darkcomet | 16b23e2f1893ebfd6d98d5ba8f6ff45d143a8b5fa0672fadaf0e44be72b359b4

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16/10/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Size

5.2MB
MD5

4ad69c1a5f6459baf6fb722edf533f49
SHA1

f47f0c62826013d8506700ec7c5c2a5f3dff6bc0
SHA256

16b23e2f1893ebfd6d98d5ba8f6ff45d143a8b5fa0672fadaf0e44be72b359b4
SHA512

0d91fc35dd06a457543f9163231ef39f6913052641a35e21d8f8e234705277f1ab3fd30072fbd2b880eff8f1548455d09fe6c8c4d84f9bb92424fdf3ec6724a9
SSDEEP

49152:6QDgok303Zzl6QOy94YaJuFXkTIlrZ0ISiRctgVf0d2ZKwr7cUxEUotoKVbmqSEq:6QU/sZzNqNM+IbBcfdHVbY

Score

10^/10

darkcomet adminastor discovery evasion persistence rat trojan

Malware Config

Extracted

Family

darkcomet

Botnet

Adminastor

psshackteam.duckdns.org:1604

192.168.1.21:1604

Mutex

DC_MUTEX-XQZH4JA

Attributes

InstallPath
MSDCSC\msdcsc.exe
gencode
FxgyqdzTfgm7
install
true
offline_keylogger
true
persistence
true
reg_key
MicroUpdate

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\UserInit = "C:\\Windows\\system32\\userinit.exe,C:\\Windows\\system32\\MSDCSC\\msdcsc.exe"	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe

Modifies firewall policy service 3 TTPs 6 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "0"	msdcsc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0"	iexplore.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications = "0"	iexplore.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	msdcsc.exe
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall = "0"	msdcsc.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe

Deletes itself 1 IoCs

pid	Process
4500	notepad.exe

Executes dropped EXE 2 IoCs

pid	Process
2304	WIFIGUARD.EXE
3504	msdcsc.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\msdcsc.exe"	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\msdcsc.exe"	msdcsc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroUpdate = "C:\\Windows\\system32\\MSDCSC\\msdcsc.exe"	iexplore.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\MSDCSC\msdcsc.exe	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\msdcsc.exe	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
File opened for modification	C:\Windows\SysWOW64\MSDCSC\	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3504 set thread context of 3556	3504	msdcsc.exe	90

