Resubmissions
12/09/2024, 17:31
240912-v3wn7swajq 312/09/2024, 17:29
240912-v2w9cawakf 812/09/2024, 17:28
240912-v2g5eswakb 312/09/2024, 17:11
240912-vqej6avfjg 812/09/2024, 17:09
240912-vpczyaveqb 312/09/2024, 17:08
240912-vnjq4avenc 3Analysis
-
max time kernel
968s -
max time network
966s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/09/2024, 17:11
Static task
static1
Behavioral task
behavioral1
Sample
obraz_2024-09-12_190801491.png
Resource
win11-20240802-en
General
-
Target
obraz_2024-09-12_190801491.png
-
Size
626KB
-
MD5
d395a4791b4ef58425cf268f12c6a53e
-
SHA1
6e56ad53f72a10fea5ec528d18c485e9571e1798
-
SHA256
3b1f9ee1e664702e254e6d05e00e489676ab196a56ff3a6904926e7b9dddd0c3
-
SHA512
5c8bc703790cf75d3c37539c6f2df7b95ef4fdfe717218d663f51f5a919a68c31ab25f09a43f230ab23559b7ca711b065727a89e8092748f2d26f9970236aed4
-
SSDEEP
12288:ytJJ2MRpKe1n5DEJVC5qiX8lypQ0hFCnjg7hX/mim/w:ydn5wzCgiXo4pMP4
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 3 IoCs
pid Process 5164 WinNuke.98.exe 3932 WinNuke.98.exe 5272 WinNuke.98 (1).exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs
flow ioc 171 discord.com 172 discord.com 251 raw.githubusercontent.com 253 raw.githubusercontent.com 298 raw.githubusercontent.com -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\setupact.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log UserOOBEBroker.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\WinNuke.98 (1).exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language FileCoAuth.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinNuke.98.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinNuke.98 (1).exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{994DC940-9E94-47C6-8A21-EB354E09A248} msedge.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings msedge.exe -
NTFS ADS 8 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 714022.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 509043.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Melissa.doc:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 551240.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\WinNuke.98.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 291700.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\WinNuke.98 (1).exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 775681.crdownload:SmartScreen msedge.exe -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 5368 WINWORD.EXE 5368 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 28 IoCs
pid Process 3824 msedge.exe 3824 msedge.exe 4532 msedge.exe 4532 msedge.exe 4648 identity_helper.exe 4648 identity_helper.exe 4996 msedge.exe 4996 msedge.exe 3060 msedge.exe 3060 msedge.exe 1032 msedge.exe 1032 msedge.exe 1512 msedge.exe 1512 msedge.exe 5032 identity_helper.exe 5032 identity_helper.exe 4488 msedge.exe 4488 msedge.exe 1332 msedge.exe 1332 msedge.exe 1332 msedge.exe 1332 msedge.exe 5160 msedge.exe 5160 msedge.exe 4580 msedge.exe 4580 msedge.exe 3868 msedge.exe 3868 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 5796 OpenWith.exe 5928 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4924 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4924 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe -
Suspicious use of SendNotifyMessage 38 IoCs
pid Process 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 3824 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe 1032 msedge.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 2144 MiniSearchHost.exe 5796 OpenWith.exe 5872 OpenWith.exe 5928 OpenWith.exe 5368 WINWORD.EXE 5368 WINWORD.EXE 5368 WINWORD.EXE 5368 WINWORD.EXE 5368 WINWORD.EXE 5368 WINWORD.EXE 5368 WINWORD.EXE 5368 WINWORD.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3824 wrote to memory of 2112 3824 msedge.exe 85 PID 3824 wrote to memory of 2112 3824 msedge.exe 85 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 2052 3824 msedge.exe 86 PID 3824 wrote to memory of 4532 3824 msedge.exe 87 PID 3824 wrote to memory of 4532 3824 msedge.exe 87 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88 PID 3824 wrote to memory of 1608 3824 msedge.exe 88
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\obraz_2024-09-12_190801491.png1⤵PID:5016
