Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
27/08/2024, 12:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjSocKam5WIAxXQimgJHdyTIAIYABAAGgJ3Zg&co=1&ase=2&gclid=CjwKCAjw8rW2BhAgEiwAoRO5rG34iU46puXyFXESbQ3-8qUZ1_rlAzPtq2vh2xWAp7UvnpMcnkthQRoCRf0QAvD_BwE&ohost=www.google.com&cid=CAESVuD2oeZj0nWjHisg96RTaCMwg5iulzpUPoIFwLKjirzK1UyMk4GlSZ2x7VCJwUssw0p_CXkj8EuldKiaESnestFjfrT9RrwcjFp74c9ZkBz59HGj3H6x&sig=AOD64_0tQiEkT2HFDK1hmSX7QcxC9eTWBg&q&nis=4&adurl&ved=2ahUKEwjzz72am5WIAxWkTaQEHRz6JEcQ0Qx6BAgIEAE
Resource
win11-20240802-en
General
-
Target
https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjSocKam5WIAxXQimgJHdyTIAIYABAAGgJ3Zg&co=1&ase=2&gclid=CjwKCAjw8rW2BhAgEiwAoRO5rG34iU46puXyFXESbQ3-8qUZ1_rlAzPtq2vh2xWAp7UvnpMcnkthQRoCRf0QAvD_BwE&ohost=www.google.com&cid=CAESVuD2oeZj0nWjHisg96RTaCMwg5iulzpUPoIFwLKjirzK1UyMk4GlSZ2x7VCJwUssw0p_CXkj8EuldKiaESnestFjfrT9RrwcjFp74c9ZkBz59HGj3H6x&sig=AOD64_0tQiEkT2HFDK1hmSX7QcxC9eTWBg&q&nis=4&adurl&ved=2ahUKEwjzz72am5WIAxWkTaQEHRz6JEcQ0Qx6BAgIEAE
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 4 IoCs
pid Process 6724 4kvideodownloaderplus_1.8.5_x64_online.exe 6828 4kvideodownloaderplus_1.8.5_x64_online.exe 6328 4kvideodownloaderplus_1.8.5_x64_online.exe 6784 msi_analytics.exe -
Loads dropped DLL 1 IoCs
pid Process 6828 4kvideodownloaderplus_1.8.5_x64_online.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{efeb71da-4b7d-4471-a893-2c8eca651a01} = "\"C:\\ProgramData\\Package Cache\\{efeb71da-4b7d-4471-a893-2c8eca651a01}\\4kvideodownloaderplus_1.8.5_x64_online.exe\" /burn.runonce" 4kvideodownloaderplus_1.8.5_x64_online.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
flow ioc 235 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 4kvideodownloaderplus_1.8.5_x64_online.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 4kvideodownloaderplus_1.8.5_x64_online.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 4kvideodownloaderplus_1.8.5_x64_online.exe -
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000b63f186ec435d5ff0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000b63f186e0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900b63f186e000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1db63f186e000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000b63f186e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 7 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2227988167-2813779459-4240799794-1000\{66568D2B-C798-46FA-BB0B-093C8339D7D9} msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01} 4kvideodownloaderplus_1.8.5_x64_online.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\ = "{efeb71da-4b7d-4471-a893-2c8eca651a01}" 4kvideodownloaderplus_1.8.5_x64_online.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\Version = "1.8.5.116" 4kvideodownloaderplus_1.8.5_x64_online.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\DisplayName = "4K Video Downloader+" 4kvideodownloaderplus_1.8.5_x64_online.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\Dependents\{efeb71da-4b7d-4471-a893-2c8eca651a01} 4kvideodownloaderplus_1.8.5_x64_online.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\{efeb71da-4b7d-4471-a893-2c8eca651a01}\Dependents 4kvideodownloaderplus_1.8.5_x64_online.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 654801.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 1388 msedge.exe 1388 msedge.exe 5028 msedge.exe 5028 msedge.exe 4316 msedge.exe 4316 msedge.exe 4828 identity_helper.exe 4828 identity_helper.exe 6652 msedge.exe 6652 msedge.exe 5920 msedge.exe 5920 msedge.exe 6712 msedge.exe 6712 msedge.exe 6712 msedge.exe 6712 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious use of AdjustPrivilegeToken 11 IoCs