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msdcsc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iexplore.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4344	msedge.exe
4344	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
3544	identity_helper.exe
3544	identity_helper.exe
6496	msedge.exe
6496	msedge.exe
6496	msedge.exe
6496	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3556	iexplore.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 47 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeSecurityPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeTakeOwnershipPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeLoadDriverPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeSystemProfilePrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeSystemtimePrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeProfSingleProcessPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeCreatePagefilePrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeBackupPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeRestorePrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeShutdownPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeDebugPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeSystemEnvironmentPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeChangeNotifyPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeRemoteShutdownPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeUndockPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeManageVolumePrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeImpersonatePrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeCreateGlobalPrivilege	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: 33	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: 34	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: 35	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: 36	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
Token: SeIncreaseQuotaPrivilege	3504	msdcsc.exe
Token: SeSecurityPrivilege	3504	msdcsc.exe
Token: SeTakeOwnershipPrivilege	3504	msdcsc.exe
Token: SeLoadDriverPrivilege	3504	msdcsc.exe
Token: SeSystemProfilePrivilege	3504	msdcsc.exe
Token: SeSystemtimePrivilege	3504	msdcsc.exe
Token: SeProfSingleProcessPrivilege	3504	msdcsc.exe
Token: SeIncBasePriorityPrivilege	3504	msdcsc.exe
Token: SeCreatePagefilePrivilege	3504	msdcsc.exe
Token: SeBackupPrivilege	3504	msdcsc.exe
Token: SeRestorePrivilege	3504	msdcsc.exe
Token: SeShutdownPrivilege	3504	msdcsc.exe
Token: SeDebugPrivilege	3504	msdcsc.exe
Token: SeSystemEnvironmentPrivilege	3504	msdcsc.exe
Token: SeChangeNotifyPrivilege	3504	msdcsc.exe
Token: SeRemoteShutdownPrivilege	3504	msdcsc.exe
Token: SeUndockPrivilege	3504	msdcsc.exe
Token: SeManageVolumePrivilege	3504	msdcsc.exe
Token: SeImpersonatePrivilege	3504	msdcsc.exe
Token: SeCreateGlobalPrivilege	3504	msdcsc.exe
Token: 33	3504	msdcsc.exe
Token: 34	3504	msdcsc.exe
Token: 35	3504	msdcsc.exe
Token: 36	3504	msdcsc.exe
Token: SeIncreaseQuotaPrivilege	3556	iexplore.exe
Token: SeSecurityPrivilege	3556	iexplore.exe
Token: SeTakeOwnershipPrivilege	3556	iexplore.exe
Token: SeLoadDriverPrivilege	3556	iexplore.exe
Token: SeSystemProfilePrivilege	3556	iexplore.exe
Token: SeSystemtimePrivilege	3556	iexplore.exe
Token: SeProfSingleProcessPrivilege	3556	iexplore.exe
Token: SeIncBasePriorityPrivilege	3556	iexplore.exe
Token: SeCreatePagefilePrivilege	3556	iexplore.exe
Token: SeBackupPrivilege	3556	iexplore.exe
Token: SeRestorePrivilege	3556	iexplore.exe
Token: SeShutdownPrivilege	3556	iexplore.exe
Token: SeDebugPrivilege	3556	iexplore.exe
Token: SeSystemEnvironmentPrivilege	3556	iexplore.exe
Token: SeChangeNotifyPrivilege	3556	iexplore.exe
Token: SeRemoteShutdownPrivilege	3556	iexplore.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe
1148	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3556	iexplore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3292 wrote to memory of 2304	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	87
PID 3292 wrote to memory of 2304	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	87
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 4500	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	88
PID 3292 wrote to memory of 3504	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	89
PID 3292 wrote to memory of 3504	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	89
PID 3292 wrote to memory of 3504	3292	4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe	89
PID 3504 wrote to memory of 3556	3504	msdcsc.exe	90
PID 3504 wrote to memory of 3556	3504	msdcsc.exe	90
PID 3504 wrote to memory of 3556	3504	msdcsc.exe	90
PID 3504 wrote to memory of 3556	3504	msdcsc.exe	90
PID 3504 wrote to memory of 3556	3504	msdcsc.exe	90
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 3556 wrote to memory of 2524	3556	iexplore.exe	91
PID 2304 wrote to memory of 1148	2304	WIFIGUARD.EXE	103
PID 2304 wrote to memory of 1148	2304	WIFIGUARD.EXE	103
PID 1148 wrote to memory of 2196	1148	msedge.exe	104
PID 1148 wrote to memory of 2196	1148	msedge.exe	104
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105
PID 1148 wrote to memory of 1356	1148	msedge.exe	105