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3824 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffef99b3cb8,0x7ffef99b3cc8,0x7ffef99b3cd82⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1816 /prefetch:22⤵PID:2052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:82⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵PID:576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:4612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5480 /prefetch:82⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,3320061866977122931,14589596784500193209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:12⤵PID:3012
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1032 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef99b3cb8,0x7ffef99b3cc8,0x7ffef99b3cd82⤵PID:3324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:22⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:82⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2340 /prefetch:12⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:4296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:12⤵PID:876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1840 /prefetch:12⤵PID:4448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:12⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2380 /prefetch:12⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:12⤵PID:2820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:3404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5708 /prefetch:82⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5728 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:12⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1240 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:2248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵PID:3408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:12⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:12⤵PID:4600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:12⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:12⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8172 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8288 /prefetch:12⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8068 /prefetch:12⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:12⤵PID:804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:12⤵PID:788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵PID:1880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7856 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8824 /prefetch:12⤵PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9008 /prefetch:12⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9156 /prefetch:12⤵PID:244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:12⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:12⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9208 /prefetch:12⤵PID:3012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:12⤵PID:2084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:1432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:12⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7520 /prefetch:12⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:12⤵PID:4724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1248 /prefetch:12⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8268 /prefetch:12⤵PID:1120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:12⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6164 /prefetch:82⤵PID:492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6968 /prefetch:82⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7124 /prefetch:82⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:6064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7192 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5160
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\Melissa.doc" /o ""2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7384 /prefetch:12⤵PID:5800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8580 /prefetch:82⤵PID:5412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6980 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4580
-
-
C:\Users\Admin\Downloads\WinNuke.98.exe"C:\Users\Admin\Downloads\WinNuke.98.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5164
-
-
C:\Users\Admin\Downloads\WinNuke.98.exe"C:\Users\Admin\Downloads\WinNuke.98.exe"2⤵
- Executes dropped EXE
PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6172 /prefetch:82⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1944,6185620904542977257,3450553494489558634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3868
