcp |
| US | 13.89.178.27:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 27.178.89.13.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| US | 8.8.8.8:53 | learn.microsoft.com | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
memory/3660-0-0x000000007440E000-0x000000007440F000-memory.dmp
memory/3660-1-0x00000000007E0000-0x00000000008C4000-memory.dmp
memory/3660-2-0x0000000005820000-0x0000000005DC4000-memory.dmp
memory/3660-3-0x0000000005310000-0x00000000053A2000-memory.dmp
memory/3660-4-0x00000000052D0000-0x00000000052DA000-memory.dmp
memory/3660-5-0x00000000055C0000-0x000000000565C000-memory.dmp
memory/3660-6-0x0000000074400000-0x0000000074BB0000-memory.dmp
memory/3660-7-0x0000000005660000-0x0000000005670000-memory.dmp
memory/3660-8-0x00000000056B0000-0x00000000056BE000-memory.dmp
memory/3660-9-0x0000000006790000-0x0000000006850000-memory.dmp
memory/2616-14-0x0000000002AB0000-0x0000000002AE6000-memory.dmp
memory/2616-16-0x0000000005680000-0x0000000005CA8000-memory.dmp
memory/2616-15-0x0000000074400000-0x0000000074BB0000-memory.dmp
memory/2616-17-0x0000000074400000-0x0000000074BB0000-memory.dmp
memory/2616-18-0x0000000005320000-0x0000000005342000-memory.dmp
memory/2616-19-0x00000000054C0000-0x0000000005526000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpF0D8.tmp
| MD5 | df4f9cd770035811ec78f9e2b1805e21 |
| SHA1 | 47d9d6fd1355db19cf0fd3a35d6726ed9d70a594 |
| SHA256 | 412e07f4b09a0c7d3399f3d773d423802b64346a974b104985b830d9ec225052 |
| SHA512 | 14cb8fde5dfee5bb1e2b574e4143b23f716c7964de22a9164c769c93274bace2644575cbb3d3631cb2b0f9cf1c343695f76222af89fa267318d6a69824e538dd |
memory/800-21-0x0000000074400000-0x0000000074BB0000-memory.dmp
memory/2616-20-0x0000000005530000-0x0000000005596000-memory.dmp
memory/2616-24-0x0000000005DB0000-0x0000000006104000-memory.dmp
memory/800-26-0x0000000074400000-0x0000000074BB0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_a5urmue2.kbi.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2616-25-0x0000000074400000-0x0000000074BB0000-memory.dmp
memory/1580-45-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1580-46-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
| MD5 | e34683e560b0c2a5cddcffe98956ea62 |
| SHA1 | 89a3dc3e4b06a8c4bd94bffc48adac82e620d910 |
| SHA256 | f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054 |
| SHA512 | 4bf4a8fef3b740ba3e6a04bedaaa90970a60b72fc950d53de6e2bf597d89d5d399f9258f9f8088f0ea6304bfa219c5537271c9df59c463893d9589370a27ebff |
memory/800-23-0x0000000074400000-0x0000000074BB0000-memory.dmp
memory/3660-50-0x0000000074400000-0x0000000074BB0000-memory.dmp
memory/800-99-0x0000000006320000-0x000000000633E000-memory.dmp
memory/800-100-0x00000000068C0000-0x000000000690C000-memory.dmp
memory/800-111-0x0000000007320000-0x0000000007352000-memory.dmp
memory/2616-113-0x00000000706B0000-0x00000000706FC000-memory.dmp
memory/800-112-0x00000000706B0000-0x00000000706FC000-memory.dmp
memory/800-132-0x0000000006880000-0x000000000689E000-memory.dmp
memory/800-133-0x0000000007560000-0x0000000007603000-memory.dmp
memory/2616-135-0x00000000076F0000-0x000000000770A000-memory.dmp
memory/2616-134-0x0000000007D40000-0x00000000083BA000-memory.dmp
memory/800-136-0x00000000076B0000-0x00000000076BA000-memory.dmp
memory/800-137-0x00000000078C0000-0x0000000007956000-memory.dmp
memory/800-138-0x0000000007840000-0x0000000007851000-memory.dmp
memory/800-139-0x0000000007870000-0x000000000787E000-memory.dmp
memory/2616-140-0x0000000007950000-0x0000000007964000-memory.dmp
memory/800-141-0x0000000007980000-0x000000000799A000-memory.dmp
memory/800-142-0x0000000007960000-0x0000000007968000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 402425678d22e6d1e86bd8135516f27b |
| SHA1 | c496a2b93779e40ebd7c2500a68201d302509447 |
| SHA256 | 77a2f281bcfa04771bbbbebd799c090f016913b3a6dbfe9a179becce24fa92d9 |
| SHA512 | 83d2d580264bd8d87301990a3d4eaa4c72ceca52cf07d996ebf3c9ff640009368a3f8099d891960690e14c8b427dceddbaddcc403816414be8eb8b405ff593df |
memory/2616-149-0x0000000074400000-0x0000000074BB0000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | 968cb9309758126772781b83adb8a28f |
| SHA1 | 8da30e71accf186b2ba11da1797cf67f8f78b47c |
| SHA256 | 92099c10776bb7e3f2a8d1b82d4d40d0c4627e4f1bf754a6e58dfd2c2e97042a |
| SHA512 | 4bd50732f8af4d688d95999bddfd296115d7033ddc38f86c9fb1f47fde202bffa27e9088bebcaa3064ca946af2f5c1ca6cbde49d0907f0005c7ab42874515dd3 |
memory/800-148-0x0000000074400000-0x0000000074BB0000-memory.dmp
memory/3388-152-0x0000000005A80000-0x0000000005DD4000-memory.dmp
memory/952-165-0x0000000000400000-0x0000000000482000-memory.dmp
memory/952-164-0x0000000000400000-0x0000000000482000-memory.dmp
memory/952-168-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3396-179-0x0000000000CC0000-0x0000000000DA4000-memory.dmp
memory/3388-181-0x00000000066F0000-0x000000000673C000-memory.dmp
memory/952-183-0x0000000000400000-0x0000000000482000-memory.dmp
memory/952-182-0x0000000000400000-0x0000000000482000-memory.dmp
memory/952-185-0x0000000000400000-0x0000000000482000-memory.dmp
memory/952-184-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3388-186-0x00000000708E0000-0x000000007092C000-memory.dmp
memory/3388-197-0x0000000007370000-0x0000000007413000-memory.dmp
memory/4504-196-0x00000000708E0000-0x000000007092C000-memory.dmp
memory/952-208-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4504-209-0x00000000075D0000-0x00000000075E1000-memory.dmp
memory/3388-210-0x00000000076A0000-0x00000000076B4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 34199e2098b6e85fc77857cdbcbc37bb |
| SHA1 | 2fe9fa075c3ab6c40de0170126385aa5c327f20a |
| SHA256 | 4ed3c58a84b6a9e2e58e9675c2793bfed648359fb32815ea3c7ef19f9c29ef56 |
| SHA512 | f2495972cf29a0f1c4bbb7ffdfc0a973657dd887a2ce78d49d814be03792cd6399121d354b4d9a10a35773cd79e635a09ccc7cd959480cc9a8f0757866e1d05a |
