Overview
overview
10Static
static
10@_136 @828...SM.exe
windows7-x64
7@_136 @828...SM.exe
windows10-2004-x64
7TrashMalwa...in.exe
windows7-x64
8TrashMalwa...in.exe
windows10-2004-x64
8AdStRkJ.exe
windows7-x64
8AdStRkJ.exe
windows10-2004-x64
8Anatralier.exe
windows7-x64
7Anatralier.exe
windows10-2004-x64
7TrashMalwa...er.exe
windows7-x64
3TrashMalwa...er.exe
windows10-2004-x64
8TrashMalwa...nk.exe
windows7-x64
8TrashMalwa...nk.exe
windows10-2004-x64
8TrashMalwa...oN.bat
windows7-x64
8TrashMalwa...oN.bat
windows10-2004-x64
8TrashMalwa...zz.exe
windows7-x64
6TrashMalwa...zz.exe
windows10-2004-x64
6TrashMalwa...de.exe
windows7-x64
7TrashMalwa...de.exe
windows10-2004-x64
7TrashMalwa...20.exe
windows7-x64
4TrashMalwa...20.exe
windows10-2004-x64
7TrashMalwa...ll.exe
windows7-x64
7TrashMalwa...ll.exe
windows10-2004-x64
7TrashMalwa...le.exe
windows7-x64
8TrashMalwa...le.exe
windows10-2004-x64
8TrashMalwa...oe.bat
windows7-x64
8TrashMalwa...oe.bat
windows10-2004-x64
8TrashMalwa....0.exe
windows7-x64
6TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
8TrashMalwa....0.exe
windows10-2004-x64
7TrashMalwa....0.exe
windows7-x64
7TrashMalwa....0.exe
windows10-2004-x64
7Analysis
-
max time kernel
159s -
max time network
256s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
02-03-2024 20:26
Behavioral task
behavioral1
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
@_136 @828#-138389J-SJFJDSM.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
TrashMalwares-main/AcidRain.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
TrashMalwares-main/AcidRain.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
AdStRkJ.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
AdStRkJ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
Anatralier.exe
Resource
win7-20240215-en
Behavioral task
behavioral8
Sample
Anatralier.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
TrashMalwares-main/Antivirus_Installer.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
TrashMalwares-main/Dro trojan. Virus prank.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
TrashMalwares-main/FaZoN.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
TrashMalwares-main/FaZoN.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
TrashMalwares-main/Fizz.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
TrashMalwares-main/Fizz.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
TrashMalwares-main/Ginxide.exe
Resource
win7-20240221-en
Behavioral task
behavioral18
Sample
TrashMalwares-main/Ginxide.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
TrashMalwares-main/Install Windows20.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win7-20240220-en
Behavioral task
behavioral22
Sample
TrashMalwares-main/MS-RickRoll.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
TrashMalwares-main/MercuryXhoffle.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
TrashMalwares-main/NetPakoe.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
TrashMalwares-main/NetPakoe3.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
TrashMalwares-main/NoEscape8.0.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
TrashMalwares-main/PC shaking v4.0.exe
Resource
win10v2004-20240226-en
General
-
Target
TrashMalwares-main/Antivirus_Installer.exe
-
Size
89KB
-
MD5
70ec6f9bec87d67c435a2b8505a72629
-
SHA1
8dae4c1727c73b3c1135b633e4db69e60ed522f1
-
SHA256
1bfef2733f357e531be53b406b65661893b97a8b18a699b6e65f201dd0eeeae8
-
SHA512
4a164019ae25e21007f2678bdf0e002b2e1eee115ddc4e101a909712d2bbaff3987339b6059c9db69988918296692839c47c49da9ca9ff3310a9e0088ab7d56c
-
SSDEEP
1536:X7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfrwFOO:L7DhdC6kzWypvaQ0FxyNTBfrS
Malware Config
Signatures
-
Downloads MZ/PE file