-
-
C:\Users\Admin\Downloads\WinNuke.98 (1).exe"C:\Users\Admin\Downloads\WinNuke.98 (1).exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5272
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3160
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5048
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E81⤵
- Suspicious use of AdjustPrivilegeToken
PID:4924
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4296
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2860
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2144
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:1204
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
PID:5404
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
- System Location Discovery: System Language Discovery
PID:5440
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5796
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:5872
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5928
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59af507866fb23dace6259791c377531f
SHA15a5914fc48341ac112bfcd71b946fc0b2619f933
SHA2565fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7
-
Filesize
152B
MD58f0b66083aa006108154d5f3e4859bce
SHA1e8534d7dae65b7f9a17f1d6f87dbd02d6861d622
SHA25685ae94c4dfd33ce4cfff444122a847dfad0af1752100bd75c76a6770ebdc745f
SHA5129fb3bb80ef78bf3281cd90413b8ab48f86ae18cd8b36d2cfaa86de8d2301ff5b60875a150af8023e67d2a71b285803aab8265568ba81337cf2cfd9c3c8f6557f
-
Filesize
152B
MD5b0177afa818e013394b36a04cb111278
SHA1dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db
-
Filesize
44KB
MD5ebc921ef5f085311952755cade898abc
SHA1ee12c58f7959f0e1cc2ea932f8e7db4ed394d691
SHA256f6ddb5978e1dcba45cbc0e07aac73b079210597e30012744a1a30d12952da34c
SHA512ac1313819ccb1d1aa6f68bfca1308f4eb96bdf976b4f5c285aebe315d7d37971fcb6fa91ed1a80b746809933d132185376bff159a1531b3d23c40f1746486907
-
Filesize
264KB
MD5f4c0be4217bd1557268991c2ff6194c1
SHA151cd0d76fffb39965651884b05e79b1934b297d1
SHA2562df165009cecf7aa93290ed08eaa09bee89df39efcd4afcfd452fba36293b821
SHA5122f3a2bff4a8e5407be98d2045a124a0614e23c989e3816281f285b13b68c4192bd1961f04bcd5559ae7f1a3d396fb34744588307ee03b66cf297042a47a7b8cc
-
Filesize
1.0MB
MD59d3ff3bed3d44a4bebcb7cdd696ab946
SHA1da05b04e5ee242ae3cffbd9495b37a9de56ad38f
SHA2566c3e9a0b845a1261a005733350f377c319fbaeecae33ca156c7619a1dfb5be20
SHA512698c4be022fc7de2f5b3cbf440dc052ee770bc59f5ce66574097b778a1988f56214c13bcd7a2f2154816c4fcd9c8437682358961745c82206cf4dfcc2a585b7b
-
Filesize
4.0MB
MD5302b03a95b854dd0904a75f1f8800d21
SHA1bd1c71b92c174c346ebafff043914aef4de4dcd3
SHA25619a4ad4f24745f6d88fd96e1f3bf25728ab21bf61e04c04ae1232dbbc4c100f1
SHA51215e221179f56bc2daf5e5a087fa6e599aaa8bf5c23498c1f811666745941c252f0a4bf8c3949d6206daaaad052d9be69574e47f4057b67680fcaa690416a87bc
-
Filesize
4.4MB
MD53cbb17935c95b0bb9760196bba624064
SHA11b13717b2a9ea515076a4823638af7bbe305fdb8
SHA256ae93a4ca3f3a5093d96841ee39b44bb6e59e428a49f5daa55c11376021666687
SHA5124ec9b693520127ab145f4186dc3f889a2913a8e5f29246dc5391f7239907526bb5120270ea4bdb1c8a54900fc2b486d22f3a9018a7bafb62757ca6c0edbede7c
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5d0d660cc5dbd1d6ed04567626eb5979b
SHA127b7e062f9c5b9ac35e12d924708216ba37ccb8d
SHA256d9a9cc679824631267175eaace323381717d39c491d978f91a8bec6d5ec1a36a
SHA512f68f95b95b9602892e18e1fa1eabd812ed8bb8bf89af4af16aadc93d801c4c29a665846749342b3dbef97bef9d9b35e018000f7fb77d39a7614360dffa75be60
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5897d61d3122fff857942d8d1ff8f4661
SHA1ae925862b8307f252110ea506ff0eb343485607d
SHA2563b1a10e2e0681d4ec181dbd5586e1a3e5a2424c11be5007a7cef29bfe38a7f23
SHA51271b1e71407271a78af4863360b58fc5b960c9a431b82c06b687eb3157e730dcb6be41af12e375b5d7a061dfc17f65be3ab77a647374eef0a375c2a205ed05298
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD5543af56f789c844ba5b22253b2a6c0ea
SHA13d694bf03fcc51b421a60d0ec8b11c29ac4f536f
SHA256b27242d8c1cc3308f8c09da238f58e308fbb63b28d7457465f66890b47184967
SHA512c10c7c6bad8793603d96a21d8bf9e8954d83bd898a448788878ae94c7dd0cc82983102aadac967968b7de01d45a3c5e6ad8a02a11d34335d897f49046b3927ca
-
Filesize
319B
MD59c44f57ccefd2df83c6a17e491101030
SHA1ab461ff0f4c1d5b8b05a308aacf107c34e900613
SHA25629bd36582da3e93cc2d8b79bd68a381247d2193bfb22506177a22a4daab32346