C:\Users\Admin\AppData\Local\Temp\4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4ad69c1a5f6459baf6fb722edf533f49_JaffaCakes118.exe"
1⤵
- Modifies WinLogon for persistence
- Checks computer location settings
- Adds Run key to start application
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3292
- C:\Users\Admin\AppData\Local\Temp\WIFIGUARD.EXE
  "C:\Users\Admin\AppData\Local\Temp\WIFIGUARD.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:2196
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
      4⤵
      PID:1356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
      4⤵
      PID:1580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
      4⤵
      PID:3408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:3940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
      4⤵
      PID:4352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 /prefetch:8
      4⤵
      PID:3440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
      4⤵
      PID:4892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
      4⤵
      PID:3112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
      4⤵
      PID:2240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
      4⤵
      PID:1732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
      4⤵
      PID:1564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
      4⤵
      PID:4364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
      4⤵
      PID:5148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
      4⤵
      PID:5244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
      4⤵
      PID:5928
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
      4⤵
      PID:6008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
      4⤵
      PID:2136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
      4⤵
      PID:4752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
      4⤵
      PID:5800
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
      4⤵
      PID:6016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
      4⤵
      PID:6032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
      4⤵
      PID:4316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
      4⤵
      PID:1848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
      4⤵
      PID:2176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
      4⤵
      PID:5440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
      4⤵
      PID:2020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
      4⤵
      PID:5876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
      4⤵
      PID:4768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
      4⤵
      PID:3140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
      4⤵
      PID:4048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
      4⤵
      PID:4752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
      4⤵
      PID:1316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
      4⤵
      PID:5448
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
      4⤵
      PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
      4⤵
      PID:6248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7820 /prefetch:1
      4⤵
      PID:6368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
      4⤵
      PID:7148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
      4⤵
      PID:6400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
      4⤵
      PID:6572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
      4⤵
      PID:6968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:1
      4⤵
      PID:6368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:1
      4⤵
      PID:4768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:1
      4⤵
      PID:5192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8516 /prefetch:1
      4⤵
      PID:3792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
      4⤵
      PID:4036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8004 /prefetch:1
      4⤵
      PID:6088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9000 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8812 /prefetch:1
      4⤵
      PID:1536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:1
      4⤵
      PID:6572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:1
      4⤵
      PID:4456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2248,13791748140470650040,2261323809890307437,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9372 /prefetch:1
      4⤵
      PID:1916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:4888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:4892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:4380
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:4700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:5848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:5864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:5132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:5672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:5656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:4368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:4088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:2956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:4312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:1504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:2808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:1828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:5456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:5400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:1332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:6004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:6180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:6196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:7076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:7092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:5524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:6648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:6752
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:6820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:6440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:6460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:1516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:6748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:6388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:2040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:6792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.softperfect.com/products/wifiguard/?from=auto
    3⤵
    PID:1980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff29b846f8,0x7fff29b84708,0x7fff29b84718
      4⤵
      PID:6716
- C:\Windows\SysWOW64\notepad.exe
  notepad
  2⤵
  - Deletes itself
  - System Location Discovery: System Language Discovery
  PID:4500
- C:\Windows\SysWOW64\MSDCSC\msdcsc.exe
  "C:\Windows\system32\MSDCSC\msdcsc.exe"
  2⤵
  - Modifies firewall policy service
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetThreadContext
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:3504
- - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
    3⤵
    - Modifies firewall policy service
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3556
  - - C:\Windows\SysWOW64\notepad.exe
      notepad
      4⤵
      System Location Discovery: System Language Discovery
      PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
40KB

MD5
ad164eda2425f9015b8ddddf0f00aa9e

SHA1
4209419389f5eed0454869d1603594381eb811e0

SHA256
2e072c108f892e4022af122896bc77e82085fdb301f713f7d4497fb869ee7a31

SHA512
223f8a0cff3443ed61fbc424f703b135ebd855b5a03e6c08b587c0c91c4c73a289340fe752a853a7c787e5ca99f8345afc8147e77b60716a8ce2b075a2a6b8f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
187B

MD5
20b12cb2c40591944157c45d7f457c13

SHA1
2c72166af10fdcad8f9b80ec81df279dd20e75e2

SHA256
728158c606b35ca052d44645d7bcc029266fae8d32d92ca38ef3fa874847c8bd

SHA512
7906fa884ba3061c73ffaf80310eb4ea178ad32ea518673c4c88043e2bd6aa190f47b3b11be90e199d398f4b4cf701a408f2b14eff12b85857c9df6f8f2840c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3379e3c2acbc3f8058417b8df551a44a