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 208541.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 24 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4408 msedge.exe 4408 msedge.exe 740 msedge.exe 740 msedge.exe 5580 msedge.exe 5580 msedge.exe 6012 msedge.exe 6012 msedge.exe 5992 msedge.exe 5992 msedge.exe 5976 msedge.exe 5976 msedge.exe 5960 msedge.exe 5960 msedge.exe 6080 msedge.exe 6080 msedge.exe 2244 msedge.exe 2244 msedge.exe 5048 identity_helper.exe 5048 identity_helper.exe 6152 msedge.exe 6152 msedge.exe 6152 msedge.exe 6152 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
Processes:
msedge.exemsedge.exepid process 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 5232 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 5232 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exemsedge.exepid process 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe -
Suspicious use of SendNotifyMessage 48 IoCs
Processes:
msedge.exemsedge.exepid process 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 740 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe 4336 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Antivirus_Installer.execmd.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exedescription pid process target process PID 3372 wrote to memory of 3452 3372 Antivirus_Installer.exe cmd.exe PID 3372 wrote to memory of 3452 3372 Antivirus_Installer.exe cmd.exe PID 3452 wrote to memory of 2284 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 2284 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 1784 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 1784 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 2160 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 2160 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 4336 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 4336 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 3804 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 3804 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 3240 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 3240 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 1384 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 1384 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 4084 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 4084 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 740 3452 cmd.exe msedge.exe PID 3452 wrote to memory of 740 3452 cmd.exe msedge.exe PID 4336 wrote to memory of 2908 4336 msedge.exe msedge.exe PID 4336 wrote to memory of 2908 4336 msedge.exe msedge.exe PID 4084 wrote to memory of 2776 4084 msedge.exe msedge.exe PID 4084 wrote to memory of 2776 4084 msedge.exe msedge.exe PID 740 wrote to memory of 1992 740 msedge.exe msedge.exe PID 740 wrote to memory of 1992 740 msedge.exe msedge.exe PID 2160 wrote to memory of 5036 2160 msedge.exe msedge.exe PID 2160 wrote to memory of 5036 2160 msedge.exe msedge.exe PID 3240 wrote to memory of 2752 3240 msedge.exe msedge.exe PID 3240 wrote to memory of 2752 3240 msedge.exe msedge.exe PID 1384 wrote to memory of 448 1384 msedge.exe msedge.exe PID 1384 wrote to memory of 448 1384 msedge.exe msedge.exe PID 1784 wrote to memory of 2920 1784 msedge.exe msedge.exe PID 1784 wrote to memory of 2920 1784 msedge.exe msedge.exe PID 3804 wrote to memory of 3724 3804 msedge.exe msedge.exe PID 3804 wrote to memory of 3724 3804 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe PID 740 wrote to memory of 2228 740 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Antivirus_Installer.exe"C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Antivirus_Installer.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3372 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\DCCE.tmp\DCCF.tmp\DCD0.bat C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\Antivirus_Installer.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:3452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=oAkRBqxm8tM3⤵PID:2284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff759146f8,0x7fff75914708,0x7fff759147184⤵PID:5540