SHA512113d8cf2e13bf46240ebd00268cd4e8ecb6df6434ca542c6c49f37f7916d81e446f49a1346479d3ce40599c9b55cb13be39997ab5bb5368e630ce1e84ce686a0
-
Filesize
264KB
MD5aff3e2d7e1c578b1ed6f19663115e599
SHA1ae9bc384c3d6d6304f06a04202e903288cfe0340
SHA2567f1283cdd42745043bb85a11e63823f044feb922319b242738550161746d987b
SHA51267676fb12c2f69ca89362f7be493f3a124a581f48bfe8c61e8adb0130dbaad0726976e78cd8df7359247ca0864b47ed5994165f0fbea056d833567faa9b873c9
-
Filesize
116KB
MD57f720e960c57495f25ee67b076b58f91
SHA1db338531886f21f3b0237018d715c5776a3747a2
SHA256b57d2999f6946979297456d7677675c81289a9fc4f1a08de80d182b80b9bda59
SHA5122b1d28105f35fe3f3cf6cc7c8e7989c54934e8a030571560a8af7ffdb07cf7a275bd565ecdf522439dafa9c7d77fbb1de176a674a68533e34e0baef8f20b2113
-
Filesize
517B
MD59abcf46eb960fbca589ec12a5cb458f1
SHA1786f7ae87a6c15f2b6d75e28abaafb537714e90f
SHA256e907a3d89ff73d622fd188c508b7d6cd3977ecdfd594583777f425a15dd92c5f
SHA512c8f781685973ec174f3f875841fec0af458269b498887b274382d0088e904d2e2787bdd5ae46c16e213c1b0062825d03fd397a2f6f9fc9aac65e4ea81cb5046b
-
Filesize
331B
MD5ad539e6bc01619c5c8e3fae3f929938c
SHA1cae11e47fe81ba67984bf749fcb65e80c764ed8a
SHA256116ffb455178149060c59a9972b0d05d467fa1e51c49e5b789a9e07ec17b723b
SHA512fcff327eb4d6e70389bcf4070acc3fbff61aeb54bb853b2d67b3afff4afc0455ba88d1da5738f13bc780ce76115a2f807cc81aa6015686df8a02399512f363ff
-
Filesize
3KB
MD5f2d0c65bd4028b0e06637304d7734606
SHA1dee10a5716da80adb6db84a5f44f089d6be0dd9f
SHA256e9917de3105bbd2e2a72b017439f849611635435ba48425ed0c0eddf30523e63
SHA5126b4124b7877dcf025260623602636444faab2923432169f599766c3fad53458f5a211e0d0270f6d7a5bef382e6cac936a4a128464740f8610ba29cbf13ee0b55
-
Filesize
3KB
MD5bb33f5bc324c8df35613529677a93626
SHA138ca9140543ce7cf74ae352f6b29eb5de8adf6bf
SHA2563b719d52eefda86cf18a90cc2ef3753e04110a422b9a4e25ca740fe288588c41
SHA51209d6ec88ce0d1f25413563b8cc7cfa6983db9c8549d3b4896433b0932276cf4963c644b0610cc630e5563b5686e426c8c7821a552b80cd84566bfe6df0a726bf
-
Filesize
520B
MD5bb658f6ad4acbab78573131384cb5183
SHA147ac2ba3c9fa737b0b1f268b13d115a6cc4b14c0
SHA256f51c34f99053aaa469dc21a8fee9141a1e6a064e80c440d6cda57defc822dd55
SHA512004a03547b89dd29480ab80219e932a82adbbe2d94673822dfe20de3071887f78e88b585932c8428f43dec1a7dee84043c8f803e3f3e268c592830a7780b13ea
-
Filesize
3KB
MD5ee7f05fd568c6d040cb0d54bc4be1893
SHA11ce7da43d39d35852f32072d6be344f480f07664
SHA2564dea7912ff882a1770fd3702d466327c1956eadab125e3ab3634eaa561c7036a
SHA512c9a71f984c439f48a5e41292ed85cd3de45e556c00c8b73f86abc9f6d0f3fb3066ab5d90e6c1b57b97cb1823904c467137d97bb6bf4ca436106a8c836b00c27e
-
Filesize
3KB
MD5129df38fa3fbc43327a413a05dc68e98
SHA15249907c1471ca8b33c6eaa65c865fcd9898c494
SHA2568cd707dc1bea78c2dd019fce4e45c0433c4abf0c335c019b3cc852d0b56d0b60
SHA512024efe9c60e1bac897f961f377751a97cdf3af60fdfbfcb71fe5a9f4e254f9be93489e62834ade31ec0566195a1aab5bc8fa02580d9096177c097c536fc45e0e
-
Filesize
551B
MD577c432ee116b049dd3f2cafaafa6f59c
SHA1f989704b6fa3f9604d0a480cc3e1b60b7f32e84c
SHA256593296e2d21e74902e764b38200527e5172476b80ccfd49820107969d93a9309
SHA512a8a3ca66fe69d310fb7b1e6c9cd375f52b7ab8c98495b3217cbc4052ad6df16ede1031be470866dfc8671c0bf59bccc007d8e72ccaadc5c8b944de1b0c0a9d93
-
Filesize
3KB
MD5c2b6413d0f315a04db424ca9f0e7f768
SHA151d25a533557f88f24667e5361dbb9b89d336b33
SHA2566de9efdfccef2e2d54ef82bdd6d920299e29987cdba8808604e034d1ce8cb2f0
SHA512c011407e994d2dc9695b380ef6a50663b86a035ef97b8857dc7620966c9871997a14f8fd54b1e21a9403e1277e1c45eea52062b3c8d9ddef5002133bcdc43380
-
Filesize
5KB
MD5ab26ca35018e945613b27eff6e540003
SHA155c45655046637555954a7826cf2c9f57078fb6e
SHA25670d11225e39832c4a45f3cd564b68e4638704c5cad19a9cda1f95b4324705497
SHA5128fca58da22928ae40dc61ac66d144699fa893168ea04e092158c5772a380d0b92249a66565075cba149f51240d5d32a141cb1e3eb6642afef0356f88daf3be8d
-
Filesize
8KB
MD578c4240134eb06253940f5e868cd74d3
SHA1d8cfe99486b463c04ec236f6a6e1dde4c2cd75aa
SHA256df54bb78639a332ee9833a2c34bd1c5502f1d02dbd77f21485dc67ba4fb2c0f0
SHA512bbce84e3c2b055b68abecf9e0ccc92d5f1550f0b435616a559264e8babd97c9ee046ba01fa6723fb148d4fa5ff5809ffc66f4cd181c3aeb98662d0e61810bc27
-
Filesize
8KB
MD5ca6217328383543ed9217847aa1a461c
SHA15ebc67e8b6954ab8c3c88d3af4c433e9eb514898
SHA2561004ef6801fbfdb493a0be14e8725cda0cfc3a26a65bf7447bb83c26e50ff84c
SHA512c067fae257c2f98b26f686bdd333dab113c057d6ac805301380702772118b7df6834b1df026f87835e80aa8a131c268a5d4432d7b2140287625c7a0234b18348
-
Filesize
6KB