memory/3592-225-0x0000000000400000-0x0000000000424000-memory.dmp
memory/2428-229-0x0000000000400000-0x0000000000462000-memory.dmp
memory/3592-224-0x0000000000400000-0x0000000000424000-memory.dmp
memory/3592-222-0x0000000000400000-0x0000000000424000-memory.dmp
memory/4884-220-0x0000000000400000-0x0000000000478000-memory.dmp
memory/4884-217-0x0000000000400000-0x0000000000478000-memory.dmp
memory/2428-219-0x0000000000400000-0x0000000000462000-memory.dmp
memory/2428-216-0x0000000000400000-0x0000000000462000-memory.dmp
memory/4884-214-0x0000000000400000-0x0000000000478000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nrqjskmqhlrgzbt
| MD5 | 883af97f5f6dddc6f8cb495b841ec9ae |
| SHA1 | 225c3118ce7f9c747b891548fc637f41975bc8d0 |
| SHA256 | fcb197376fc607f9493ea0460ecac86ca5ae8973120894c6f8353b67e28995d9 |
| SHA512 | 8ae27cb74d4d3641a3ac7dca2bbf9f8d4b89a012fb723ced33db319d24bde80e90293c0f10d2713fd024ce800f57bafd3e6d1feb4cde973eea56f4c581052b23 |
memory/952-232-0x0000000010000000-0x0000000010019000-memory.dmp
memory/952-235-0x0000000010000000-0x0000000010019000-memory.dmp
memory/952-236-0x0000000010000000-0x0000000010019000-memory.dmp
memory/952-237-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 10fa19df148444a77ceec60cabd2ce21 |
| SHA1 | 685b599c497668166ede4945d8885d204fd8d70f |
| SHA256 | c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b |
| SHA512 | 3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef |
\??\pipe\LOCAL\crashpad_1632_DKJNIJCUMZFMAZQK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
memory/952-255-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 75c9f57baeefeecd6c184627de951c1e |
| SHA1 | 52e0468e13cbfc9f15fc62cc27ce14367a996cff |
| SHA256 | 648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f |
| SHA512 | c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15 |
memory/952-256-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9c73013457c449a054d5fb0de9a93847 |
| SHA1 | 9b99cb6d623f49177845815bb061770c6dbef7aa |
| SHA256 | 6bbb25af9d1d41617fc779cdc3c645dde50046d7d62dd9a1ec6034fe4cb283b3 |
| SHA512 | 6e006904854286f510d725be002a59eee9b49341a25af796a092144d31c8c7a777fe2f8503ca39c7a19dfdc8a6e8464e7bf3c88c96416396ced7fa5430a437e6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 9c131ff52e80f1851eec7a807221d320 |
| SHA1 | 5912277af99c4dd645ebfad8735a61c6a7e99e1e |
| SHA256 | b5771fcf60652fe483ba6ea265db73ccd40e412b410b226f909bf6716f8431e0 |
| SHA512 | c6c6f6d9ade86b5e45d80a7164528d395871c87d3f3eee66cbe5d7bed85f8421e1ff0d9541a1506eeb1b2f2143f0facda53cf79913a7121c1fc8547476d5bab3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b40365fbcb7e767096151dfe56545ff6 |
| SHA1 | fa2285dbee4c3bb8a3c3478fd3ec118832087e58 |
| SHA256 | cc85306732505432b75d4ebb941ed7c5fb2140629d9f379e5e5428d785af6501 |
| SHA512 | bda489760a368446d35f3bf540594d87f935b68e572b2ddd3854531c41845c2728a6dec79af6fa0a5291f91f97283ca74a1089b9a06254fe31f253ce42e3779c |
memory/5292-327-0x0000000000C90000-0x0000000000D74000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d7806dcdb670e0d4c3894367154491b0 |
| SHA1 | 42656715d4e4b67ac1ac6af42035e4fdbb6387f4 |
| SHA256 | 8a744972f25cf6c3cd2e53a9baefa316ea52b22f3fa8404150e824f8486f6548 |
| SHA512 | f6328b6f833e5fd98aa943a10287f897a32afd0be06ffc5699facb2908b341c4a24dddfb1eadee7a28e1babac741485d0979fb5bca77085033ce324fa1fbfaf4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | d82604e6b99fa9ae8b07b5babc4fedb7 |
| SHA1 | 6e95a1d6a3229ae282adc48a4a4bd4a5cf589b32 |
| SHA256 | 98f9a5f2e3af8267e0e95290731812ba7be48413389b4d93f0207ce12b7b0dbd |
| SHA512 | d63d4a60ca272db900034c8e30148c48812881d55850bff372f302da5c8251a81d75c7accc6fdfb6b9da2131bda931d7e40f1cb6b80453f2ff22b676d7842d42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589054.TMP
| MD5 | 5d196776a2291e61ae0eb8bcd3ce0ba5 |
| SHA1 | 2fb60ecf7a4fd18d8f423863e1fc17c25c919189 |
| SHA256 | a974773b9129b38ff2229cc8a1db172209275821b32108bcebd537e671580ca0 |
| SHA512 | e2631543b7fea8a4b15a9b9fec564bd68ffdfcd6c4254eefa0675466091eb9f8ea36e5f9827ffad070a381112478aa1bb095cc1fcd698627995a2ba913b0e947 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | f57bd672fe614986d4123ee65ef4f1df |
| SHA1 | 2cc726dbf325b3a303602098110a3a0906c03ba1 |
| SHA256 | 6b26decf834976a09886a7af692ab99d01936cb8e9367803053f29eddf13ab3d |
| SHA512 | a1df656360c2f18b3043e48be62c3fbee2c55b66cbd8c2b29e42065071549a1a52ea6a26d55581d7088b075bed2aedaf2d3a0d7985ebf59f488394854c907495 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | e51f388b62281af5b4a9193cce419941 |
| SHA1 | 364f3d737462b7fd063107fe2c580fdb9781a45a |
| SHA256 | 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c |
| SHA512 | 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | c74489f38af9c35da06e303efdd81bf8 |
| SHA1 | 0b6fe1b83b0e67e9494854ed3340b9f2048ce868 |
| SHA256 | 82de249fcefe94d3c9ef4ea1c7e79964db15c77da30f06fbdf838ede96d01342 |
| SHA512 | b187cdae13496a6a727ae9387f95dba488cd9e9a2c370913c5d58630c9c46e13483c4f943d13710288b02e5a27a4c81faf6014be77c36606f2c522f675551c94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | 63c35f2b03afd6f49ce397af057d8b62 |
| SHA1 | a774cb5bb994665701c05a95387c14816a98ecc3 |
| SHA256 | ab87b1b3dddef062db66a5775b95d1d796bc7f1ba502aa06513c372ac5ba6f00 |
| SHA512 | f030f522de2d6e431c9a8c1ee05e8f81dc10357ab0f3336ca618b2a7655ec7d86ce3ab38f3d4152c8727ca7f854f635b7b3ef669874f1bc6651dcf2764d98b7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 34504ed4414852e907ecc19528c2a9f0 |
| SHA1 | 0694ca8841b146adcaf21c84dedc1b14e0a70646 |
| SHA256 | c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810 |
| SHA512 | 173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 522037f008e03c9448ae0aaaf09e93cb |