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=lPySS7mt4eo3⤵
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff759146f8,0x7fff75914708,0x7fff759147184⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3094581865193263331,17048407883914289705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:24⤵PID:6000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3094581865193263331,17048407883914289705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:2244
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://custom-gwent.com/cardsBg/1efae8b0c69810654f16b400426049fd.jpeg3⤵
- Suspicious use of WriteProcessMemory
PID:2160 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff759147184⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7206838472252035411,1182414051228374865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:24⤵PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7206838472252035411,1182414051228374865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:5992
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.protegent360.com/softwares/PAVSetup.exe3⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4336 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff759147184⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:24⤵PID:5436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:5580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:84⤵PID:6304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:14⤵PID:6404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:14⤵PID:6424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:14⤵PID:6940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:14⤵PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:14⤵PID:7068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:14⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3632 /prefetch:84⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:14⤵PID:5320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6536 /prefetch:84⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:14⤵PID:6408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:14⤵PID:7024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:14⤵PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:14⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:14⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7644 /prefetch:84⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7644 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:14⤵PID:3656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:14⤵PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:14⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:14⤵PID:6468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:14⤵PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:14⤵PID:6480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7736 /prefetch:14⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5708 /prefetch:84⤵PID:6624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:14⤵PID:6208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:14⤵PID:5796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7069511233774617223,2428054952094498860,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6324 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
PID:6152
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=ymbw2R3uIqc3⤵
- Suspicious use of WriteProcessMemory