MD5cc1f98645ad3f2223cd4a2a45dd29ef8
SHA146396bade00381e45a962cc99335018aca97245e
SHA2564329775e28ffa57c1e766bd455226e5d0df5344292b8e23d3560775ef76f824c
SHA51258c9891d47f54bfe2520b3ad2a609959c98cb09bf7130bcbc9a7d40f2c66a51302e4ff47fed5e25fabb0dcb20425da03a714637b0001c7b4949352001435a69e
-
Filesize
7KB
MD577edad7c68a0d600913b1d63e01c2b8e
SHA11100e93d37759628264e4e1482628046fbd6f2a5
SHA2568baea60276e80c4aec4dba1cbf427a814e6d318db9799f652c2826b65e987401
SHA512c9f6011993f3c44c1c6ba7f1f92235d68eaedb965eecd8a1fb48e3df5b551b3e74642c6cb08c1b70b751be814a3e3c7e009c0a4bac2f07064f062010376f5aa2
-
Filesize
6KB
MD56a8ad11bde4342433c53a53fd3fa0b44
SHA107b1ed895ff698bd12cf8b510e045f8623d06e2a
SHA25614e2e68a8473efe803850791466e921b9ace7c582614d7c201b55228db665f92
SHA5120ad486116e460127006bf0b70c36cf2abf76e3083a8f914ac6c3d0c030c03a47d786e0d683dd731d8b9382f9d5f56719336dfb0ef62210e8d64353f5d75d52da
-
Filesize
5KB
MD583e35497b5b2c8ac24c9985c8af6d30d
SHA1b5f48cb5a42693fcc0ecbdc831565c43fb2350f6
SHA256631814e2f0305e64df7103749ee3933adb92100d17b2c435d0c28b4066ae0e01
SHA512acee15d6d757ba0aba8af97c1840ec39b7d5e025f9b81ff1a819b509a70e2a83ae18e230dbee6aefb4da17ac7e3a7375c78443bda14b2a0e5a5fe9ae54a401fe
-
Filesize
6KB
MD5a8828ca06b62c43a0cacd51ecc0f1253
SHA1980ef583901b1f4c52dd575fc2c601af1bb7e19d
SHA256110f1c0f928c98b19855b6f54cd23cc03eb92f8ba3a7df9181e051c9c80fbb21
SHA5123073aa593152153f021a0e7506346b4becc5aab755368620075e303e4787c81a3ffb602287c24e09a53b5661825b506c9225e69a75458d827d8a0f208fb4e857
-
Filesize
6KB
MD5cd09d17657bc5617b5219e10aa30351f
SHA1784ad08e929e9a3f22372262caed43d11b088f9e
SHA256d47ffc8db3e766b3c9d705dd859eaef77eefcb53e8088892c2971892b066825a
SHA5124acf31e72847fcf16af04175bdb6418f7760f4f9b169d8876498e09bfe2acafdc7a450b829e0a3c4528a8e66add128838a4246648771a1b574b740439e757a7e
-
Filesize
6KB
MD5f785b2445a896fa8495eb48aa6483347
SHA1958e2399eee031dc41ff2ae97b75f9ea07c6ceea
SHA25686b8325b5a5986cb6cbc8f98a521d9531d8013eeebf1c5b70682bdd5d84276fc
SHA51283b7bf1b215f29c73a166d64ae1d2bf4f2b5bcef798c34cb92d39bea6f50d2f093e35a9149eccb63e99b31880b495f7f3c21f6bcecd94c2cb564f3c98ab0537b
-
Filesize
6KB
MD59e4475c15b1b8614ab95d15dca35c48b
SHA1734b7e613f09ba4aee8ad6472ec1f809a6e2b153
SHA2561a7d1fa1f40ce706f94679c930f8c04ac36207e52ed38fbff3c763687cec12bd
SHA51260198eb36ec9d6e6740c9da22c391a17667163e6236bef5dda777a1b2bcd80fb68abe1009c86c8dde7e7f75eaddc59b50423f72c5c3fd6ca9ebd1d9312fa38ca
-
Filesize
8KB
MD57fe085551b556af2479df9e5822a5fa2
SHA1fec93637ecaba1b6d37fd1c2c46a17263d2e6d5e
SHA256e1d9c3f1c042104ed60027a11d2aa09f38599fdc820bf1082ca12333f9e1c350
SHA5120f73bd0acce7b4cbf6d397df375324f8e2186edfd3aafd92fe35b59123111e3ddd585693018bd5f36eff14a52797dc5e5b49416fa7b12b279e306db8da7c3fb4
-
Filesize
36KB
MD5bb4859a0f3adff6d2174f40b87a163c3
SHA14a2972368a7bbd8e259173db50067a0203b64f67
SHA256738a37f205f4265018af94e35f6a1567ced73a60ecf1f107af059d1aeb967430
SHA512f3859d2062f8d0a034854c8d7cc97c866325f4a259c10a841e04a5f7a56b24c11bc7d57c620950d839e5012bb078a1862d84fc4cddd840a62f09712484169ab4
-
Filesize
25KB
MD552db6a7c78aaca035819e3986109bcb8
SHA1ab1ab4e08d7cf7cc18c734b4aa23090ae175f916
SHA256ac0a553b2d3d7b844edef71ab9e81960b9f3e1963c625694662797f0174ddace
SHA512b034c22290858c3e370df04fceb34abd6df5dd730ddc0448ab6b3134ccf77278ebfdcf949fab511ce057fbc9151af814896aea92f905a3f7bd46d4c1f8cf19bd
-
Filesize
137B
MD5a62d3a19ae8455b16223d3ead5300936
SHA1c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f
-
Filesize
319B
MD5b166bcd660dafe4496356257d49184b9
SHA1e3c8388e8dcc67ef2cd88081fd87c416edf2c6a5
SHA25679f50846f5de08c8ddc5683a653df5703c0676b7253c9de8c573a33679e7a514
SHA512d8b6a29ae3c5b7463fdd825171ef9178803b8ad939e7a88d0f455880610f4adc7df3a8a92f8539a67c9ce44156450bbdb83a44c8aa944c0e85bdcc9eb2e53c36
-
Filesize
7KB
MD57e455931f03bd8da1580221a29a697a2
SHA1f5081b2ec57a1c53df81263319c1990c3eaa60a6
SHA25629b7dc9069ba72060908b9ede92e45c3672136dd08b47d030a547982e48a90c0
SHA512f01952e02164cdad372cd0a57a85f4102dbfa1697de6cdb4761d68f19d05e39520e1e20275848fe6cc6ecdb83892912e988be16bcfab4e8693054cb51aef5175
-
Filesize
5KB
MD564dfdb2a52453de49470373ddd5d3e73
SHA167cdbafb596fcf660d27323ba5fce4e5160d06e1
SHA256fb3f2614eb4c4e3ded15ac90d81d5f43c60a4472b25dccabde75cf1c4240cfab
SHA512addfaafea4f46d768fe86e7570f5c29a2de85edcefe0dc145723d337847751ce0754b65fdfd3edc0d2321c95b0c44e3fb9d06fd16f05835a818dc2b28b25b9f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD5b71d9e4a375e0cc1adfc02d5940dfcf6