description pid Process Token: SeBackupPrivilege 6400 vssvc.exe Token: SeRestorePrivilege 6400 vssvc.exe Token: SeAuditPrivilege 6400 vssvc.exe Token: SeBackupPrivilege 2928 srtasks.exe Token: SeRestorePrivilege 2928 srtasks.exe Token: SeSecurityPrivilege 2928 srtasks.exe Token: SeTakeOwnershipPrivilege 2928 srtasks.exe Token: SeBackupPrivilege 2928 srtasks.exe Token: SeRestorePrivilege 2928 srtasks.exe Token: SeSecurityPrivilege 2928 srtasks.exe Token: SeTakeOwnershipPrivilege 2928 srtasks.exe -
Suspicious use of FindShellTrayWindow 38 IoCs
pid Process 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 6828 4kvideodownloaderplus_1.8.5_x64_online.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious use of SendNotifyMessage 14 IoCs
pid Process 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5028 wrote to memory of 4512 5028 msedge.exe 81 PID 5028 wrote to memory of 4512 5028 msedge.exe 81 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1452 5028 msedge.exe 82 PID 5028 wrote to memory of 1388 5028 msedge.exe 83 PID 5028 wrote to memory of 1388 5028 msedge.exe 83 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 PID 5028 wrote to memory of 4412 5028 msedge.exe 84 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwjSocKam5WIAxXQimgJHdyTIAIYABAAGgJ3Zg&co=1&ase=2&gclid=CjwKCAjw8rW2BhAgEiwAoRO5rG34iU46puXyFXESbQ3-8qUZ1_rlAzPtq2vh2xWAp7UvnpMcnkthQRoCRf0QAvD_BwE&ohost=www.google.com&cid=CAESVuD2oeZj0nWjHisg96RTaCMwg5iulzpUPoIFwLKjirzK1UyMk4GlSZ2x7VCJwUssw0p_CXkj8EuldKiaESnestFjfrT9RrwcjFp74c9ZkBz59HGj3H6x&sig=AOD64_0tQiEkT2HFDK1hmSX7QcxC9eTWBg&q&nis=4&adurl&ved=2ahUKEwjzz72am5WIAxWkTaQEHRz6JEcQ0Qx6BAgIEAE1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcfef63cb8,0x7ffcfef63cc8,0x7ffcfef63cd82⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:22⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2532 /prefetch:82⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:12⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4548 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:12⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵PID:3880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵PID:5092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:12⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵PID:5340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:5808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:5816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:12⤵PID:5960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵PID:5968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:12⤵PID:5488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:5352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:12⤵PID:4844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:5584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:12⤵PID:5632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7692 /prefetch:12⤵PID:5736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:12⤵PID:5360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:12⤵PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:12⤵PID:5384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:5392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:12⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8280 /prefetch:12⤵PID:5920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:12⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:12⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:12⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:12⤵PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:5152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:5464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:12⤵PID:5624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:12⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:12⤵PID:5652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:12⤵PID:6128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵PID:5500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵PID:4756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:12⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:12⤵PID:5940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8464 /prefetch:12⤵PID:420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:12⤵PID:5656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:12⤵PID:5280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8344 /prefetch:12⤵PID:6316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:12⤵PID:6516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:12⤵PID:6932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:12⤵PID:7140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9280 /prefetch:82⤵PID:7160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9468 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6652
-
-
C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe"C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6724 -
C:\Windows\Temp\{DA1A4B80-779E-4F9C-98FD-9DE3F7EB74DE}\.cr\4kvideodownloaderplus_1.8.5_x64_online.exe"C:\Windows\Temp\{DA1A4B80-779E-4F9C-98FD-9DE3F7EB74DE}\.cr\4kvideodownloaderplus_1.8.5_x64_online.exe" -burn.clean.room="C:\Users\Admin\Downloads\4kvideodownloaderplus_1.8.5_x64_online.exe" -burn.filehandle.attached=584 -burn.filehandle.self=5923⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:6828 -
C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe"C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe" -q -burn.elevated BurnPipe.{BD788FE8-A5DC-4CCC-908E-289599B095A9} {8805B296-FCED-4558-8DB0-33AB3D68916B} 68284⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:6328 -
C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe"C:\ProgramData\Package Cache\1B9F1CBFDB480DCC694C23FB063A4CD527E73A4D\msi_analytics.exe" --regkey "Software\4kdownload.com\4K Video Downloader+\Analytics" --an Wix --av 2 --ec "4K Video Downloader+" --ea "before-install" --el "x64" --af ""5⤵
- Executes dropped EXE
PID:6784
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:12⤵PID:3820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:12⤵PID:7068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5156 /prefetch:82⤵PID:5136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6708 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵PID:6964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,18188577768916344321,13476572128162086021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4960 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6712
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3672
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:6400
-