| SHA1 | 8a32997eab79246beed5a37db0c92fbfb006bef2 |
| SHA256 | 983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7 |
| SHA512 | 643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 240c4cc15d9fd65405bb642ab81be615 |
| SHA1 | 5a66783fe5dd932082f40811ae0769526874bfd3 |
| SHA256 | 030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07 |
| SHA512 | 267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 870b357c3bae1178740236d64790e444 |
| SHA1 | 5fa06435d0ecf28cbd005773f8c335c44d7df522 |
| SHA256 | 0227bd6a0408946e9b4df6f1a340e3713759a42a7677bdb8cb34698e4edf541e |
| SHA512 | 7fc902e787b1f51b86d967354c0f2987ea9fd582fef2959831ea6dbc5e7bf998a8f24ba906f0ee99ae8493aeb0c53af06bee106d60b448ac50b827c63b1ed169 |
memory/952-422-0x0000000000400000-0x0000000000482000-memory.dmp
memory/952-423-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3860-424-0x0000000000600000-0x00000000006E4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3df8acad2a0620788b36510a251a51b5 |
| SHA1 | 17ac9113c46d02b3f99ea1d4e1df7002209cde7c |
| SHA256 | 5f58f099f2a4267d09ceb9145e31f2ee3f3f1a0316ac36c3d9e8bd9dd9cfd4ff |
| SHA512 | 954720bef49312c6fefe6b0a92c1122ab188546fdb7b79d2d496b66b85790ed7efbf0a8184f5ef96e47bc3849a99872fce1a405321e19313e32dffeef178a7ae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9596a962b27c9b1d28d5d038405e17d8 |
| SHA1 | b43bd8d595dbd812f2c54dc52804bf48291ae36a |
| SHA256 | d84c6538eb26c88ddc8e8422fbb1f328460ac947e145cfe28f7736f1ebb3cabc |
| SHA512 | f7a200906e239cec86c7bcfff6d2ac89201ce8e0ed6bf2ddf1b3396af16a7347d47aacf863aadc6b5d52d8310abefc55de78d2848dfa018c33223321a7266dda |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\298f9fbeff1adc5e_0
| MD5 | 24fa119c446b0a92b8aa700c57c40b71 |
| SHA1 | 1b4294d23e07d04ef3ebdc39bb7b2386096805d0 |
| SHA256 | c8550d91dd4fd2d821f228e9c1b9dd160400cc05ae9e37c7765086ac5e8865d9 |
| SHA512 | 8447a507c3e1590cd6ab150e620ecd3138a102919a597b35064f57c831f44571e49eb3f8ca6c17166c81094cdb3a237f628198d56c1d14027aad88e243f6a567 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6fed1a1199331f15_0
| MD5 | c50bac1902d13a84fa5cb626ba80ea20 |
| SHA1 | bb79da70ff9332aea7907dcbe55640771f422b7f |
| SHA256 | a36b07bd575e3139cd6c918cdf8e185aa9107018566b898c91f5f58e835ead57 |
| SHA512 | 97bb0c10e54c7023c800db5ba0367cdce2e23e7e11278675699e9379f49532fa93366a05fc6e7524d1b57211b00a6db5148949308ca95e4f84109e962c378784 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b677dd40e200a484_0
| MD5 | 9eab4e547bed9b71ddf63dfe635d0c2f |
| SHA1 | 1896b19c1f95434cb5e1af2a09d2e75798912d08 |
| SHA256 | c0bf563daa655182ac7ff40e35810323b28ba7e2fd922f4a94a99eaabcadc539 |
| SHA512 | ba9e1b6d25ecad28861ef6f1f466a07444650be4349577b7017dd4ac9dbba0c71300732e3db3ed895eb3138954c779fed4a0ae74edc038da790273cfba89d7ed |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c9b01bf1d0b6db5_0
| MD5 | 81e2115683e7b39b12157d955c2469df |
| SHA1 | afdbd85a4346c9de080223502b77468553e22ead |
| SHA256 | 8ff3bbd7f8de1b703141b032430e7a57f33e682ab6fa3a8c88ef6821167d838b |
| SHA512 | 354d17c95cb26af63e7fc06e811540a3e0028b56f90d003b18bf4c7a992bfce030aa90b93c7fde205b7e9c6a7a7023068bb39e4935b47a10618906a1a23ac7d7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f433402ef42482f0_0
| MD5 | 42d0d8e55607c37b034c83c555465edf |
| SHA1 | b978a425d4d5ddd79496e70dfaec57b3b9960ef8 |
| SHA256 | e674627a0ffe7468847d1009ea321579e965e6637df7702870ff05d2d42c707e |
| SHA512 | ce10f3df11c2f0ab29af4be9a8eec088dd44c83742ecb490f8517a981210ba0bd771016ddadbac4ae60f3985668bb5256fd0a83e06ef69acbaeee3bca881ade2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67c896e8aae559d2_0
| MD5 | d297e3ed695efe17e6c617bd9de0d358 |
| SHA1 | 5ba6d59d6a9d8ae980b6d2eee615316d71304a64 |
| SHA256 | 16f634d2e8b86bac16e51e1c2492ad91e1d9049489dd67abaf05264213a56245 |
| SHA512 | d687f6dd4436ecd8378b3d5ca3bc10c437b7636064162c8ed56019115a76a5ceba976b6fd8ff12a5569d86591defb25fe72fc7c27573674f581dadb677614cc9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f29ed5b5251e1eaf_0
| MD5 | 69fddc9ac8d533b43a0834c80ded0d23 |
| SHA1 | f62d3ac322b74164c8d59ddbf3b283863713718a |
| SHA256 | daba4f0b40968e9972a57f5a508b025e66de463fc331be3712d46219792ac886 |
| SHA512 | 5d2a7acb814f4888187e975f2d5db2c4838005e779b904042ea8a54082acda7cd6b856a82f2864aeaeadd6dabf6c4235164a23caf2de98e0002c1a7bc0b12a25 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bd90f31ea43c3a3b_0
| MD5 | fe1e4498384e9da0dc6f43f26497303f |
| SHA1 | a5e168b1f303d6928e8fe128506cced48ca13eef |
| SHA256 | ddb56f5310008fe209d2d64b73f9b90f98691c89647022aa9179e091d3d51a5c |
| SHA512 | b9b43fc4a1f61644120a056b4a792d7e7823c4e9d4e83e90951564cd427319e15430cd67b5c64d7c90f52d50360f1507470e360ea8a180b3a17cf9d390599789 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ab592dde6ff023e_0
| MD5 | c73dc1a1ac3b4e7106d88409c5b2c263 |
| SHA1 | 8f5b931e52c02b74f16d8f49d2d2c50f7d74cea2 |
| SHA256 | f44b8fdecaefa647742d193e8c82e3962918764af99f124e566bf4d850607ee4 |
| SHA512 | 48e6f078112605a72820d5255c1092bcd4ab65ba31cb3deabd4d07997fb0e3155e574555c508e498df505a6446034bdd81aa751d8df906c76a642323e5d11c49 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 17e0e84a9046c5d1169fb68f60630af6 |
| SHA1 | 3010a498f6cb64f27ed7b5331258b0a305ac4217 |
| SHA256 | 19e2cb465a170c8b96eb56e8cdffb6eeef41242cc7b8ccc0203d644a9aac08ef |
| SHA512 | 6de5cb82cb092c45822f2965dbe6c3313e9cc9699c79524191766a40c9370d6f5b5ca32d8f6091561f67d573398e07931d1647402b7ad6b12769966164e9a14d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a3cf7f18bb6b0b9089ae60c0e54e2e50 |
| SHA1 | ba75aaa9db0277d0d8baeb11b4b642027508043d |
| SHA256 | 043722e2c56ae6d069a30a99969346e07186872657a5b0de4c175a72bbdf4969 |
| SHA512 | d0dee56f2791fcc989ac282bad6d4ff3440f97e93c6e1800d07bd0899c799f19a4faa662196a44a1ae008f50b33a7c4178e4ea51b30ef586b46af0f95e1d08e8 |