PID:3804 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff759147184⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,13113444218560925127,7190203414713117747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:24⤵PID:5944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,13113444218560925127,7190203414713117747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:6012
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://files.fm/f/hfkwsdkmj3⤵
- Suspicious use of WriteProcessMemory
PID:3240 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff759147184⤵PID:2752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,772615986883967298,10356735890533463369,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:24⤵PID:5952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,772615986883967298,10356735890533463369,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:5960
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://download2389.mediafire.com/xzhsf9dl17ng/9f8fds9s3efg7so/WannaCry+by+Rafael.rar3⤵
- Suspicious use of WriteProcessMemory
PID:1384 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff759147184⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,805125742054450437,10762031736811608025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:24⤵PID:6064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,805125742054450437,10762031736811608025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:6080
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar3⤵
- Suspicious use of WriteProcessMemory
PID:4084 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff759147184⤵PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3254011041425604286,3353583623344606669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:24⤵PID:5968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3254011041425604286,3353583623344606669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:5976
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/959038855737147432/967723261284724796/Setup_File_Pass_1234.rar3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff759146f8,0x7fff75914708,0x7fff759147184⤵PID:1992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:24⤵PID:2228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:84⤵PID:2768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:14⤵PID:2444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:14⤵PID:3372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:14⤵PID:5600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,1131942136845274283,8504092740489053096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:14⤵PID:5612
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6948
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7128
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3628
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x5081⤵
- Suspicious use of AdjustPrivilegeToken
PID:5232
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD536bb45cb1262fcfcab1e3e7960784eaa
SHA1ab0e15841b027632c9e1b0a47d3dec42162fc637
SHA2567c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae
SHA51202c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456
-
Filesize
152B
MD51e3dc6a82a2cb341f7c9feeaf53f466f
SHA1915decb72e1f86e14114f14ac9bfd9ba198fdfce
SHA256a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c
SHA5120a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a
-
Filesize
44KB
MD563bc86f6c3cc14787ff8a9116e61ce96
SHA19ac37467054f19ce291a79ac21e0099d018c23dc
SHA256a340ef5e6a6225531ad4ac2eabb6eaa434bcf0ef6aab77620a8fc19ac27ab80d
SHA5124fbd5410f19803b42d9bff49389ff6a63baba4668bbf7e6ea9f5805655004a5a18c57035475e09c91ee5f07bc1ba57b61a1ed44a3c732c93d0db5eca083a8f1e
-
Filesize
264KB
MD5279457fbbb30ce4ddb3ff96b593e0828
SHA18fadee49ac3fdcc21877c8178113f7f3295fad46
SHA2566a0df2302baf411612dbeddf4d710cb435b917ad4dc43bddd4b0cf174371fa0a
SHA5128990aaae9040841aa4e4179eb22161735a2e7d52000a522630c9bdd50c5b2bd0ac0b95d5ec52d052d9518aa7f74a681c4676d9f662086c6520d336ad3d029219