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:21⤵
- Suspicious use of AdjustPrivilegeToken
PID:2928
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004AC 0x00000000000004B41⤵PID:1560
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Modify Registry
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD52e7026b2c2819625ce53fba718a7a75f
SHA1c036e4dc352f6b3124115370042986fa8d738573
SHA256a3db7bc5b01572574cedeecc39e68351b04fceb870046e52e70a34d413bf154a
SHA512c9b45f7e6fc188a2c04343078dbe49d84174920c0654c54f841b141b1b010d56de34c59372816f24524bee138e0bbd8ac500af391dd17cdbd4cfc73f028d82f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize328B
MD59a65987303ff9bc2785b78203bfa10ad
SHA18683082508749f0e5ebde075d56ab33722ffe82f
SHA25667f7b0ad5a72d3043a6ad6b9d38e6f70335fa5e0b6d75059e65c61d6367ca4c0
SHA5121cbb1662dda538ea63c515fe12950a48a798da97a8923db30dc9a8f9458b62c660890887c3ccfa1f614b40ffb092d40aaedd84ae134b844164d6a99e45390d36
-
Filesize
152B
MD53e2612636cf368bc811fdc8db09e037d
SHA1d69e34379f97e35083f4c4ea1249e6f1a5f51d56
SHA2562eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9
SHA512b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d
-
Filesize
152B
MD5e8115549491cca16e7bfdfec9db7f89a
SHA1d1eb5c8263cbe146cd88953bb9886c3aeb262742
SHA256dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e
SHA512851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54
-
Filesize
17KB
MD567e30bbc30fa4e58ef6c33781b4e835c
SHA118125beb2b3f1a747f39ed999ff0edd5a52980ee
SHA2561572e2beb45d2de9d63a7e7fe03c307d175b2b232bad2e763623dceb747729ba
SHA512271d4a65d25b0a5d2ff2fe8f3925fc165d9b4345893abfd919061d78ffc5ffe8890ded35e41274ad8b860f06264b027cfea6030ec9411a4e03bc6d7cb4d4d228
-
Filesize
19KB
MD519a3928e66f3d99256821c74031e1947
SHA108a85904578fd955c4b5d14d8aacfc47099bd35e
SHA25677d1e5595cb083b74750469dfd43e97c099def538e8dbf01b74d6aeb7b283ffc
SHA51216ae3675b5433081db6d7841bf7cc226c04e096b0751a6ada8028aef4ac41e87cf67e2d047f76df1fa487efa14b69858236210804a149df4c9c878f85e44752d
-
Filesize
104KB
MD57651b1187bb58ac4c7be625337b35e5b
SHA1307d969ef4137a66fe2793737dc1c546587c7f43
SHA2560632850d01a46bc2f8c223155a4bf6c398b33596bb711e098440623f118c3968
SHA512a81d2f768af155bdc642941404e7ddf95a2cea33c9374acb5fe32f6f5266e337fbef32f904551f61fcc9f9ab5a1c6a5ad130ab85b38bc2258e2f82c0ca1e9c7a
-
Filesize
31KB
MD54c1ffe713b793bf90d79c2f32a4129cf
SHA1e6113904135d4e92c94dbbfa70c8dba8a17439e8
SHA256aa0f62854f993a49a676956c84e24c6564acdf1031aba68c5fb5f9f1d3a7ab80
SHA512f4bb906bf8183f63b2a2db5aa8b22ef7c5e6082c0384b73f909c8709980096c845d5e468e61a8a2b5fbaab8ee071694b6afe1be60a930c71c8567dc219d4afd0
-
Filesize
135KB
MD5ea38b36b69f8ff5c455637737115221e
SHA13d5276103c751b9f6d8b608f42254330869e7230
SHA256b07df4a10ed3c583a76621db79ca5764ded16e8a6873723188e6bb0bdb5127a3
SHA5120fa6f23911dfb5d0d39521dd179e055bec4202585c52f20c7d8ac672a2c9cc4ba7e25d0e1c3a37ca52cbff2bd626e51667e32af4cff3377ded302402cf070d43
-
Filesize
20KB
MD55072a6ef7d0e660d70d2666a29f9f40c
SHA14083c4b29008491236104e1bd4fcd7c20d5b1969
SHA2562ad270b2b00a19d543083eeeb243c3302c1687e2de25d96c71fbee1664b3eaa4
SHA512ed0bd2811cc58b560354c3cf8158b7203b761e47d793bea3d00466f4d10a515b65ea947f88a9b08efb076d51a45e5b8986a528a3921851761306b901f60a81a1
-
Filesize
98KB
MD5e108cc3d1cf6dd5675e64f40ce87fa10
SHA16fb4b6b9aba31ef89135c0f8d88ce83f8bc77e57
SHA256dd2a649fd2ea6bd6af87a03b9d3c349e2c4945890ea6773ccb59943da5bc0222
SHA512e4b61694779d95b8c784d49cedaf4cb735122f295a2bcdcda55a61180dd1d6cfa5d18512bb1190eb01d28fb3bb12f6ff95850ce7ddb6a89b419ee8ab13fd59e5