SHA165c2f811981e5bcb9cd393e2ee00dd75beea5d5d
SHA2564410d2eb6b12b53336feecc769b451275ad71eb9ce86439a860f682e42400695
SHA5128b1af14a80d3f184c43f8f7064d515e21b9ce6e8ca12f1d71f77529f8cb867ef8c96b9cc8cd649e3fed2bce4f15db6c2992760e50c552c4b651ccc97aa1fbd24
-
Filesize
347B
MD554d00ff9bfdadd1822b35e3bbbf4cfdf
SHA19a3076944593b228e353fda79d5a1fc8e5f2db4b
SHA2564c64dbf8031c5bc0a110b90ed568f70c954249c659597996785a569c448a9c2b
SHA51285f52cef252461af61e31e3fce198a294ecb87b2abfb08ec08cfc93f5970c32b74fbc271ac5435a93df57b778409c8001d0fa936959bc3be30a1b58435233075
-
Filesize
323B
MD5c22ca28697a59855a4d837ab29dc7b8d
SHA1526d7fd7e6dea13b62764b363ac0621c6e547e0d
SHA256fce3ceadb18e89844938616f999cf5f8f67350f47ec7f6674cda8d49afe0746d
SHA512d0bd5ea2885eee326a99037499ba66baa1f33de5178bd2cb292ff4c108f54334722961098f30dadd90ed6b4136a368257f69ae36179bb07136e4b39a03ad4134
-
Filesize
20KB
MD563b58f9ae39afb58fa75fd908711f3e3
SHA147d5062de5e667dc7a4a20c2cea91a10b12e78e1
SHA256ddad97bcd70935d2dd3c00c0e2d232acecee035f1b9a7093eaa6b75cc9e9a0c5
SHA512368b004e49e3d8123079b35713f785fe52a4fbff8e4c1940dd3b6828723b236dace311e311af22629002ab752d1332302a9bdc965cb2bba189b52cd7e49934ed
-
Filesize
704B
MD5d1defd395a2144bae90f08bf0aa09c57
SHA14bcfcdfa4f275a53b7c4bf67e5264d11c535e385
SHA2567718ee60ab947a71c32c9de3951380df30dde6a02434a38acb8682dbca04ea39
SHA512898f6ea0f2a33ad27c357b86bec8dbf3f32da9b004c20df4ed346fb4b39e7a79e9846f85e3319301cb486c7ac2c1e3b7f58356ec1c07d603ea2902dc964ed9cd
-
Filesize
536B
MD588bf0f04071eba7b1a2a2aab3a661f50
SHA1dbeb6d79e895dec5745c63554d07e4697ebc648f
SHA25695678eb7317eea39c14cb81a6feb7ad0e4ac3aefcdb0f502be43cab423d16d14
SHA51255347e4b113a81e416e138f4a19b88b2fad7284ba6d404b687694e551d0401aabce873946fd3ac6060bd4f5b3afd9b2d9730ae7be5a2fef33047317fa6fde10e
-
Filesize
128KB
MD523a24f76ab84b8ef51ff138e22a01a10
SHA1e31aaf2a1eed8cf70bc61bc6c31cdcc0db65588c
SHA256f08b1294546c132be11ce47281308e1db40b0fa85d6585112ae4abea56f8dddf
SHA5122aacbe6db665a2fd998d17bd59ce24f5ef7f2ab5f58e629959178af3c38f38e9db7ed3bdeb05cb07e4b70d58523bb66ec8ea3640a8195aca3e0301c2f0b0dc2f
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16KB
MD59a8e0fb6cf4941534771c38bb54a76be
SHA192d45ac2cc921f6733e68b454dc171426ec43c1c
SHA2569ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be
SHA51212ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae
-
Filesize
44KB
MD51b8647984cf1d8070021e8055b9b057b
SHA1729eedc1454a3a68aad7b76f928d1cc8d95096ce
SHA256c6c92ae6427e1a4fd494a07831163d24a466a41fda56ef22a4e781429f158bf8
SHA5122c70558834cfd9eeb35115a63abeff95f5d7e95ee486b14011ad3032eb37834188b137912a40c209f084d0aae9fd24acfd8c538869ae8248a88ebbdeb73afcda
-
Filesize
19B
MD50407b455f23e3655661ba46a574cfca4
SHA1855cb7cc8eac30458b4207614d046cb09ee3a591
SHA256ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
SHA5123020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939
-
Filesize
319B
MD57f02281407acb14d89baf202647de6d5
SHA18383dbf7229f721e8169b02b170e228455f19773
SHA256e3a51da0293ae04742d6ae836f53c35ee52e173e1f3b7c679bc171c830d7398a
SHA512fc99cdfb8eb95be1152d18a6bd6f9b317755086b18d0ef4cb7039c7eae2488cedc74c98cb80bdd9f7ca1769f6c9f5889fd2280c6aa4aa4ecb2459d754d01540e
-
Filesize
318B
MD5ff170da957e5075c03f4039d74898863
SHA1a03548cb77d860ce466403ba5522365c1e55c52b
SHA256c544f63254c7b2cfd632c82edf38bc4f1826d1288798bdb2c2b4bfc7e3e01c39
SHA51258e6de59354bfa18b9dc95064c3ee593a929db3c3e7e1bd0394399eea27b06531f631c05a0296600712accfb185feb1188f24e8ffb7f474cc53009934579ac42
-
Filesize
337B
MD56631103c8e5afa527de6605c1212a58e
SHA1e50c8d9b5f6fe0febfb6be9cdf5cbe222b1920c7
SHA256e10c9f2f8e1e88644b87361caad023ad51cd4690b65ee2255948d66b8106b043
SHA51296a909aaafd3783437ec4d94fb107f3e80802613940bd6eb6517e3c232ec45f6ca6ee1d5c6f2e9a9d8e3c31cb81d488711be35296e0a89d37514512f8b5e42b8
-
Filesize
44KB
MD5ef653ce2d2ee0afaa3b208ac2416fefc
SHA1a0f194473f3eb338b5eaf7a1c8fd00fe259f3cdd
SHA256995dcbebd352958266915e24734196fb7c5a0ea8a5f3ad3614aea866511a3604
SHA5128181a82a41e7bfd30fdaa6ef96cd107f3582f1eab63886e74490fc3108d8f7bd83ce3ad633842da808b07fe4486978f10fabce04f59a668a82cedc49243a2a58
-
Filesize
264KB
MD58557fdf86e3d3adc7f2658a74ffc0e1d
SHA1db03a20d512149b88519d77a381a342c9e342962
SHA2564c218c2e28c51592c43fc28ac2bf083f051a3efcecf0c84159154d6adea30936
SHA51293fca5c23deaea56eca35a1d84acce8cf7ab3135a3aba8a106bf71f69c13bf1e01a1d49ecef1611c86c02c5926f0f806c6b83ab377dc4187f0f9bc2217667b39