-
Filesize
22KB
MD57a204d478c8dfe822bf86f9103bbd9b3
SHA17114b36ea1588d9372d730b2ee5dec7a3aee36d1
SHA256d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb
SHA512f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e
-
Filesize
46KB
MD58de2c3401fef13f5c0f8e82a2fb76354
SHA1f208974c5f866e071c838d0407a6a72d2d1ef1e9
SHA2563fa1c740fe39c7ac18b90935c9d64505c77ab4b95256356ffaf9c0cdee5f7643
SHA512ce357e11fbb1ddfd15be9d2534e392799b94af0c2ce614980e3c9124e4267857989662ed2b7e46e0697d0d3ee222e259f66f5a03d0f321152cb5622f5a8bae5b
-
Filesize
212KB
MD5dccf12096bb297369451afc6db16a236
SHA1571bc48377a985f63fc7899142a7224e24aa4c8f
SHA2567715812d50fd87d35cbcb910abad64fcc94360346e7728011c71820c8bc73a54
SHA512d14341f35d251ad4870d686a810feba0c1b802e552c13a050f34af51aa491645d4cad9dc72a8d664a567844d54ff758c09165e41f8cc9c9a03966dbc91efe8c1
-
Filesize
776KB
MD500494c10001e5d3506062fe05b3be14b
SHA1b6863374fbf468a7e7ed8c5c229b6b47e9e158a9
SHA256a474b4dbc3de7f01ae792b12f5950955fc94e31fc77c523d1676590b244c2a65
SHA5129f68ffec822ef1bb4c479ff206d65305dc17b498caa5821c9a9da70111bf457eee594894189fa9ea4e50bba50bac876024d3a82349d35ab42adf523870fbbbde
-
Filesize
1.5MB
MD520c445cbe3e4ce22a27adb4c9e6abc31
SHA120720f5abfd8fc516ba11d5431d7878a99ab0209
SHA256a64877eb7b067cf0a182dd5e7422f44248178a8dc9269334df4284338d08fe10
SHA5122b9270ac5117361553a356e6b2ae133f01d56bce53bb673f81d177eb91e9bed65ce5fd49dea20f6fb6cfee0904a8af18b885a31b7b92af143dec0d9db254ec1e
-
Filesize
31KB
MD5e9fec90d4af8805b11e69a53eb21aca8
SHA1e546322eb933862fa653f20fd4bd38bc6c3375a1
SHA256e3801b7cfce7b9fc9ad44dc8569bb007c4cd934fdb7b4c3fea8c23a79e4775b6
SHA5129ee5f9f118d869b2f7ae5d30903cc081710a7fb2f3912fef3bc178e6ad9bd3556f227fc6db940def5049f855938ebc4e2d4d855afbeac5b1ef2305642f8a7b95
-
Filesize
33KB
MD51862a084867804c6446e31f801a6ca10
SHA19f0addd7e5407ad6adc297d83e71864bf5d234ef
SHA256fddbb692490ae3a98abc3505688261ed1d9de4440367b2b83dfc26237dab2637
SHA512110160df85746bedc1b5c56c9837a0e6850f47b27b18b804077179821932ea5e4317d1e42407304d3b96f9848504f0ca879c02030510f509d6409285aa90d144
-
Filesize
19KB
MD556cf88a250e483d0b17bd6b3a5cf245d
SHA17ee18462db98275a742167c02a7bcb9b9cd9ed56
SHA256287c5696a5e55b44b025c7356abaeaae0859487c581a26ccb5ca02fd6b7fea9a
SHA51223ff85c0e6e4c073fbacea6325663ab4a60f6d5226cfb57bdf8ac05117d01ba4a324650be599d4cb3b3081b31cbcb4ce9555fec6ffacf8376a7269f406b09e00
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5a5d6c1761f943c0545461dc0039380e6
SHA164033d53d8aabed06559ebbebf92299ac6f44d01
SHA2561e8e8444728d86de5966a57ef4742b3497537fde68cc9b2ae3727e6bd26494ce
SHA51209e2c099e4809258b3045064a1cc7c5ae7ff606ed4d39752b12c3e8adb8945ef7786705be52b914a38dc4d577962896ec70a5e177b5cbd62405a625dc5b12ac9
-
Filesize
319B
MD5344322223f0ccbea61c08a44531f4c54
SHA1d06a1eb002f866f7dde8f71c59bddd7f4e0e7457
SHA256c940a6018885a426226df13b481fd6b00c69a1656e53412c0743d5897d5155af
SHA512e9f3d2dafd6d67e9e32e41e3c86023e631e25734cfdd7f37a035d599855071649a582084f54445d9cbc1d28eb667929cfa0123e4b477de9443a5a1cc096fe9b0
-
Filesize
331B
MD5b2b065ca79fdd521c559229ff45fea9b
SHA1fa9678dfe7244f7f641c7acdfc49552bc40bbc29
SHA25629b40f3f708febb5a8bbf7b121471f072267ea1d3c06406986f812201be1608c
SHA512c12f8ee23c11a8143a41aaebc0bd6567d880f2d3aaa862cf8a4edee3c6a259cd1ad4f912816ba59948cdd950cf1c9e17fea86911a238d0e238be60a94609365c
-
Filesize
7KB
MD55033cdbd0ed9622d2570d883b04b4724
SHA174d961b02af77e67d855f8a2deea0bbb6ac16bba
SHA256d9da5fb3912e8bbbc006a2c716b6d51f672374584cba5edb106bd3cc9679518b
SHA51249ad2f61cc6b1d7531050c2234237b6f9b1d2822baf3519977963377447d9f3898f3701f18c11f68ebff836330ee415a5c076eb47c97c3384d881b5a50f9d744
-
Filesize
7KB
MD50e42477e017971631e1a4d1e30220acf
SHA192e8a1ba2d60ace44462a14214f9ca5bd8cf2dc3
SHA2560b78dc0b45f126cea6a5e0dfc1b1c98c9cdbc966a505d3ca00f10ff1db1ad661