memory/952-581-0x0000000000400000-0x0000000000482000-memory.dmp
memory/952-582-0x0000000000400000-0x0000000000482000-memory.dmp
memory/5788-614-0x0000000000620000-0x0000000000704000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 52395e8d4bcfc9825c03ba8ef538be01 |
| SHA1 | a4a04d7e9cbddc0414ece756b348fc471780eec6 |
| SHA256 | a95c6143b1304cca1beff099b24008599a6ae336a310d5eb5524ed6a9d7d032c |
| SHA512 | 6124f21487f7f0226f1486b3f6784d5449aa35f7460e79d0407d3740c4e9cc8aa211b2d2677943c8c1be8dd17dc8926110c7383bbdad2ba2d9f1144d1be999e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 05592d6b429a6209d372dba7629ce97c |
| SHA1 | b4d45e956e3ec9651d4e1e045b887c7ccbdde326 |
| SHA256 | 3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd |
| SHA512 | caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 18bb4bd470060dac6c6d0bbaa2ec13d0 |
| SHA1 | d962b2a09e2069ad1bdbc8827891c526ca77b720 |
| SHA256 | 50e7dcd9f9755bbca4d63f2851fa7f834046cab2a4794c080d0cd6738c404856 |
| SHA512 | 7d454a4a4cd2b3dd1fc56e69dae59d264aac1697b5da2bf812db93e77e99332bce6398c39b910288ec2a702028fb4487dca3b9d6f4834a1d65637a247d7dfb7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 81becda07b2d381bc6b5334b8758819a |
| SHA1 | 2ce962710c95b21c74720734ed60459a9fd10f42 |
| SHA256 | 1b5fa0fd6d228fafb047e8113acb306b268d8364d7ee77582cb114047a630c7b |
| SHA512 | 9fe0a5f2baf325421b26df7b8a54db18d7aaa99a0a27b8c8d90b1253062c506bc5d46556918af2b35fa703b962b6f631402ee06654b0362a7b8af172b59c8b16 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | eee8fe5d338daedcdc675096e3cbb585 |
| SHA1 | 6f85cf6b0b3c840f7b6bd926c816d46609f347aa |
| SHA256 | ab623e7680aeb2b0693b6e84f02b95e8eff568f2f63dfb1394d3ee05fa2fe4b6 |
| SHA512 | 3e87c77100b8f970f454fde204fa14fb1994338f45ac9cfdc3ce6dc5c9a1c6673ae8eed079d637617cd6a6d3b6784deac3f9562544dbcc90e3721887dc0b4263 |
memory/5860-737-0x0000000000800000-0x00000000008E4000-memory.dmp
memory/952-768-0x0000000000400000-0x0000000000482000-memory.dmp
memory/952-769-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 721b3f4d9a651fc046a90b79b21f6980 |
| SHA1 | 6ecc81617fe61b8136053856fd773ae8419dce42 |
| SHA256 | 98455ce93304d3ba8c5c1719c85148d0f493ee5472827228880fa1e1fba93333 |
| SHA512 | 963c454130c521cf5f0c5aa9e6153c7811d88c321daee3cbc99938300253bae0728a3c4e579ffc7a837309d3e201fa13fef9fc7d0dd7e22e3cfc2631a67fd98e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 9e427af884829179a3a3e945904bb4bf |
| SHA1 | b77fc83639aee64cea07a59e3fe6848ac57316e8 |
| SHA256 | 96505f92f82781d75e622eb1d0a4c91aea2aec50aeb88777613f86545903d1da |
| SHA512 | c567374b9f4692a9605180e1a2a01cdf03c2312fe2c2c33468584e70c8a73dccf76e524597375bc071526b31f6c2f496a8c60e9376136b20fd8779dbf2682440 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 5d5819e3db8c92dae33aeb4e3cdec073 |
| SHA1 | 251fc05a5d77b25236a5ce271bf4d90a37f46518 |
| SHA256 | 3745e2777af779ceb57383979f19b47546b6b7ebbb9ea0b3f65300823ba846ee |
| SHA512 | 307e25bf7392676f3c229377d2e1eca30e11361b759a3fd134f80aa2e3542330e52bf323d30b4aba22d07725113bb9a03d7e96ed8b4bbe3784ade1364ca88b0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a04320ab472262bf905d897acc25c463 |
| SHA1 | a6c6c5e3dcb8e8235c1a53804bea794e3b72ede2 |
| SHA256 | 1b047852671e8d15dfe042db459720a401df7dede713f37c3c728be579c95be4 |
| SHA512 | f634918e7a228546985c6b6df6047931bf68db0a99f9f38a809f6694cdeda2ba4cca65835714ac4bfa88df9066cab7c9c50f559f9721f63d5ab58b7a56369fa6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-23 08:58
Reported
2024-07-23 09:00
Platform
win11-20240709-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Remcos
Detected Nirsoft tools
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NirSoft MailPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NirSoft WebBrowserPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook accounts
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000\Software\Microsoft\Windows\CurrentVersion\Run\Rmc-QBT08L = "\"C:\\Users\\Admin\\AppData\\Roaming\\Remcos\\remcos.exe\"" | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-QBT08L = "\"C:\\Users\\Admin\\AppData\\Roaming\\Remcos\\remcos.exe\"" | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-126710838-2490174220-686410903-1000\Software\Microsoft\Windows\CurrentVersion\Run\Rmc-QBT08L = "\"C:\\Users\\Admin\\AppData\\Roaming\\Remcos\\remcos.exe\"" | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Rmc-QBT08L = "\"C:\\Users\\Admin\\AppData\\Roaming\\Remcos\\remcos.exe\"" | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Suspicious use of SetThreadContext
Enumerates physical storage devices
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe
"C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\AZjibU.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AZjibU" /XML "C:\Users\Admin\AppData\Local\Temp\tmpD37C.tmp"
C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe
"C:\Users\Admin\AppData\Local\Temp\f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054.exe"
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
"C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe"
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\AZjibU.exe"
C:\Windows\SysWOW64\schtasks.exe
"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\AZjibU" /XML "C:\Users\Admin\AppData\Local\Temp\tmp7FA.tmp"
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
"C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe"
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\Admin\AppData\Local\Temp\vufceq"
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\Admin\AppData\Local\Temp\ywkuxisas"