SHA1
3675bbd523abfa3a9e068812822a229ef1910ded

SHA256
37d1c08f068d7dabd69ccc10902ed418800992bb9676f44336ac0401dc751a94

SHA512
dd91526de344b6cde39e200a24d255f92edb131ee53ececd4a0ee61358135be632aea7dbc16c42565f25deb44025db1f1889e6b67680e51c59385fa69b8b6289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5ca36ff32dca530fc90a430dbeabadc

SHA1
81a2bea6214c85e9cbdc9560ee67b95d2b74ec61

SHA256
a379bd38d593cee769ab759bf67d7b61524d28cd5653d2458106a828c0aa6cb4

SHA512
2e3fe39c3f52b3cf16602540e2c6ba7dade326f5f0da1b9d224b8d3430c79f7bdd3afc1c61977318260ea9cfee995fa83c1772334a6910b6209570c0662bcf26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1674322eb4bc0827148471ff8a7e87e0

SHA1
607a1e27a804574056b4b3785a587ae52492478a

SHA256
60b671a475d4133a8134c572f6477f9e21410e133f0447e747f942222a2e4cbe

SHA512
4abe63f4d8a9441c66d9442f61ea3ce0e3fd79ac059a89195bfc03480750d1c367c78cfc62b3f5fafc029789a15943bf4e6b8b00dfe0559cf816d447c014536c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a7e36d43757877dd6b57842a885812c8

SHA1
a936ee569f85239b7d10ff5d98ceee05f3172fae

SHA256
fa43d80e83c49b6f2e45f9a7b12ba729135f2d15fcef00080bce3946de6aa153

SHA512
a1e8735e933bac05343fe95a895242d6bb9cb98023b66eed8a174f8542fa737c39c31b38567f90debd1d10d4bc36c1a3738bec5d93a7f14dda21aa75c5219db0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc88020aab3d82b8e4c2c51124141ccb

SHA1
c174ce5517d97d1b6caab59d35f89fb6132b6328

SHA256
fb84e9f39ea02d7e77b00fb8d685bf3e633c6c5befd90d5adc54987e3cf356d1

SHA512
2c14ec722ed39ced2d1de78028f2a4bd7215bde3aab80f0f2850213c23e99db2445fc8c206d2001c7beb7234a84fea8bf6ecc01e78f8085cc5136114965db994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e50c720e44e4388e81225747bd41735

SHA1
27ba8735155cd65d7a9aa9b4a7799b23cfd90b02

SHA256
94333f2c0b13423c5a00ac9b5c5f7b3c30ff04ec6766dfbf826f3e39b561234e

SHA512
ca3c656d5c7b6bcf73af5e672f446929ea54e1a7df63e4ee95381379574c7903631c251314a4d15a2e1a7142d771c7790b6096ef06b6ccfbc82b37e06d6c986d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
31ec26b684a72ffec927c14a43e9c7ff

SHA1
9d99dc0d17cc67583364945cc29782f262874fbe

SHA256
1cb5eca3863662a0da528be25e6c07b35bccaf1577b3115e86530ffb7a67fc15

SHA512
73dde2d37a59c993eae39d1fb1d590b25a77a0e944b95c20938ebad49007530814f6e844dac906742dc0da858a812a2d4ec2f905ea8913b4157c0f5fa78bdbc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8546af19dcf1327b2ead02c2c86e8439

SHA1
58dc75c881123b9b2b5310e06292ce6202c770f3

SHA256
bad9ed4be0c2e1f51e2a9344d12137888d698a18a122237296fc572c8b179afb

SHA512
8892cf269851da76e45612c0e5c34cf6585b4e99387b54db19218c88d6934116b509ee9041e67d7ee2739e90bb71681402fbe9818a995c34659af1b08d98e799

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
af71914aa30eba6ae2aaa68adf87d114

SHA1
6e7eaece80af5947aac28cd3f15c26922f2a5c8d

SHA256
19575c716c442c47f97c2f09de402e35482bc1d358a57cb58952b3acc1d439f0

SHA512
30d106e873714a7a1f2c6c2f4207295c27a511a7d5ed9ea924515e482ba4176a1f72c97ca8b2d219583acb2d96d87d2b7cb66c4df56fb8bf268d21c12a9267ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eeddf24a84f6518daec6c50490a9cfc4