SHA512e856fe50792158df4e6fe7abc66b62ebd377666aa31fbba5514457d3c943a177f706dfa58ab9ae71e89aa1adc0a44a57f9446fdd33a792c8799933cbfde6ea56
-
Filesize
8KB
MD5ff877407df56b9eaa5e1f4467f98b577
SHA1a641170824630cdd1aec3c3f7578ecc424ccc197
SHA256447cb613bb78b3d8c0c84de5204211dcf3d8fa130660d947c6bbbbdf02f121fb
SHA512c484dd823c32f5f17753126cd34b0592ca0d4bd3e4bd320af93b8cb9b152e0b52e2fb5ad69455889e1930a18a2d19a343baa6240838389a03adcd4165d463cc6
-
Filesize
10KB
MD5d647b9c29dd523d544c881fc1c716794
SHA1160ce2ccc86bf07797eae9539a7a7891ff453f68
SHA256a6fcc34b62b1c8a6b8bf12e8b1c7473806c4e198c5ffa7aa63f996037afb80ce
SHA512884ad7f53599c97cf6ada99d21f5e64735c68d39c567541f4a909db6ab6fd65acbc19b95c6d6bd6ba165711d8cecf5430a6b52ccb14309c89c4fc2101750743c
-
Filesize
6KB
MD54952d02b0f2608b6a21a49bc6706078e
SHA1b5a30eaabadca9db2b3596e32b1c0757365db5b6
SHA2560d181f741156c97c5ca830e4cd2d58f3398f0ab0641fcb261dc85903634ecd97
SHA512d56dfd91ff17f7d15991a193637889a5ec1f3995baac2bca3198fa87dd2ed760214cf26ec0e58a3103889f096c6a97b198a092578db633a6dcd39e33585d1660
-
Filesize
6KB
MD50ad4ee0141cde3619577aa6284373e4a
SHA13ab357a94fcd0082917967933debe1092c720795
SHA256357eeac43f451f41c9f7bc271567bcc85a197571c3dd60025615a37f7425e25a
SHA51292cbaf0b484dcccae03d44b23200386fdebbb477fd4acfb09f34989efcb369f2510637e1b4dad46b129e196d9722bba2819806f8f3ad578d4d484e62fcf871bf
-
Filesize
9KB
MD5afea75e39305cc3569f99265fcb548ba
SHA1aa0e9ee9bb9ba93a4c2a645b10c2faf1e84dd2e6
SHA256e642ac406facc7a2e6a8bfcc87ee6ec787c80ecf7164e0354a3a025d4e606ba8
SHA512e92d0daaa762b38da49df560d48e7d7a4175d87ea5af136012e8ffe1c6556c585ec17cd4f902ce0d6197d4ede808ab5037d20732893a84a85e8e2406c00acf36
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\06970815-d0fd-4f9a-b1b1-d33b27eabdd7\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e20b7581-2e51-4d25-9e5b-0b6449ed3a8b\index-dir\the-real-index
Filesize2KB
MD588302b60088b2a8929346f3a955117bb
SHA1f361e3c213c3049fdfa2081e7fe8a49b1148169c
SHA2562067635aeadb95277d65c10a5a0f9853d968fb8d52bbc9f1062e2f6c972100b2
SHA512ea5ec595d14c0cad075551237bbed5150a6b64df40e6ac62df656059b25a112f5f7df86d661541dc4964644f250483c0903ce589bf2e86a9ba1b835b531df268
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e20b7581-2e51-4d25-9e5b-0b6449ed3a8b\index-dir\the-real-index~RFe5a9ba5.TMP
Filesize48B
MD57f69422f82441a5e2899be4b0665211b
SHA1e7840a3be7eb48aeacf7ead1ddc92639d7a50e90
SHA25683442da987bfb0c761866a4a773d9dddd7b6fb9a0b56179e202c209be8b366df
SHA51272b3b4d4ebcfc03886a18c28c6bbdd6b0b8ce75603ec8e941c10b812f6e879d9a7d51e10e7af8f9e3a019ef4f90595b46396872c8bfa7a339448f9d3c0528c08
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD5a14ba0942c5250220f964a0e9714e60f
SHA1c1dbb75e0322be720fcc23814d9a6741b175efae
SHA256ad3650a0da82ce7b464f1989813aecb0554510189a12d5877a6d320406225395
SHA512f742f856c4869030eec126c251f277f2a4b8379ee696fd4dd3e5f2aa44fb175a1af97fcc67835bfa6c01b31993e272ef911aa201fee501f3bdcd795f4cf697c6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD5cced56344c314d98b862423129163c84
SHA1158732882eece8038df49d5ad978b0c2dfba3fe8
SHA256cc929ec822b863b9a5521a2f55d05203f2587271c450f2ee6c79bd6e967078d3
SHA51252174bc0345fedc3cb66b0ab007eb7e1610b41fa8ce8e27cc4323993a59deb6fb7bafc965e0992a834639d5a4d99dfff75891afc3afbe4f448c1e239b766bff2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD56bd349906eb33fb2634187f3fdab856f
SHA18e59b494932ef51a3c871492b298d820e7e74e12
SHA256eafbc00fb7251d5bed88dd2dae2b5ee6d6b71045b63d1fbf924a017637dac253
SHA512ab7c9ccb57458c644cc63bff792b662d1c65db5ab03cf9bda928cfdfae24abe9a6c352c7593db5d068867e9c2baa66a0d173b00e0b532f0ce458a8dcd75843fb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize84B
MD58021cb0fe3e7f40e59c39554e864a9ae
SHA1b6c44e8bfb3950fa9fe735e311dec1a4b7cbe887
SHA25642e951da1e02f12379d747a01e2c103188e2b1ce199cca549487f5ffc64fbb51