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe /stext "C:\Users\Admin\AppData\Local\Temp\irqnybdtgznt"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0xa0,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0xc8,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7524 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7508 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Windows\SysWOW64\svchost.exe
svchost.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.0
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7fff8df43cb8,0x7fff8df43cc8,0x7fff8df43cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8672 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,6783013406391222342,6068377861666688270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 20.177.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 107.173.4.16:2404 | tcp | |
| US | 107.173.4.16:2404 | tcp | |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| GB | 95.100.246.21:443 | learn.microsoft.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 20.189.173.10:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.10:443 | browser.events.data.microsoft.com | tcp |
| US | 20.189.173.10:443 | browser.events.data.microsoft.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 13.107.253.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
Files
memory/2408-0-0x0000000074E4E000-0x0000000074E4F000-memory.dmp
memory/2408-1-0x00000000003A0000-0x0000000000484000-memory.dmp
memory/2408-2-0x00000000055E0000-0x0000000005B86000-memory.dmp
memory/2408-3-0x0000000004F20000-0x0000000004FB2000-memory.dmp
memory/2408-4-0x0000000004FD0000-0x0000000004FDA000-memory.dmp
memory/2408-5-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/2408-6-0x0000000005290000-0x000000000532C000-memory.dmp
memory/2408-7-0x0000000005450000-0x0000000005460000-memory.dmp
memory/2408-8-0x00000000055D0000-0x00000000055DE000-memory.dmp
memory/2408-9-0x00000000062C0000-0x0000000006380000-memory.dmp
memory/4884-14-0x0000000002710000-0x0000000002746000-memory.dmp
memory/4884-16-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/4884-15-0x0000000005120000-0x000000000574A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpD37C.tmp
| MD5 | 860c4733a83ad15d626467955774d803 |
| SHA1 | a97f27d3935240726a6d3a1f5455a19ed0501b54 |
| SHA256 | 57cfdba92b6b0d44abde5b2ddca27b8a9e198dafa6beed2d573d34767d4337b7 |
| SHA512 | 83bc9c759b11c9bba8e7cfa6fdfa67b6fcc7d4bb313c9616816701d7d8e616ee02ef9c6ad18970aff1371c40185d54ef1547b7f44f1a3b941ce5730866508e0b |
memory/4884-17-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/1616-19-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/1616-20-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/4884-28-0x00000000059A0000-0x0000000005A06000-memory.dmp
memory/4884-26-0x0000000005790000-0x00000000057B2000-memory.dmp
memory/4884-29-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/1620-23-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1620-32-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4884-34-0x0000000005A20000-0x0000000005D77000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qslfojwl.eqg.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/2408-33-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/1616-31-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/4884-27-0x0000000005930000-0x0000000005996000-memory.dmp
memory/1620-22-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1620-21-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Roaming\Remcos\remcos.exe
| MD5 | e34683e560b0c2a5cddcffe98956ea62 |
| SHA1 | 89a3dc3e4b06a8c4bd94bffc48adac82e620d910 |
| SHA256 | f377f9ebb865d686833a830718e6d4eb3898a20e87b0b89e26436c10496c5054 |
| SHA512 | 4bf4a8fef3b740ba3e6a04bedaaa90970a60b72fc950d53de6e2bf597d89d5d399f9258f9f8088f0ea6304bfa219c5537271c9df59c463893d9589370a27ebff |
memory/4884-99-0x0000000005F10000-0x0000000005F2E000-memory.dmp
memory/4884-100-0x0000000005F40000-0x0000000005F8C000-memory.dmp
memory/1620-111-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1616-112-0x00000000067E0000-0x0000000006814000-memory.dmp
memory/1616-122-0x0000000006820000-0x000000000683E000-memory.dmp
memory/1616-113-0x00000000704E0000-0x000000007052C000-memory.dmp
memory/1616-123-0x0000000007270000-0x0000000007314000-memory.dmp
memory/1616-125-0x0000000007340000-0x000000000735A000-memory.dmp
memory/1616-124-0x0000000007C40000-0x00000000082BA000-memory.dmp
memory/4884-126-0x00000000704E0000-0x000000007052C000-memory.dmp
memory/1616-135-0x00000000075D0000-0x00000000075DA000-memory.dmp
memory/1616-136-0x00000000077E0000-0x0000000007876000-memory.dmp
memory/1616-137-0x0000000007760000-0x0000000007771000-memory.dmp
memory/1616-138-0x0000000007790000-0x000000000779E000-memory.dmp
memory/1616-139-0x00000000077A0000-0x00000000077B5000-memory.dmp
memory/1616-140-0x00000000078A0000-0x00000000078BA000-memory.dmp
memory/1616-141-0x0000000007890000-0x0000000007898000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
| MD5 | ac4917a885cf6050b1a483e4bc4d2ea5 |
| SHA1 | b1c0a9f27bd21c6bbb8e9be70db8777b4a2a640f |
| SHA256 | e39062a62c3c7617feeeff95ea8a0be51104a0d36f46e44eea22556fda74d8d9 |
| SHA512 | 092c67a3ecae1d187cad72a8ea1ea37cb78a0cf79c2cd7fb88953e5990669a2e871267015762fd46d274badb88ac0c1d73b00f1df7394d89bed48a3a45c2ba3d |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 976544b7e7eb721efa246da54e23d84d |
| SHA1 | 0c6af23c51d001906072cf7b8c1c6ea606c9208d |
| SHA256 | 9793db6240812dd81c17b25893755450dda3399398270cfc7d604e428a0b42ed |
| SHA512 | 1e701eca1774a3558e313c70632147e12ba94ffecff455b1ad2946ded7393c1ed7767bb3d01c22c9ba55204dc438d6fc59216f59e4efb9bb93191d30d91188b9 |
memory/1616-147-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/4884-148-0x0000000074E40000-0x00000000755F1000-memory.dmp