-
Filesize
26KB
MD597a3bed6457d042c94c28ed74ec2d887
SHA102ce7a6171fb1261fde13a8c7cbb58992e9d5299
SHA256ae56cf83207570afbb8a6ab7cbc4128b37f859cb6f55661e69e97a3314c02f67
SHA5126c8cf955ec73ad9d97bbb36c7ce723bfa58c9aef849aa775ee64ce15afa70afb40e8cd45989dadec420d2e8edda9ec0f05cc76a0602df0b6c4e5d45de0f4ce7a
-
Filesize
78KB
MD529cebe17a7b69c1f1d5b2670285a2a66
SHA133e37cc197d725d832544ff82615ffdb2da014c2
SHA25651e2b52df407f06c21afc0a8c28a2be5322e93f69497ec7d69e7cc7fd07839cc
SHA5124e28b8c4de489f1794e97752cacc2691a164f03efc19b686e030a24c767f37967b22e858eeae7b6a5499d12a20aa600be8c324b9b6d5e027adc44b23b2bc9461
-
Filesize
20KB
MD5d6c2839990a382e7d8ecc7a6eba5c743
SHA163c3b8976aefee0378796e7a7c41de783ab4f06d
SHA2568e287c97289fbc126d17879c303e2fa7c1bbd37854afa5ee003b63ccfc3ca481
SHA5123297ca91769e30b073a3362cf181814120e5b518e936e32799919c9bd501e99bf01d4c0699e8bef2c42af967420d61f61fdee47e1f4cd5a09764b2be20a56010
-
Filesize
82KB
MD570cd9e8a26b7fd9cce37b1fcf45e8ff5
SHA175ca118e8717576ad26affbef5effd063389a2f2
SHA2561f71111a8391727fc1c8f8d2dbc89ac61083f4ca88dda8bfe7c1c7af6427c5ac
SHA512b09007f94b7a37dd638ac2a2a9adec4e7e7f1e0854073cf7454005387a25ae828d0e6e1f04fac1735e4be20ac764ff43b62bad303525afab7b338ed5f4f94c64
-
Filesize
148KB
MD5a85641dbbc2e737f08a83875d8e7706e
SHA16e4acbef413babea2733c3c689ccfd7788e2091e
SHA256c274acf372114f67c76a61b7df530b657e371997ba617b000363342c0abaf3db
SHA5129b967a390c47d29be598ea89691f9944927ce2335bd4f296402055b9432941707e2a22672e55d5d6684adf0f2e46506749585b51c53b05631e316065af3916c2
-
Filesize
136KB
MD5592a193443e50c2fee58aa2fdc26a324
SHA14cd3a50beb62547bc7f1de816ae480a071bb8db5
SHA256e1f6bcee8bda99ee1e162e9ac53af2bd1510e14bee56a8c01391fc64c756ec41
SHA51212d7a6f40d948d9289115f9cac584febf4a6c4a222c255e68704dd2ec50023091211ac9ac86623d16bf9de06dfcc391fcc6c1df41dd89332431d69fbca86673e
-
Filesize
47KB
MD5bfd9a9963f8b1fc86c4075a7d4eb3905
SHA1a9aa1b77df53e2728edd839acac685b1ffe62287
SHA2565fb423c3ce2463404c10f01552dd72629f88806e557381b3945fdeeb0f686423
SHA512b93a25ece5c72f28cbd20483b693cabe1fb9b86cc3682b2b1246fdad22333b470fbcda090e3dff42720185192a05a03ca341082d6b60d5cdca3b9ac2273bc31c
-
Filesize
82KB
MD5b1c9b4614e5bdd3c01840291a460d30a
SHA1aa90709d680f481a7ae16aab2bceab65613733a2
SHA2564b6efc87cc0da37f9a510f963df1dac2ebc392f93996346d9ba8fd1dd4636e77
SHA512c105d5ffd554542038b03c4afac16a7a04193eb96e23e5416f35f158b6bb121eb10c4bcd3d53ae8f07df25f403b93be9de41311adf6f23a06f9054a4a4d63f69
-
Filesize
27KB
MD5f63e56ec82507fa448d137d06cbc4272
SHA15485ee7a2ff9368c7f380a215b93adc15eed542a
SHA2560038efbc659769d0c93e78070a844b9068e98826c7cdcfb80981ef49a829f9dd
SHA5126c4108da2c95d8ebf90add765f3ce1fd5a81155cec952744aed283507c1ecf5cb41de5fed6cd5b451241ae6fed5277d1216ce6ad3b9468cfc9cc48c52cc2220d
-
Filesize
39KB
MD579cf44db94eb465700d65a45a527b379
SHA1a9ea6a3d2b3a3a61bf80caa643b077dc7fc10787
SHA25678996e6ffff1656b85b4b50393b4a9f1133550694f87e66f9c2b937bc7dd2c4e
SHA5127a2edf730c401e21b69b86528489adf587f4b830ceba0af2834bc7c69937e754c0a3e18ee9a174910391846a94394fc87bf927fb101fe899275bf072c804a519
-
Filesize
85KB
MD57079ad47d945017a7842cce44651d6ab
SHA106fda9a4c5fe471952f788f777be0fa7f488161f
SHA256276e4ca8a15c5f3e22990633c1d7d22a629f61e033dd74a0a8a74309ad2790e3
SHA51252e20005856654cd4d40cfb7afc5f0d83ff1a3e575c77a33a9338244217cb26ed623bb50649a719dae6d193c2c91d77021fc5522e4b7e0bbef94b5e66df605d7
-
Filesize
96KB
MD57846cc807df882429656a0d2dfdf8b66