-
Filesize
4.0MB
MD511c0b2f3ca51ade4f483b80ab4d2380a
SHA1819c59b5027b47f1544629540653a8114e2203b9
SHA25665e7aff959333004de6c886c9806772bc7cc3fc04e09c95b3cbfd97b171522bd
SHA512bfe9d744380545cfb3e11e2da0d27ad8873ec158eb5da5793742f7bd14b5aedf679a6dce47d4f9ae50a2f2cfc179374faa153f18b76fbd0c9c0d3f3ee0591d03
-
Filesize
20KB
MD5ef9588ca82f853399e5968af99985e74
SHA180d9df4f75c3e789ddf10584d9ff9de2b6154cb0
SHA2569d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5
SHA512a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\23435fa4-d138-4f69-bef5-b29fd9cbbf62.tmp
Filesize25KB
MD5b111ff358a44a28794371b2498bb156d
SHA12354d2c3c36a8585285f853a4f5ccf6db64dddb5
SHA25615185947860da2db209c4af9fb99ca35fe8005e9a38bd4ad73854de0b2027aba
SHA51208c4ebc10ce7cbeba52911b6b660d35d824057d8866b8ecbf5b055e2431e0c0024be1817861e110ef40a4990036e0348263ee9e215797fbd334e32c3dc198292
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
1KB
MD58a159cc2bb7489e5c19c3d0843f4aa05
SHA16b3358b0e042083aec23f452646ed2374de3316c
SHA256f46a0a7959e01cb35839e00a63a5cf7fc19c34b7dd2ebca3e173d540405fcd35
SHA512aa3dd878f1bf985cf3f22759ef39476848e82a2e7c937664dfaa05f9cfcc84791c1ac15b062b08dc227ee53d0d45125b150b1a5e1f1c9fb364a8b44c27ef6236
-
Filesize
2KB
MD59be0de1fcf61d92c6e9c42441fce6d2a
SHA15bc7c79d052f12e8573e6689b42f6f8fc7e0401c
SHA256090521a64ec977931f67844dd6e7204e044dd640a42022e9a909cb95fc2ef7cb
SHA5128d4c0473be5b235d67b9a70a93e1ad8c641b84d0435f79ea3d93d6180418cd9189614f87898bf2e19026d468de0fe152fbb2d81fdbbddfe5ecf2b48e06f311a8
-
Filesize
2KB
MD5099272497da728249e80253868d26236
SHA15839f496bada4619c0022b3d334f240a68f52983
SHA2564a7a08f0d02161105c3de62f0f08b0282af4ed15535ab729b9798075ecd95296
SHA512b7de40dcc5fd4568ab1deeb27292eabcb9cc3b44d3f9c842e723c33dac0c91f4362dff71b486bf1f5c38e3cd106c39220352d82d64915229fdc3a73e3a5739a4
-
Filesize
2KB
MD598fe51c4f13d90a1443f7479d2dce464
SHA16ff4a6efae0b58f684209db28caff78804417599
SHA25698a432468d35f285aa2365026cf73afc1cb095daa8c901e6ad78ec6b6c7284ca
SHA51207ca1b1898f8df685f35fdd6dabc09bfc5a81536b219e7c94b3a6737b9f4f6b16f7fb6658b5e5fea2a40d1b602b5bfbaad6dc2a71ff674f9b534202b5336d77d
-
Filesize
2KB
MD580769872c02a736cb3352333ce6cab2e
SHA16f8e606f5723cc5832e81dd9ec944260f6fa5d2a
SHA2566f14b0ba9a69e1535100083bfe9330c4f29502cc859f395665cd93b800b0ffcb
SHA5127ef341ae056fd07caac5baf53c9d1906cfa45754ac104ae703fba8fe2ec7319c25da59aaaeb036edde617187d77e9c3795efe5b4b7859a783ef514cd24bab8e9
-
Filesize
2KB
MD518c0606e79d463a07865514f82c09469
SHA16fec20d07d70fe2e69828b70662d273fd9bfe2f7
SHA256ebb0d304238bd0e4f248f1604f0a6f844f2bf93803940425db52642efbcfba0d
SHA5128879eb4da43a92c022ef265f4ca37e43aa8ed4c4ccc5636039dbb16bbd0745a66412d04b69fcba05a51c7ff8880f26b25a05219dedd0061e9776d01c6fa04a37
-
Filesize
2KB
MD571ffc31f565c3790c9243b2cd9d6df57
SHA119aedd2554713daf8069b6568b561085b3299315
SHA256f50abc65d004a9e72da481da1fe72a7aba8c5c4a843aa7109cd85904c3139b8e
SHA512359294b3ba3c8c187e015ae042ce8dfe4a205d1c25b100d38c19240435f132683fa861ebcfb296711b8143314a952a1307e889e69a14af84a495c03bfecc0be8
-
Filesize
1KB
MD50bec0f5e86c247dfc619a5ee07098a4c
SHA13e6eab9b27a831dc55e3bdcd3ee4bc6c18b031eb
SHA256489c9737286c576b9cf3fc3233edc72e88fecb6394c537480590c08be2bdd055
SHA512fb86602f8b5b5f5154518edbd503b4d0896abf91aab84e1869cdb4f2e56d21a04a0c16c3bf72cfba0f02e2045c449c98c31ed2be01de1c096872d9a3ee9146ba
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
10KB
MD5009d3ac3afd34ec96453f4075f0a6938
SHA132c7c80fcfcb7183e816cba14527ba64f3198b80
SHA2562cb720597c63957eebc79e005e1abea8931e72ca700d9ddc8f935b5dd306f6df
SHA5128c9947303603783dbc765f1de367b4f3b3ce09ba23938f2c3b46ca969e5803e7a7f95d10e38b2a7eea9beed6dcfdf1ee2e94f2961e7a4eff3b27ed518af52fee
-
Filesize
11KB
MD562cc91ffd6d0fdb326ec6baa6dc00de6
SHA1775d6bc9f5b22a296731180fdbe7d5ad1b61f8e1
SHA256f1ef4fd8da21fa415e9c9041b597d060b8898d9a3699919353d90f0f697b9111
SHA51227161c502c36661a00115cd10162fb8da14f85dcb525414dfc46a5265970c08792087c5b81b4fe2dde784c8631d1ad35677c36c0b2641a58c83040e31a790772
-
Filesize
11KB
MD5de76909e1b027972661b5a12783177a5
SHA1494fb3e3eada8095db7dc6e124923fd4d79241f2
SHA2560c5a257131d374f70e61435c9d4bf77f62a14e97a5926a7f618accc621d4766e
SHA51219c2b961aa1d165cb47d679b233242e4fa8baa37078691af56a12d7534cfb0793233828394c861987eda302198c4f16565c61edbf2d8ec18b78c963ee2399dc8
-
Filesize
11KB
MD53b6ce965703dc9cda4d9520dde7ed841
SHA1665a30f63e96e1d974555de4344f3f28a4ccdc60