memory/3408-162-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-166-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-163-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3540-168-0x0000000000A00000-0x0000000000AE4000-memory.dmp
memory/3332-161-0x00000000063A0000-0x00000000066F7000-memory.dmp
memory/3332-178-0x0000000006EA0000-0x0000000006EEC000-memory.dmp
memory/3408-179-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-180-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-181-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-182-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3332-192-0x0000000007B60000-0x0000000007C04000-memory.dmp
memory/3332-183-0x00000000756F0000-0x000000007573C000-memory.dmp
memory/1220-195-0x00000000756F0000-0x000000007573C000-memory.dmp
memory/3408-194-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3332-204-0x0000000007E60000-0x0000000007E71000-memory.dmp
memory/3332-205-0x0000000007EA0000-0x0000000007EB5000-memory.dmp
memory/2648-206-0x0000000000400000-0x0000000000478000-memory.dmp
memory/2648-208-0x0000000000400000-0x0000000000478000-memory.dmp
memory/4404-213-0x0000000000400000-0x0000000000462000-memory.dmp
memory/2648-212-0x0000000000400000-0x0000000000478000-memory.dmp
memory/1696-220-0x0000000000400000-0x0000000000424000-memory.dmp
memory/1696-219-0x0000000000400000-0x0000000000424000-memory.dmp
memory/1696-217-0x0000000000400000-0x0000000000424000-memory.dmp
memory/4404-211-0x0000000000400000-0x0000000000462000-memory.dmp
memory/4404-209-0x0000000000400000-0x0000000000462000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 4373244356b142888a4c45226bc56108 |
| SHA1 | d419fd98f524ea6aa7376c6ab5184a6ce3017004 |
| SHA256 | 1a52fe2484624081d9f7978d9c4941c4803d612c7760202599be71d31121c9c4 |
| SHA512 | 312896e1a34d930322a981d2ff3dff47be74256dc90cc64406008df4ccb4f275beec4b110b84a4e7cc5a5049972460b0bfe75a152071f02adfbc2e2c2c44b52b |
memory/3408-230-0x0000000010000000-0x0000000010019000-memory.dmp
memory/3408-229-0x0000000010000000-0x0000000010019000-memory.dmp
memory/3408-231-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-226-0x0000000010000000-0x0000000010019000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\vufceq
| MD5 | f3b25701fe362ec84616a93a45ce9998 |
| SHA1 | d62636d8caec13f04e28442a0a6fa1afeb024bbb |
| SHA256 | b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209 |
| SHA512 | 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 562b59fd3a3527ef4e850775b15d0836 |
| SHA1 | ffd14d901f78138fc2eece97c5e258b251bc6752 |
| SHA256 | 0a64863cb40f9d3b13a7b768b62e8b4707dfee1d3e86a07e999acb87bd7d3430 |
| SHA512 | ef9fd3d83ab85b18cf0e0d17e2c7d71936f783e3ae38005e5c78742560332f88be7c4c936d4dc4179e93fde0240d2882d71ef7038289c8cbddbfc4790c0603c2 |
\??\pipe\LOCAL\crashpad_2400_TZJETGSHOEZGYDRI
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c1ff2a88b65e524450bf7c721960d7db |
| SHA1 | 382c798fcd7782c424d93262d79e625fcb5f84aa |
| SHA256 | 2d12365f3666f6e398456f0c441317bc8ad3e7b089feacc14756e2ae87379409 |
| SHA512 | f19c08edf1416435a7628064d85f89c643c248d0979ece629b882f600956f0d8cd93efbe253fa3ec61ad205233a8804807600f845e53e5ed8949290b80fe42d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | dbf81aa0b2a9b9fe0e0ffa56fe25bf99 |
| SHA1 | 44929934f4469d521c6ca7d7002f5837748f39b7 |
| SHA256 | 01d25dbf84884c1747906cf73ee3c6a2cb77a10aa38ae12eed5b1160ca40f8c6 |
| SHA512 | b83587730c89f33138404e701fe73af9c3fe9ba22738207863a5af558169ef1afcb5028544e40a1553831babc76f8a47d3f924e2fe578147def53de03ec90b79 |
memory/3408-254-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-255-0x0000000000400000-0x0000000000482000-memory.dmp
memory/1940-281-0x0000000000E40000-0x0000000000F24000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e8ebb942b593fe298f92dc177d3bd4a6 |
| SHA1 | 43301a9c08eab5bb7823d185295b6ff8822d2f82 |
| SHA256 | b8f0d9c781daca89596fac874e7413731cc5d15249ec5243b44162a09161d56a |
| SHA512 | 845a153c6f1e568b669e3b92c15a68938dd6f357c184f2626afaff82e5a15905cd48df061730729674e0efd687960b17db566bb21fb4010640b726c0efa7ac48 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 378697ed146b0a138791b503541b8d9b |
| SHA1 | b12e98089702972a599e4a665dc1bbb38f1553f5 |
| SHA256 | b9e7b775039537de61a9194d3bd4d9da5a6c72ba5269af50580c43da492ca9ef |
| SHA512 | d1ca924809f20b885a566e5736e549b8f87c364d1de9f9ba3ad1f0479250b035b246ea3cac852820790734187444bb58ca7ca574aff7c69dfc62580f279bda64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
| MD5 | c74489f38af9c35da06e303efdd81bf8 |
| SHA1 | 0b6fe1b83b0e67e9494854ed3340b9f2048ce868 |
| SHA256 | 82de249fcefe94d3c9ef4ea1c7e79964db15c77da30f06fbdf838ede96d01342 |
| SHA512 | b187cdae13496a6a727ae9387f95dba488cd9e9a2c370913c5d58630c9c46e13483c4f943d13710288b02e5a27a4c81faf6014be77c36606f2c522f675551c94 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | f57bd672fe614986d4123ee65ef4f1df |
| SHA1 | 2cc726dbf325b3a303602098110a3a0906c03ba1 |
| SHA256 | 6b26decf834976a09886a7af692ab99d01936cb8e9367803053f29eddf13ab3d |
| SHA512 | a1df656360c2f18b3043e48be62c3fbee2c55b66cbd8c2b29e42065071549a1a52ea6a26d55581d7088b075bed2aedaf2d3a0d7985ebf59f488394854c907495 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
| MD5 | e51f388b62281af5b4a9193cce419941 |
| SHA1 | 364f3d737462b7fd063107fe2c580fdb9781a45a |
| SHA256 | 348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c |
| SHA512 | 1755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
| MD5 | 34504ed4414852e907ecc19528c2a9f0 |
| SHA1 | 0694ca8841b146adcaf21c84dedc1b14e0a70646 |
| SHA256 | c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810 |
| SHA512 | 173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 63c35f2b03afd6f49ce397af057d8b62 |
| SHA1 | a774cb5bb994665701c05a95387c14816a98ecc3 |
| SHA256 | ab87b1b3dddef062db66a5775b95d1d796bc7f1ba502aa06513c372ac5ba6f00 |