SHA11745b6a86d67bb5112142166c4b9779b56c34758
SHA25695fc7477e77b4b79f470ebcdceea3846bb44b8eca0bf95c0c6ce6c6bad80176b
SHA51242c79cc34e41efe8da9e3ef8a8ba35fee12cde198ebfd17c8d5ef5f3e99eaf284e0d17dbc099563d384d5333c443c8336c7b5b09c5e9cda7717e92bbb7da93fc
-
Filesize
20KB
MD59708e5224c10eb91f435950128a72070
SHA1cc66f87dad487f1db80dc78942a7016d26725ae9
SHA256834c60d1648bb2b2c84ab278eb0690ffdbd6f9dfa393d561eb38aa026dbdef8d
SHA5128a7a126e028f6def7f03d4fc69831c2bccabebc48b7d97b816eb263a817934b8db1beb9baf1763ec7421640ef594e0a7fb65ef21cbfdadd90c3c88332f4022c5
-
Filesize
63KB
MD5e93848e7f29b9126e8c2ed6b0bc630a7
SHA110c9807e351a13104c0ee913fe7002f6324199d6
SHA2564e857dc011248d1ccd8fcf8972714cccc44d7045e0b9dcc18e663b2d754e4bc6
SHA51254c9b845fef1dacf236f88e7a7de0d1b36a4a4bd20eb926d81ccb6a3f8e7ff78c04ea24fe757c677a2007249713dde30dbb18edefad38d0ad6888d61aa14fca7
-
Filesize
16KB
MD59c6b5ce6b3452e98573e6409c34dd73c
SHA1de607fadef62e36945a409a838eb8fc36d819b42
SHA256cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc
SHA5124cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7
-
Filesize
212KB
MD52257803a7e34c3abd90ec6d41fd76a5a
SHA1f7a32e6635d8513f74bd225f55d867ea56ae4803
SHA256af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174
SHA512e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540
-
Filesize
20KB
MD5681684b98337ff2d590ec8145f8f95d4
SHA1a3d12dd3e20be6520c06bda3c188ab58478370e6
SHA2566ed6c1fd7cf2572a27b0de9b5797bda243394eef1cce39c5583b9aa8e9b6ca26
SHA5120743b836ce01b920723eb59e79ceffe2a068ec1dfb55523ac7850ebd9c432788677f0327c9ce8b27aa60d9d8e9294b08bdda53c20651f38f1cb0be073a859a2c
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
18KB
MD58eff0b8045fd1959e117f85654ae7770
SHA1227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA25689978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA5122e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058
-
Filesize
18KB
MD5c83e4437a53d7f849f9d32df3d6b68f3
SHA1fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f
-
Filesize
62KB
MD5c0b6bb8bf06770448a0226486a3fa5c5
SHA111324fc181adb507aae8bd8f06018dd0980f4cf2
SHA25651b8e76e663104d57b8772579bdd2803c2f0d92e9420f576729e0147d383530b
SHA5124e47255d0cc444f87e367f61a245d83aacb82a911ca0045a25e3aa4ce9bd9c000a4e0d80092b57662cd3c054c3677c0848b5c23afb466ca9b70357ed27b7a097
-
Filesize
31KB
MD5a4da976dde535a4f11ff4c9d57a8a56c
SHA1fc4c29049db6d81135507dc3736cb638340f55aa
SHA2566b85680498d0061e6b748f0fd9c904c74eb9f265f7d6ff6b33a37a0656164bf9
SHA512e3db7eb080a2c927ec3a223d16d818cc76f9da51525a91b8eb3cc9e15106e2939ef6d550121b8cdf76d38c001971662d833d70a269ccf35d36278d25cf42aa18
-
Filesize
3KB
MD57c2bb35a05a0ad6d84e5bac595178776
SHA16c3affb0c608b5a55f48138839d6a87abe8c0b6c
SHA2565d4d2fcfcd74110be8b961d053ce9564620794f1b34750af1df2971a08bd562a
SHA512a3b8c7a5f5079b4a5a314908eb517b13d742caf53221af560b4bb591dd6e5f5aa63172c6ec59836a3ad477a2ed79cf15286b6608e946687f318761140bb39fac
-
Filesize
32KB
MD53759cc7ff3e657da65bb79c37d456df0
SHA18988b6e587eef1a318c921c187eddae1471626f0
SHA2567f5b185e32bf794c45eab71fa895098825a0e9ad4faa063b603d6a8e7c504be1
SHA512680955322dcab207675ec22809e7a4f6c0ea810f3031e1776683b61b23d0082392192240e4c71dd171f11b5cb20ff695dbaea6fa3c5a337087fbe18b3046de5e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5f2224012e63c5816705929508a590a96
SHA13ee4f2a2c6368b357e2246f30c3fd29fd540822d
SHA25632642cfad58c5f07ecd234d905dfe49a1f2fd2654543e2c8a2c4f93872b9a045