SHA1
a8e32f4d32a82eb61977a71b2591dcda0a78163d

SHA256
c68d18a24e54c6a6a13df2428ca662144123832ec7b0c050f811482773c80c4d

SHA512
8481eacb74b500a7f5eb5b81dfb80ce6bd74d9d8a04097af96794e95bafa5c58675d8c33ac7e8f94b688e4ceace897ef4e1a17367d1cc69333444ca8daf6a0cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
512a72c33c8c477b5d599a75cc635d55

SHA1
fa7ccc04284cbc98c3f44f6c463c3a117c2190a8

SHA256
0f6c182571fba7eb3116f6797364f37527687a269882e03b91a15641499beb2a

SHA512
75aa8a83b1cd99ff8568be0b3c1daa6887bf1e5b60e5cd126f6e10adb0d8af2a6e93b9fd3db379741bc1e2e3c72dd03579f27f950cfc44d856f43a2c4d3d9c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
71b6053a6be1545f57c00f96fd1c290d

SHA1
009df513aa9941d7784667227a9df8493578345c

SHA256
0a529471fb79ef4a5a43694eb2b388bc0a015a3ce518d6e8e01bdc57888c8a99

SHA512
8ee318f7716cd38ffb978fe48a01c9830b5dbd6344aff994f7669a70d4cbe7333d6856244c3e6074d084dbf13e4a92a00332e9c4168f43d693b5ac83439b7bfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
965bdbf02cb6894fcd6bd63462761b40

SHA1
1eea1a804c5f6fe38c572e266a19c1e36d7e1432

SHA256
e47af55dbb89e2898fa524a8a79cda250973c0653314f6fdd4a1466134dcb5ec

SHA512
4919f8a94d1ca539369eb338c41081d7d0d1bbc85205311ccc3ea04bcaa0c3d21f78b3545b1d3e20be47b3e9080d8fd4178ffdfd5e42fad448a3e17ce3ed942a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
cfefca01832e03d159d6dc2f92e79942

SHA1
76c899939ecfffc7d8ae9ee7af21f4f68375e045

SHA256
447f14ccfc023ab59db97f89e8a30833606b18d51feb66017c809205174d7d90

SHA512
9a63dd3f47c38e044d1e227d19ed0cb5dfd45769defa7b9963d36b5fb7308e56f4d4ed50761c4d043ef6fbb820d21dc84ba67d9d411b831edf52b63daaead955

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
fe4644ed57f82adf8c92090c2edf7b00

SHA1
8314c45fd8bcf2b00ae7ab3acb174e0424f18b32

SHA256
282d76a524cf483124243060c2882931e4afec07ac19cad923597dab453a5585

SHA512
fb7128ab4e96a92ff85d865d5a54042f6fb169fc0b73c775ca65133eed812584c95c0fc4f8463fc234977bc943387014e653ebb208c9649600c28bfe32ea56eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
aa803d6c732d0936e4a6784eb46ef811

SHA1
95d9cda6e966059a0736331bf9f96c692d26d2b7

SHA256
d67f6878841dc6043ad77cc651483a9475a22b13871ac5a68a7a9ec04ae2ffbe

SHA512
4a928cf7b99da58dc5fdfec05cfa8e48b2a129ce04450f7362233157f78ce6ce7a9551f0a0a060892ecb4217f82235e9a009d6ceff8547941216722c239f4e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
a589552e9cf62687b0b373f2617daa06

SHA1
55a82d3364018b9e810ab8c8642d43736d5fc481

SHA256
61d6e084d8cddeae553cf6226d946b241daf90e5ee5d5a5e22c6743d90ea7b4f

SHA512
2fae60179adaa16d12a633ca537a40a9192bcca9f5d2c75e34220e9db3724bb2548456fbcf9ded494d2693f27dfd1c3cbf8a4b7389207692a987b60fddf75703