| SHA512 | f030f522de2d6e431c9a8c1ee05e8f81dc10357ab0f3336ca618b2a7655ec7d86ce3ab38f3d4152c8727ca7f854f635b7b3ef669874f1bc6651dcf2764d98b7b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
| MD5 | 522037f008e03c9448ae0aaaf09e93cb |
| SHA1 | 8a32997eab79246beed5a37db0c92fbfb006bef2 |
| SHA256 | 983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7 |
| SHA512 | 643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
| MD5 | 240c4cc15d9fd65405bb642ab81be615 |
| SHA1 | 5a66783fe5dd932082f40811ae0769526874bfd3 |
| SHA256 | 030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07 |
| SHA512 | 267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
| MD5 | 870b357c3bae1178740236d64790e444 |
| SHA1 | 5fa06435d0ecf28cbd005773f8c335c44d7df522 |
| SHA256 | 0227bd6a0408946e9b4df6f1a340e3713759a42a7677bdb8cb34698e4edf541e |
| SHA512 | 7fc902e787b1f51b86d967354c0f2987ea9fd582fef2959831ea6dbc5e7bf998a8f24ba906f0ee99ae8493aeb0c53af06bee106d60b448ac50b827c63b1ed169 |
memory/5196-377-0x0000000000C00000-0x0000000000CE4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2ba4e23f0db7f0ff46c9d4a02d21f1e4 |
| SHA1 | 16a6d871f3eb9e716f52b23a443fb2e0785c6011 |
| SHA256 | 29bb14825bc00ca0370a064ef7fc12ca490b62f6547db1726c6971fc1735fee1 |
| SHA512 | abf25308ae5d10d7f60801976b48a58aeaf16b7241e084f1f28a8f39f003727d1143d9198479090b21866716c1f31508f9ccb4a0359543559f6765c39d5491ea |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | da057460d3dfda07b9d921fc6ae6de74 |
| SHA1 | 4c69941a6a354e4182b5b3fdc0e79849d802fdef |
| SHA256 | 7b2fa3f25371d7871c9ca8e7d63b68f13b7635d5ff52346a3fad50ce61c46cbf |
| SHA512 | 0952408920e84c7f4f801e7753b35122fed96318838acac664e5d42a43d15a68a137243ba8413f5a0cc81bfd7ed2e6dbbb87cddce6e4b3c2894a905059e5ac30 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586b38.TMP
| MD5 | ef42e7362930d49a3883838598171b1d |
| SHA1 | f189e49804b3252fff4970ae7c5ba9ffcda27664 |
| SHA256 | 47cc28db5f3c5e715c5a3c9d96756b785d90bcb97d2a7a66318eda7656168112 |
| SHA512 | 46b5be090a48d8ee2e3cc85aa21f66bf9f2376c8b6f0f4a305b58411306b03f1396a60e79b3e24ddb70f37c77c90c65b3de15b071ca2308e754a9119fb9d3264 |
memory/1084-467-0x0000000000430000-0x0000000000514000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\169cd09137c3a4a4_0
| MD5 | a60aa6657fd9dfdf4176628bfb025dcf |
| SHA1 | 728de0deabda319e074e3c32f10561e44e694923 |
| SHA256 | 5c46d4ca5ac5425ca30c5025c1eb7a5b5cc70fe6001c12cc990c4f94f1789613 |
| SHA512 | 8bf47b37255f01cdd4a56501bc555b4c6f23c9a0ed268199e53efb188e07311a5a1ae6e7e5be5d7a2f99b991f7c1f4f4fe9bdbe36f960c1481540783b46aa5b6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6fed1a1199331f15_0
| MD5 | 39e8e1cfc52cba91ec87c818baf3d5c3 |
| SHA1 | 8714f8e30d6d5a219527bccdfecf75e7bbf820c0 |
| SHA256 | a659cc3cce599e315c732fada34f86325ccdd0fa062fcf2310be57563c7155ee |
| SHA512 | 40fec934cab63f057f7a754b34260fd5e0ab41011021ae6fe8a04f21aa390a228329e859b9d05280feb1db19ec8e664acbb7edce181379dd94ef65ee44deb89b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c9b01bf1d0b6db5_0
| MD5 | 80d1278ad91b19167581385b0e64b1e9 |
| SHA1 | d056da008a9c358efa5dc151de143437640e33e5 |
| SHA256 | d23f10f92267cefecf93f1a9ee7a87fbda15dc31e5d5bf04f8a025f5f83f60b0 |
| SHA512 | 35e7f0e384825c748e4ba17fe3a3f7bf3dc06a87f6353b883e817afcdd7f55db263d26946e9ea25d6e02c21c6cd69fff9deae667f85b21bdc6a178f9cabf38f1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a56b86a76c0eb692_0
| MD5 | d65e3a3fb424f45c3b013c376c262535 |
| SHA1 | 17591da46dc477337e506b56d7e3830e14e70510 |
| SHA256 | 8b2532a6f058fed9352a0fe1faeded4058f1e7eaec36182fafb34d175b9440c9 |
| SHA512 | 055f42d28b16acff514974e6841568f5bd11d5105ea05f427572fe710675b193973148b930524d1bba096befb5d4fed5b048cfb3e59dc056601939de3c541387 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8c8f10070fb7a9d0_0
| MD5 | dd59e5dcf693aef097f96baf601dafa1 |
| SHA1 | ba97342bdc84b7f7c720312c999bd1dfe01e5a82 |
| SHA256 | 21ce266c32e3377d45926acfd2bcbb703980608c2a7dc6a80297e5e31fd0b90d |
| SHA512 | 4ec822ee41e30df3f3681e64b54c44e87b71600282d8cd51e127cb9a7c23a9db8b8645444a14c9c287075d827afd08ae46baeee38b9cacfc443fceef164978da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f29ed5b5251e1eaf_0
| MD5 | c20641a922c6a56931414430d190e7e5 |
| SHA1 | 9097cc55534fc8d86b73398fa885e7784b013351 |
| SHA256 | f930af97752b8010894053f9de533ed98f15ea0acea5e8ec9f921275dd0e836f |
| SHA512 | 6a9904805d56f37aeb152094da28e8b38d4b3ad474b1ba307876025bc6c89373407142af8e7e9a126bd085bbc7175441f691d0559496864a0fd41af40565a667 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3ab592dde6ff023e_0
| MD5 | aa0503100f9223f06ac2478f4e31d385 |
| SHA1 | 1f14abd888fc1b65b6709219c0eb389fadef2ee1 |
| SHA256 | 67f612bcb24f7d17d2bb1596e9d2de174b8482ba359f4f86da036bef352b3791 |
| SHA512 | dd559235461db4b4496c8fb4eba01051a53f67ff6fea8859d203a1c858522c457cff58e5afdf2865f6c4c4e27fed37faf98a7a25a957eda42ef9ba468c4b6a26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\67c896e8aae559d2_0
| MD5 | 60d2183b9c5c72c344d38d39386af89c |
| SHA1 | 2b1e99dadeaa1b39caef586a37da391d7441ead3 |
| SHA256 | 8e82d55454667e783b53e17875a61fa5a680fdf69399fc25f1629524f49358fa |
| SHA512 | 002cd816f88c5272efe97f766edd2e62a298da05f200f3f68a9bf2e8d130f1b0223c07e73332ba2dfb7177aa5627565eeca326d3ad4de17620f9e7e4dcd2923a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d331811ead64ae6f_0
| MD5 | 62a43ae787c1ff3ac1e79278db4bb05a |
| SHA1 | 3c70f15d6eac8dc2a85f8179b300689d9c4710f9 |
| SHA256 | b30071a169602deb0b62ed9ad51a6fbe0356d1fcd3363cf4545763162a3698f6 |
| SHA512 | 6a8eeafab91302bb36bb84d0deaf60c9a5c185ee0a1d60732d73804f2b3be27b8a070977d34e2e81ce91d16465c1560bd11bcfa7e967413500bedc03726abff4 |
memory/3408-500-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-499-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 54b8029f93b285e7dea84ee3f27d6eaa |