SHA512ca006b622b83ca7d888c9d3545075b17a433af9520e00943fcb84918a43dc161b42844e1860579ac0acd750ae3d078620079dae6c0e7b2a34776837643dbc392
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5ea5d3984f86bbd143e395ab846a1bb18
SHA172dfdebabc0e630a541771d936fbabea5cf45e0b
SHA256ee78b94f639e3a2a071fbcb48f62922b539e196b6deb6d2ad004c7cb72da33ce
SHA51226128bdd4d7c669605d904ee69aa95bad8699c9223b24f290325487211b9c045135d1e551d53867e6ba5bb0d60a25b95a8ca6e921f82ae957b61a5e1c545d6aa
-
Filesize
15KB
MD54538df11ba23a07865b2a4c98f31bd61
SHA1eabac4b510f70b35e1ecabcfa04f274a88734698
SHA256c6c1fc7d43d914f90b32b5d87bfd7a11c36504b175a51aea012691dbab79b8dd
SHA512397142c2ef3e54d0129713ec123c38b3bae08f2c065dc101d7c3b1af84ac784e68d0b29745c2b1205a2a35ba0ade8771cf24684f74ee393e39826c615c4a06f7
-
Filesize
14KB
MD5c4386ae3b95f9c916c39f239c2bf366c
SHA1548cdbea87c4adda3a7aa2f6bd3f77de40102102
SHA2566b2b9c51baa1403e857dbae738b040018aed3159d4090fd659aa82f6123a1d2b
SHA5126cb613aaa6984b6fbd47f278c6e56315a4f01de687703de1db9323d77458c7e70ea0c23b3e86e7bd59297faaa683c9511d54b2e46abf996033e147b17fdb3b97
-
Filesize
5KB
MD5c97183d91234d9a2795c7d935fadc898
SHA1af953f633876c60e4da56fbea794e9b668a052f7
SHA2562baa83482e8591abf180bb385c9845f74c2b63c892593980d84b0d5e56dd6ba9
SHA512937edb7a325e86434c3a4af2ceb3e9593d320239c65b09a707fc59c9cda4b59faac71291c9b931159ebebf5516fa333433932984413e1b05da4f68c867e9d3ad
-
Filesize
16KB
MD58e2507e4be625cec492258883b199091
SHA1521964bac3bcaa41c69525551761fb743cb27a17
SHA256f7a6c3fea386722528691749fb7bd1acbd8cf1ab25fb398688fc484be39b819c
SHA512c552667436814144925a424e7e458e82ae5fa04e2de2a030e3c7698a1cc2d458d65c7b0e4b5282499d0edc92eafc3ad4f9a3925c8557ba554afa707b371e8fa5
-
Filesize
15KB
MD5c82274529552445a4c43e5f615645d85
SHA15b58222a43a6f06bfb6d21ba2a7865ad10fb7827
SHA256e6ae0079b4f263f2b84d33d39b127b645b5cd32b165b1132a703bf56a58c73a8
SHA5129cd82fb9559928afa777d46a894bfd7341975cbfa355ca665fd50513669c4d5ccf4dbe012ab67b2cf14e3809611b7f1db23dde7d9fbd336a2d2e86999585a7e6
-
Filesize
16KB
MD5e5b00dc43aafa9d19d8bfa7ef50ea8a3
SHA144f2e3be1b33564c04b68873555326a24cb2ca43
SHA256459b3a3cf027afd5a3b47b5addda3ca89082113864d0ffce2cb0455d03ffecc1
SHA512b364795fb2d8a963fb25709ccc63f060c93d90459b7bc4e55e57d30a51bcc79d788975c0caaf70674fbb00d30f003850b4787acff60109a038a23a4bf0c7de08
-
Filesize
17KB
MD51e97106d66f47a521e9a8f02e5718658
SHA18d2f91861972995b1a937ec9c6b41ee47b928a68
SHA2569e5b27ffd2592c9fcdb08c3110b4bcba8ee09e825a55e805fe3b5f93fc6653de
SHA512e9ffccb181bf34e6833526a55f0c6824729ed64ded9006774b2789be5442c434fc6a3d049794dd790e8e347ff6cb552de6344dea20e76523f890708e7884f0b0
-
Filesize
17KB
MD52f416a3a5a2ce65a076dcfc03ff255cb
SHA19ae40fbb7d168f211d03cddd853bc2fb0b17daaf
SHA2560a78193dbf37143042900415e7abdb9ca443fac1009dc05fa1716037b24adcb0
SHA512e2b309a1472ff72f690ffb215197dfe2b51dc3120f6ba4849d50c5171741fe2060493adc9823a29f55f60af7d779b4ecca27171e33bbf001952f4fff9f62a9a5
-
Filesize
7KB
MD5bcf8558994d0190ebe8d1390022ae56e
SHA110818dc0849317c378a9428c8b256f008e2e0674
SHA256819ffff79c32a616c7bf6c11a3c343d4fd1f49c9455f52d522d7f30cbb1a5c63
SHA5120b27a6b08cc5516e1ddd611ee2beeab4719545d37ccffbabca32337c9ab157cd0afa378bb5f214172620f8c5c51fb387568b18966687ddd1018da9201b3b28bc
-
Filesize
4KB
MD574ba8acae62956ca4df948c763c0205b
SHA1d33c5fa170453d414b2f80a55a97712ee74a3d94
SHA25670e001070ebeb7cf49ae51eef91ed01000f2a745a6fb1a440d06bf084e5fea90
SHA512fda3745c24e2613bb037b74017f4983c3f3280f8d0196d476d73f9bb16110997be5794f353ad99c5c5af62a978605cba12ec02d5458d292fc86ce66185b08659
-
Filesize