SHA256d323b2555f8a1067d7c8d01fa82e17b901682e7502123bb468ed1baae558a5f4
SHA5125438b2915542801601b93fadc9eac1128548ec8b266546e6891af2ad7e1be8ba046936d48a7dfa36dc813cbf788eb3a252db22aa43cecc34218f77ca8d8c0e26
-
Filesize
10KB
MD5840ef7dda478fdeb939fdb98b14e4da8
SHA111ecda5f8b9cd9cdf0e27d7164038f37a23606d6
SHA2567d0ed7a095c8812347c57ee683f94c54f75ada17af233f2e3b3960f8fa5cc02e
SHA5120bbb4d2fedd1bfd075c504535672d40683958664cb054585041fc78ff485b48157a64d93b876dee3208abb6dfe09a4c8b25cb63942a9a197f7d3d35c78a13695
-
Filesize
11KB
MD5c0c9da6c3348376f71edad687a4616b3
SHA1266bad70bb4a22c9daf0748d26996c75208e8566
SHA2566c23a2ef5e4627489e14542b715805e205dd56877dcd1e096e383a6b069795a9
SHA512c9ce8d3912f105b968676bd233b01a511843fd138e30921ccd87a18d40121a1ad49e9e5931d4d343b2481f0f736f9bb0fccfe9c3a398fdbc9c20d995b8637e06
-
Filesize
264KB
MD587d8ff4758b8418068fbc0edfa3fcd6f
SHA1e807f4d0ea77b546fb8113c8c0dc397621b61c25
SHA256c470a79ae6cd206a75929eed6e67b25e49ac734937ab5fb482b0c8855c823876
SHA512f11dd56a3e36299a23e720a9d0432cb78d558f5d8a8370a8d0c1ce62681e83fcb912b92c2b9add0c95ed7802088084eb21124f265c8f7c05d048733cfdc2260e
-
Filesize
4B
MD536c64307fb26920b8e7b0f511bc84673
SHA1ad1ce0398e2cd452a5ac5f76cc261c24a26a6a64
SHA2567196f6b0af3825f0b5a56a41b78db8f1ad20c6eb92570cd04040154406407ffd
SHA51224271d886df8f33ea25869ca624079d7df185c70794572dd4cc47b5d4d17081f9ff5b552428ebc7d69d3fdf0ab9872f28ebd190776df7b389aed026079ac24aa
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD510b3e6029bd3f6a7aa99e45f20f8a2bc
SHA1d66b64a66cef494ad245a641819920e8eaa14daf
SHA2564c6b6384e84e913c1a9438f427a989579712b102ee876ed862d808190f3f31ba
SHA512d26980ede9b75952d1348fad852f54fdd5acaa7cb2ccd4a8038c55e1d11bee672bf748f349c06c8ccb5e60cc2c38283c68906b914aeb931c852afc50184db3b0
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD530f9f69bd4cb3ca8ed4af465e6bf3b72
SHA11f7bf3625d683c1af38485d1eb39152949648749
SHA256fbb114871abc3901711a5f204cb370f1cc1602ad89fa0c8155288ec72e4eaf36
SHA512ae96746716d0b47912c191ca52db48ee40aca9591444c1f0ffbc913346be1fff1e9f71c6e66cb4c175fd308e04a504367dd56bf84920f94c65142cd8508258c2
-
Filesize
404B
MD55ce77be7d4418612eff99e225d22cebe
SHA1c82881ab39f996eda219364fcd964e5fddaca73c
SHA2568059ecfac6db31c8f1e46939c6eb8a34afef8791d5df8c071be4780f8f52f826
SHA512525a0da90669044d59a2cdea97ae4571c2b199d85585f79cbffaf1cb79e09bae1012b5cee3f44e582fa551ef590c81cd63d6c574624993dbe3da9cb2dcee6f24
-
Filesize
31KB
MD57dd9e709505aee29d4928841e34fe690
SHA115c69bc99406e8db1a54520e6ae76a626d60f3c7
SHA256417fc8d73ea907fd5239369b85c05badd27ebbc268523a185c7757001b5e61ca
SHA51286ba4045844eb6a95797b9b4d250d668d1f62192cca9e6d8a9da3fdf5094e2567b2d5c228c5d5e613825430855dd58ab1f7f01beb6f3006a2bc3b4f80dc86924
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD56c89d2ae1aa1ad279c7497f6a27162c4
SHA179bd237c5d26e233f78be1ee2426913219fe6f86
SHA2565ec536bc9fb04ec2064e8f337d559e5bc3946bf0cc5c5a236afc990dbac5577b
SHA512bfc023ff664af2da466b0d4c0234144034d00fcf9a93ab5a276e8a219f6db7a46d2377557742c9934c237d9e53aff2d607b3b3db0a5e8f1709ae98bdbfcbc552
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize4KB
MD580607fb2d524505361ddfacfce435111
SHA18ab282190340e326240ac2a98e477cb4d9a1511c
SHA25615c17510bfb9d9efec8f81e9aaae7b9591b7c36c067d16354fd19f7bf2661d83
SHA512d778c41a4d071671a6ebb75557c4e124792aeae315729f3f277aa786718676d2a2c4a01a8af647324319c72846b41885f696024c8f0778a598619013a35366ff
-
Filesize
7B
MD54047530ecbc0170039e76fe1657bdb01
SHA132db7d5e662ebccdd1d71de285f907e3a1c68ac5
SHA25682254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750
SHA5128f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e
-
Filesize
2KB
MD5a56d479405b23976f162f3a4a74e48aa
SHA1f4f433b3f56315e1d469148bdfd835469526262f
SHA25617d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23
SHA512f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a
-
Filesize
50B
MD5dce5191790621b5e424478ca69c47f55
SHA1ae356a67d337afa5933e3e679e84854deeace048
SHA25686a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8
SHA512a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641
-
Filesize
32KB
MD5eb9324121994e5e41f1738b5af8944b1
SHA1aa63c521b64602fa9c3a73dadd412fdaf181b690
SHA2562f1f93ede80502d153e301baf9b7f68e7c7a9344cfa90cfae396aac17e81ce5a
SHA5127f7a702ddec8d94cb2177b4736d94ec53e575be3dd2d610410cb3154ba9ad2936c98e0e72ed7ab5ebbcbe0329be0d9b20a3bcd84670a6d1c8d7e0a9a3056edd2