| SHA1 | a36854203d6129691d9d6b1d6c7346087d9cc1f7 |
| SHA256 | d26fa14a3ec0efed022a14ea3351f6fa008fc57fa5b720f304ebc9aec206c9f5 |
| SHA512 | a097e739e2cc161eda5995d44addf40d2a8690d39843a4ad0774591d0ec94eac76219e5e573d421e5d234f65b8fc6828c614a05b7e861820d0c59c67dc300a5c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 73f258fba38cf69230fc4d6a7ce8c4b4 |
| SHA1 | 37b230a41599d924f5f27d42c54dc3c32e9b783c |
| SHA256 | 56f7801ca4c83d83abe4db1a3659f66da70d87776a7cca3413b80b721c1728ef |
| SHA512 | 2659d1f8991babc1c0a5e9ab2088164aabf8b1584b774b229088ec74c576480f473a60b99be7302c29d198aa8341c4030df16e2a5ee2662be9600fc3a9d3c2ac |
memory/5652-560-0x0000000001200000-0x00000000012E4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 42d0266b0a616ea894f57b1b5532a840 |
| SHA1 | 250018053b14c4afd4c4c3c676d3a7f8ed886652 |
| SHA256 | 57b9fd8fa85223e04fddd4b66cff165623aad73ea2dbd99b6925a5442ede1f81 |
| SHA512 | 53b1779f97cd3e1a3bc42bdddfcf9cd8d0b65fe28c132b139f50a84920e5abb1d50892decdec358938686e166727393ca8a47d47898bce19421f86522fe5a77e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | af3a9266bb599d4f79a734e802718ed1 |
| SHA1 | 6ec04ab5a19324d6e65629b652cec6ebf3047d2d |
| SHA256 | a932f0525390a197b9ea4a01e36623e8c12e3e64bffe49a927ba8289cbd8e2de |
| SHA512 | 20247fb7b78e4196275e408f8cac93ef37ba973d76a05d863183fa062f99108f948cdc60fdd7d61614f4bb28adb52601f994d5fae0ef41523f5cae30f64abe8d |
memory/5728-656-0x0000000001240000-0x0000000001324000-memory.dmp
memory/3408-681-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-682-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bb8ba9f2bd19fb7cd219bee8d41f2fc3 |
| SHA1 | 9a2e316bf39969736beab8358987becbf17d551d |
| SHA256 | de0dfafc2733d6734056949461b79a79fb358d1da4f426e4c771877ff6d5c422 |
| SHA512 | 4aeb0b46452662f058cce7bc5b6983adf75cda4eb2fe86d2aa549b9442f7369d1b26c8deb63e8b3769841ac357053cb581d5b35e0548ec97bfa1182ae8e57904 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 4aff99a6ede716c0304cecc694e41701 |
| SHA1 | 026c79ca25ae48e49ccfdc56fdec63c019556080 |
| SHA256 | 9794aa1e2a485e429427e3f736a0abc0f880eef234c1f8d557c89664ef305a70 |
| SHA512 | a18471275ed9d32ed0e733673ce2fdb0729a0053a1a0ee0b6a4beeebb675b68da8f28d812822e030031327d632b62f2c225d613b486ca9b54ac80975cd71dfee |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 19f854f133fbb12aeb856c07ccefb046 |
| SHA1 | f1fee68a0f601b70903f9d2c5dac353aca32a23d |
| SHA256 | 930067d39c71908816f5ee19af07b17c6955a6dc53b719a8e57082a912c6aaef |
| SHA512 | 990f357a777d7886fadbc8e55dd161e3406a28ab6dbb0f01f6eef7894a9acad83de821728e85aa52a684a2f72ae172ededf9fdc09f7eaa5af6fb5e163aa2f898 |
memory/976-753-0x0000000000600000-0x00000000006E4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e770176f6d408ce9c2ea219fc935fde |
| SHA1 | 8ff9ade2855ba12a570af7c397814d58f88fdce4 |
| SHA256 | 0a48d997c10b27d2d64c53bfc782796c7d07db7a0d4f89c401d70ece9ffca9a3 |
| SHA512 | 799f4e478845d02412f4c687708e42e769d536e35aa93c8657dc5ac97453a5995c3bbe1f0795f59d1109dc3a2fbc83fa3a4463e62729ff14b56443c533359de8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 401b6a3e2e37c2fffb2b1605b6d16f7b |
| SHA1 | ca45818856f8977fc321a394688cce2a300b3fcf |
| SHA256 | 93fc98646f55a57b04307fa61dc2f93422e22adb404444727f44287c1ea4faf2 |
| SHA512 | d67849e6b44cb4f5a7f3284e50aaa95844190e2fdb994b59c68c92728d412698b703d06b56bdcfb62fe18daba41095566077aceeba3f615c3e5e731589e53e96 |
memory/5744-843-0x0000000000410000-0x00000000004F4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 28ed9afd69382df50584abceac27d384 |
| SHA1 | 597a2b7de36b0e9dd78a02154915820c45f3e689 |
| SHA256 | 334b42f61288ad9ed4698e9f8850d42fed9b8e28a702ba5672917a433b3d8cf8 |
| SHA512 | 5bed39e0a22520ce26e75893d3d1097421bd8ac7e633924c242c586b920ffca94af62266e6b3744077e64c390bb24d91f9bc6fc99bd4b41035d4d6952eab18de |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 1ea7828b1a1e83a67904b5f3a02e9a9b |
| SHA1 | e66589c4f6791d87714e38a20ba8d4dad3df8a0a |
| SHA256 | 96faae447596701bce631eab3444e0e79c2df86cfb282e51928fdd9aacc0f602 |
| SHA512 | b0a30e368e9e2852ce0d3cf8b86b99637a58dfc02e0a600c99d62b23378c690e007f288c6abaffd719b81e7d1298db8acbcc335bb93742aee7769ea8fb2ecccb |
memory/3408-901-0x0000000000400000-0x0000000000482000-memory.dmp
memory/3408-902-0x0000000000400000-0x0000000000482000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c613f68ef07f1dc5655d6002cf168946 |
| SHA1 | 9ea7ac7c9fc5907fd3a9df8dec6143a4c5c1cf6a |
| SHA256 | 03a0079dab13f1518a88ec15aadd9adada1bd0a75e053eb2b97974fc29d556d6 |
| SHA512 | 40e6083815b2fb97e78850e4b458844918f3ff9aa5043929469cc673e181fa809e3d929180a184f01cfe44e6d8c3feff212ac3bd8c7189f934008417a3b9153a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 92411066946f0984fc02166e4d9dd271 |
| SHA1 | b916462b11f6523ad46b49cf8956e1e71a3d0830 |
| SHA256 | 296f3d37a3c4beefa6b7a6dfdd334d348e9af46def6aaa05f3a6a28c12480774 |
| SHA512 | 04b9523c169ee58765032ac11eca5e2efa087b37405bbb016206153118d8d6efc575b89590995fca93f339dff0f3afad6038724eac5cc213ee9c1cc96896b424 |
memory/7116-1022-0x0000000000800000-0x00000000008E4000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9228f44cb7fdb7f037fc7448807e1dd5 |
| SHA1 | e89a307b4b968e4e8090c4ad7deda54765d9ec51 |
| SHA256 | 7d05a4efc05dcf3fe8b1a9f15189100cff244f64295304ef482828fb83192651 |
| SHA512 | 074b8cdb25949c0d50ecfaa0dec0a682a16ac1109fa97a1bf421453e93f0ec89caa0010f556fe58ee8f72ab791310920736a3938de798591f4469fdebf7a4332 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | be62b948b1b7a96f72607480fc22ccb1 |
| SHA1 | 1c108feab38e07e3afd3cdb480f42ce721c8e0b5 |
| SHA256 | 44a4e03123add27321ce1faa5c6fba13f4f47815848f2fa5eb8c82659c3ad818 |
| SHA512 | 192c4ffc58c67f7a56278566007a4ded2022170934463ec8590bf24162944ce6472f8cf14f070550b127a925e4cd49ac5a2a984f0b686eb7859f3cb4fd6d2ee3 |