5KB
MD5ae28b7c6de21019eaa63e5f5c361d872
SHA1f89e10d3f5c7aebd1a16c90dd3d8581073fdae1c
SHA2564d84486d1c4849687889d38ed976b5b4a5fb8281d0c956c7baad29665704f86e
SHA51297493b53daedad619925c2aaec2f67fde37b90cbe2c29c3d06d66b6bc2be491f784b17f24135c5c90b43bb7a0393f22fbf51e26f0943a862a5f9c78dbd6bde41
-
Filesize
5KB
MD546932e572f660c5ef8cc0d8533bcd04e
SHA1b4304f70613b3202589e187d0bbc3ef61de566b4
SHA2565d98083fb8986e6edf8de09026b18d6d53fd5cd59b02e9fe28c432cb4d9785be
SHA512a64f9e80b9512f222533e18837f1e2989f4b400eef560c31c119b1c80b3190ca7e10e513aeda01f1ff466aec8452061e3b1082297e24f603824207da9c8252fe
-
Filesize
3KB
MD527eb4e5359ab9fda9c210ea180a5a628
SHA12513daa5299a99d71438b917b2a3bf4b109344fd
SHA2564958106ed7294de973a9e2fa5f30c960f73f48fde72781dc8755a6daa3b3b796
SHA512a2ee3c6b842eb220d599a67d12a1617b8931afd000e8139ad6074dd937c8b6d6b1b23739a734ab59b5b29287ef8ccbaa94dac8d9529be0978cf7f9b9ba914da8
-
Filesize
4KB
MD5ec62cb18bb8cafa84f8e1b3654230b15
SHA1258254157f214025093b8f67db325b42526d3262
SHA256e1ad27b99d58cd0e93e4d63f2c92cd7f9ed83e2ad0ddfb422119cc907369eb72
SHA512a066042044c77de583da32fa56cca83bfcb2fa55e23b44c364d278f18eea5e6da415ac3a01f0add3af7a48da1a28fc2c678d0286e1c0983caf5a2ae58f6fdbb2
-
Filesize
2KB
MD53ffb08b716a0c83a807bb8466b8e535b
SHA1768b284622bc4e6e25ae958493f214b14ac9be38
SHA256bb4be9449d24ec9ccbf3e2ce5f4a9b564036e7dba343d0ce81fa25dac210e5e9
SHA5126b53cdb1b67fd61117ec74c15cac8b5f0a2c7de6c4942fcb73214049c86b039a2f85734511b6e380743dc658aa334563f798f3acc8e36eade57d5ead6b000ca3
-
Filesize
1KB
MD5762b0d9bcb0bb8843a902ea923f32c92
SHA12036ed3cc9c87de8c52012c238aeb021cf20544d
SHA256229650db872b4f1b31e3519205ef1e68d1bd9f20343ef1fb523a30bf3838cc2e
SHA5124a1ed4b2689e9422389e45bcf4b93dafecc2f12911aacdbca483968b0cb5a007391bc2701e6a5c9cf7a6fe3eb16f83a5b467821ce5e23d610f3f53e742a74358
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5087a99468d63e9ae661aab62934b9114
SHA1cbe6c0d133f4213a0c43dbcff294b743df0e8cd0
SHA256ae8ac365881ed594acb0b98e1f51e66946309d807bdec5910c975e6aa49c869f
SHA5121544d5770b64dd57a10c64054b588e6f36cdff73816b972d51cd4b152b63aca52bc23737defcf0df42216bae6ae8de8a78749d4599b4b5a0351dc51192a552b8
-
Filesize
10KB
MD5043e0b9cd03cd9e7e70d52caacad86c1
SHA15100eab8228b1eaf7dcd3ff63a2a20ba2e5fc2e0
SHA256846705df5fed4c41668f90ac5944da974ce635971222f2fd6600a29584547908
SHA51212a03e60af31565643e9f617c8f5d0295f5adea64aa3a97079a9056a762c2ba629d508227041a40723d2099667d6fe18c07226261439a0bf1ff93de0b022ae22
-
Filesize
797KB
MD5c4dc6e0553abe19480e18a623fd0ed16
SHA15e09cd0c63f0722cd61b9e6a088e838210584f47
SHA2566f108a32d56aadf46556fecb32ddd550b34366a93d240ce392244e2bacf8b47a
SHA512ad079eb6e8a68391084481e63909316fb9e7c73fd7834ad932b0fd9788893ff46cd34931bd8c69ac4391be9ff8cf2df02cc86b6a3428eb3a54d8f3a6199b1040
-
Filesize
5KB
MD50bf1911014ac159acc884ef38dd37d2e
SHA1e36be8cdf1cd4c1145c0e572cd6f1b747ffdb8e7
SHA25637fecc5656210a96ef13153d4941c564143a172ef762a81116093cbbd6bf503a
SHA5125a0bf6fab4b1fdfe7077aa37e533522df0d17d62faf6eee7e81ddd883f9a7290c4cc3b94b2581992aec5ca6ac0a39e4d3c45037cf13a85d302080d2c80bd428a
-
C:\Windows\Temp\{213C16EE-3130-406F-AE25-F9EB66D361F3}\.be\4kvideodownloaderplus_1.8.5_x64_online.exe
Filesize765KB
MD529c60670558fe72372fc97433e62e344
SHA15913dfdd13df3163158b154db2a3ea1afd745121
SHA2562ea10014606de5a86740472c7d105fac97baa97ee2dbedc20c9681b8d901dc80
SHA5129ee4327e53eec434b6b44e60c59b606ae2f8fbfe47c2b3148312fb3c02abc5739dff7031c5a9b79864990c265a2ce83cd32552a80b280eb515fce10b06176c45