SHA5121dc41c9901f271db1083c00bfef9bc09388dd6d21cd6063bac4319c6ec01cecebe86cb419292d6b55c5ff55b6ef7815585baa6c3c5de7fe864fff70d09290b71
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD5c6386f384fab12bdac9346dd2873f5eb
SHA1be6462efd752a0acae54b66ac5769989c1631f8d
SHA256a22ca15295fdb399034363bdd7ec8e5c53a3b6b5c4549c36089d24e46598a167
SHA51229ec4a8a455075327fbcf429c712907f8e48915ac7dde665772912a81b96e215b5d11273133d1b9433a9121190685b097277266467bebf72fe875c1f323e592e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe599e2a.TMP
Filesize89B
MD5eb95a62aa0fb04a2547cf0767a83281b
SHA1b8c0213e98d3070471bd30a87bf8c875274171c4
SHA256a2087dedf94004deccc8998854370ecf3b1c92acc40f4d573a4cba6312c45ffb
SHA512b841b12965f9bc2b7cdfa56b564fabc82d3101eff88ef9ed992272169e51402889968369d151e3f37d2235a37ff6e4f6968fabed5d03f1b0a7a9d3a88b7ee374
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5d632f6c98568d23b5951fc8b30445205
SHA15de9f2b13b104e2beedfaae0fd87bd6eebd59a28
SHA2564df24a47fc341108a2ebe26b8f07cc95c747bb0eef303e51b67d34ccd76165a1
SHA512b85b1e4488df589a9003ede76c1efc71f97900701caf4c9740cee88aa1e3a19e5080d986c82d82e7b73a8026af801691523d238f26a3f6afd8bf7c95d4f15a1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59f1f7.TMP
Filesize48B
MD5e45b6ce8db578ed000e07f804140e2c9
SHA13cc3992f773c9b2923c0f7d1e6769826a1651c1b
SHA25670a3d26a640ba944be6f01f2cb22bd5d8df6956aff50168ee1c2eae5fb831224
SHA5121f23f7831bdd526665943e894d82369c32035a3fa67160c5b05380657b7d63502696f77a4dfbe8a9e300059c52b56f070e90fbf74bf890ff40576ed14fb87fae
-
Filesize
156B
MD5fa1af62bdaf3c63591454d2631d5dd6d
SHA114fc1fc51a9b7ccab8f04c45d84442ed02eb9466
SHA25600dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d
SHA5122c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77
-
Filesize
319B
MD5bf1e418bd0ce3722fdf6e3a34b263e74
SHA1cc3e0531ea8fd5269185efd08c92d33ff7a26693
SHA256b71f79d52c61e0fd894972f6adc5c5893279b4828f84149f812fdbc5e606d106
SHA5124b7843d923b03d9e5a747abcbaaada3e8b439c74f1b24cbd2a8f1fd1d0377dc140de94f92cf201021d2526b448db795f2950d3a34514c23cb59b52522e2543c5
-
Filesize
373B
MD5128b53fc2d526f2d1ee7ce4a11bd907d
SHA1da497f43cbc0f7bceb94187a8c37775343038ee5
SHA25669353cf31c9d5406374f5c60e45ccaff091acd558a5ecd4462371955aa208524
SHA512439f48eb1554e15d50fe092c796425815107fa2557efe5bf38f86ada228694e1e95d46f846ff12c923d799d328a137d562bf25de168f44ef5041df306c0221e4
-
Filesize
933B
MD546e511ee32bfa006164e2cd10f354868
SHA1f3126d58922abff380516179801dc9083e0106c7
SHA2562721c4f40399439d4e8db2fd6f07571776708f8e0ab046b75ec293a788515743
SHA512f691ef22f3a2d0e4060430a7bbf0de9999fd5e1f8c01378493c0fb72a55bf276fe9c066c7240fbe134391db124955be3f3fd687d6a53af1d68abc0bf017988cc
-
Filesize
347B
MD59c5defa4ccef814d628965bc1a843520
SHA12cb58a38b9a27721871bad1c4148eedc303488ae
SHA256372e3744093f5a4f2016c0bdd39264339c1b73fad9f2fbd83c0b183b0c8b271e
SHA512fb9286d2f0a7b0ea5b861224253d3cc74486268fbe2d258221b459f8a88dfb6e7a5f1cec033a3dbaa88f8e7ec4609a03a7ed8a6cc735a668fd902c08e72a26aa
-
Filesize
323B
MD56c541c15bacd30cd67b91dd1745ea809
SHA1f0e6a8ebcb7a1f13644317c46dbf7560ba0318ab
SHA25605cf5d29bd984d6a8180b6bba8327bab19d6c711709f52d7215b99389ad894ed
SHA51257254dc2f40b0c16120ff6c011fb34fc555589f5a9116e2711f36f04b9c4d9e8165c35792a360a617e911f22dcaca9d6ee6c16a0adec412e76f61feb87c1d237
-
Filesize
1KB
MD592959fa9757bf93c4b4b99a3a807a123
SHA1c22cd28c96219036beeeabe09e9f910e50dd812d
SHA2567a3500ad86f6ece190ed078a8687f24e00af4a8160bc3429bc17d75a07411dfa
SHA51257a206f5f7d0288f2b0470031448d3b5feecd7358c2f251394bcf95608bc86ec20aaa0497bbbe1abef9c4d9c50ca5dcb2c4aa25dcd771b2d3006bf3a290d8c50
-
Filesize
1KB
MD5d37bd45c3ab706cb265b3ccd520bad52
SHA1d70b937ac2db8cf93d1a0db398025f61891253c2
SHA256a2c316c4407ee15c02e9f612ad2aaeb0e9615c3d7a02344be32aff5c7a4fb8d4
SHA5122f54db9342e1a1fe28c2796480349c81acb122eae041f6f660e8c4797d5230358b9e733ab66f354e8569b554e06779cac91e4ccc2d00880e525df24644094021