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
3aa1d4d47fb139dc9e08314275d6a13f

SHA1
b2ac4539e38167821de77242265115a978f4bf2c

SHA256
ba1ca2312d5be37d746edab50dff50749079ecd5b10e302ed92e711279160a87

SHA512
cf881982a77c690655221c52ee8f26f3916d5fa591453cdc27bc8e06d278d7e830a5325b8d52888a04a13a63a5e4d4ea594360a7ac4bfc15161fa446be489597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
80887488e2c44753cff2be68488a4eda

SHA1
14059b78a20db48664b75a5b2248f5d27ae9e158

SHA256
58cff1853c358e0098a300a1ebf7e0b06e50531cbe5d082337fa911cf73e29d5

SHA512
1ba7c5de82ace55d4b4a086bfc622d4cf926e3cec971b5f9bdf251ffe00c20a6e363ed3f148fb3672ffd64e0d1c796b8ff589f81daea3179d32a3051682fc9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584fff.TMP

Filesize
201B

MD5
cea10b357098c2853e98bb4f9486755d

SHA1
2f16cf2cc39dc671e7916c286ffb8bb32b2349ae

SHA256
6b5acf8d04383e6b525809a63ad0e6e81aa6d6c1d08d7e3076e66bed6bfe6e84

SHA512
1d23667e0f4ab54e03309eb1e88f125a77fb52b608d300d0813b1dbad70687842d4d2d1383e60483b92836b154db05dbbdd9202384f36a93bb483eb435d091ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d61f8bb5553a671dacadd1dfd0b0aec9

SHA1
7a225517d28c4efb2936c3516bb734a33a526619

SHA256
b4b658bc49f219232de09a29dfaedf1cba7851d580ef288249ffbf695d23e8c5

SHA512
ad7ad2b801983c0ae07b33fe204d61864dbb94707c420253b605303f7cd8bbf7eff384d120d130c87664da59b80ee65c21e712b3a4b3a75a5e423fbb788f9773

Download Submit
C:\Users\Admin\AppData\Local\Temp\WIFIGUARD.EXE

Filesize
4.6MB

MD5
2253164fc86c103493550a99bdec3fff

SHA1
334a9e294f1862da6610e592c8c23648f1aef2da

SHA256
13e6f822599155fb327cf673f5aa719d4d58f94f2ba05c76fbaafa70bb759aa9

SHA512
086b73ac1f57e84a1e17be535ae7878cd1e34c0cdde5d4bf79609d73d14775a1585b0d1b176c17143e78be6420de495e87caf3edf8a7ee3bfebc62fe190a02ec

Download Submit
C:\Windows\SysWOW64\MSDCSC\msdcsc.exe

Filesize
5.2MB

MD5
4ad69c1a5f6459baf6fb722edf533f49

SHA1
f47f0c62826013d8506700ec7c5c2a5f3dff6bc0

SHA256
16b23e2f1893ebfd6d98d5ba8f6ff45d143a8b5fa0672fadaf0e44be72b359b4

SHA512
0d91fc35dd06a457543f9163231ef39f6913052641a35e21d8f8e234705277f1ab3fd30072fbd2b880eff8f1548455d09fe6c8c4d84f9bb92424fdf3ec6724a9

Download Submit
memory/2524-81-0x0000000000F80000-0x0000000000F81000-memory.dmp

Filesize
4KB

Download
memory/3292-82-0x0000000000400000-0x0000000000948000-memory.dmp

Filesize
5.3MB

Download
memory/3292-0-0x00000000025D0000-0x00000000025D1000-memory.dmp

Filesize
4KB

Download
memory/3504-80-0x0000000000400000-0x0000000000948000-memory.dmp

Filesize
5.3MB

Download
memory/3556-79-0x0000000000400000-0x0000000000948000-memory.dmp

Filesize
5.3MB

Download
memory/4500-20-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download