-
Filesize
1KB
MD5de2495686c6ca82f4a25505c1e652861
SHA1fc2771120c984a790778a7f9ccbf2ed129273afe
SHA2568e99515d955278ffa8fb6646980e2a18b884447f085265f72270c17513a02fae
SHA512493bf434aad941ec0f086a09c6b7c1ecb4aec602f2bacae488e50387e9146f8c507d700148fa7c48fba3a5e6bfc2d98fadeb543887e166aa1d630b6aa8e28ec8
-
Filesize
1KB
MD51977775f015b0adcf4d4e7aaadd5466d
SHA1e2ceaa2724fc7681e43ede7dd30406ac228f6359
SHA256378f65db2169da56cba03d5ccf836a9ccc5121cb43d908230dd1040e90c3a4ba
SHA512f9b63fb8a7dcbebd672326c7da50539fa129ea85d5e1a53e5b37e2cb41d71867702c6f7460f9b4bd308561ecea4e3c4fc530b46e7a24ea3c53cb75121903b91a
-
Filesize
706B
MD5d69c7037eef887eabaa5cd057a9894fa
SHA194cdc8618dc2ac278c8ef2b87a533575439fbd28
SHA256c5174c96793851e68591b9167b3730938312732a43a9e9529a5e8ac0669809bf
SHA512c3b2624481e850383513c21dc206470a9bed46a55d66d454fe90e8a5d30ae80584a4db19a087e800af06cddf30a41c670b94a34334829c2ceba72545c6db000c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
32KB
MD5c267930c2a88e164828dd8d0a4933c74
SHA1d18af9909cfb44ee3ad7557b9c90fb683966ec92
SHA25654a2c37ecfa57973eb82ef0a28f29fdad1771e2768429d77701839a4d1c927bb
SHA5123a014d44a828e193c6d9920e7bd6a46693c966f612890f2d28411b341ea02a7dac6fe3a80ade64fa861661c751fb2f29ef611c689e21baa59725a3c2c50a6693
-
Filesize
322B
MD5876470cfd40f2d195f3ca46cec51f87a
SHA1f3ce7cf41a4ba2da291024410ccd26424a7cb4c2
SHA256e76b4d97171602f28448cac0cb619b85734d2b1cb89fb6297caf594675e43e42
SHA512ae24bebdbd6e2dace8c5a7622e63d865fab181067337de5750f2d0c30ed184595d1a3507283f87061455394670179464347ab7581efe696ff2b69d5a3513e8a5
-
Filesize
565B
MD5dbb805a0ebd21bca3d0aa93ccd995326
SHA1d839471308547b9fba1fdb2d4d9a120df099367b
SHA256218e73d1cc5296bbf8382d9951d4ce0740edb39dee874b2b93e1e3c34115440d
SHA512878fffc094ed461d24088ec641c317044cbd25deb24dc19d2c24d5d90104819c1c45e9d65aee4a188969ecd4ff98a20b93db13e877e024079cc5e8016a4ba879
-
Filesize
340B
MD51132832de7574d1b208ca6c6a195f005
SHA1e37577d3ccd1894efb3cbd0145d47ca786180cd0
SHA256044c3b77503ab1d9fc5f1aee98122ef8a3b6c8998eff9b16b66d3315de00a03b
SHA5127e8537607b77c0cb530ab6e9fd9f69ed22944de864e37c508083be430e446b8407b7b0b19d91b52da51247d3110b7ed59c997fb307e97030d84f510016de05e0
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
8KB
MD5d252e1947b4f4d720670732a258e1ec8
SHA16978bec1c8b52fc5278f2a8ae01680bd32dd1986
SHA25650a4117814481e837669f6849c82d9bafbef3b5691e91b0ba45648f5c8a28ffe
SHA51288f0089c564af7a20c8dc6ce3b4179d798366f8037e9614fd954f1e96998140b44b021c4d8c13f6a2e74fdd30b8b7952927789d3478e364c21dbfe258bad682e
-
Filesize
11KB
MD56954ed3e0e649263e016f545ad96c151
SHA1727e1102dcd1d69eb8a7ea6749cf2559fb075883
SHA2563b3407f9292fc28f38936ad6f0b1f4b61117f419396b93e35bcc457a29d478ff
SHA5122cb46c047c53d79f5d664b5ce8aa94a8a9c5bc1c067f52674384af53b4280972622bb34c13c05338ef71705e12accda223616ba0e7d12e4b5194e4abc2ea39fd
-
Filesize
8KB
MD56df850440499bf47a8cc3c848c08603c
SHA12b8a8c14381241291eac45302cb3766909f3b532
SHA2561de550200649e2dad5ac2ac6b802346cabd2722f65609a9fb34564939f02039b
SHA512b236244a2ff0bcf8d935dc479366be51f929b62c97ea2ff4603158815ade1e94b296ec7fe90ca846348a0cea653f96995a75bbc08c4b1ca867066d46a644162d
-
Filesize
8KB
MD562d58388cee158390aee2e922ad8fc8a
SHA1d828fa3b27eb6eccaa4bed8a32262a73057631c0
SHA256b56934f2d515f1a4632841927ef435ae4b78ee332836f1e15b6b954fc63fbbb8
SHA512a972634aff9a658b6e64052c77e27c6f37b1b7de03023ec96ee898993f05127f8a46fe06d44988d26f4967957f431140a68a923be14df8df97b17695731d890f
-
Filesize
725B
MD56882363dd125a39e084667ddd43532a4
SHA1a5b6e74b292d96424d7b39ee9f71e98701f4548d
SHA256b998f488ff63337265c33a7e298e85679393d54e6094d223cd97e549a17078ba
SHA5127bec550ded2c532f279638050638db8abe48f7a31f1175a8caf34dd6ff4ccddfc01331211088ab0b2e3fe980846657f609a897be88eace28c0347f56d7b91a19
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e