Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1378s -
max time network
1415s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
09/03/2024, 18:12
Static task
static1
Behavioral task
behavioral1
Sample
Galaxy_Swapper_v2.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
Galaxy_Swapper_v2.exe
Resource
win11-20240221-en
General
-
Target
Galaxy_Swapper_v2.exe
-
Size
4.7MB
-
MD5
1d0c228d384719d8348c7ca2213055dd
-
SHA1
a994f33dcd502f50c5849075e06f4d0e9867aebd
-
SHA256
88f12c6fc3de84fd90dbdbbcc877f883d462b6ec5882631412328e89493e759e
-
SHA512
9d5b16bf855b4971f65f62f54934648ae739171c19b55e14dff665377c70ebf76cb8fdb02b2d02e8cea5c1374667774f670d4c3373cf9cd89532726860e61b6c
-
SSDEEP
98304:e3JuhFYwXXRYgqatNTOb69GeDluupSUD3G:e0hyqYgRNTOb69GeD4us
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 7 IoCs
pid Process 2396 windowsdesktop-runtime-7.0.16-win-x64.exe 5084 windowsdesktop-runtime-7.0.16-win-x64.exe 4708 windowsdesktop-runtime-7.0.16-win-x64.exe 1632 Galaxy Swapper v2.exe 548 Galaxy Swapper v2.exe 1644 Galaxy Swapper v2.exe 3856 Galaxy Swapper v2.exe -
Loads dropped DLL 1 IoCs
pid Process 5084 windowsdesktop-runtime-7.0.16-win-x64.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\{ef5af41f-d68c-48f7-bfb0-5055718601fc} = "\"C:\\ProgramData\\Package Cache\\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\\windowsdesktop-runtime-7.0.16-win-x64.exe\" /burn.runonce" windowsdesktop-runtime-7.0.16-win-x64.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 311 discord.com 353 discord.com -
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files\dotnet\swidtag\Microsoft Windows Desktop Runtime - 7.0.16 (x64).swidtag windowsdesktop-runtime-7.0.16-win-x64.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File opened for modification C:\Windows\Panther\UnattendGC\setupact.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\setuperr.log UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\diagerr.xml UserOOBEBroker.exe File opened for modification C:\Windows\Panther\UnattendGC\diagwrn.xml UserOOBEBroker.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 15 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 9 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\24 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\25 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\25 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\22\52C64B7E msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22 msiexec.exe Key created \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\23 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\23 msiexec.exe Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\24 msiexec.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\AuthorizedLUAApp = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4E3F426DBD05F2A509C6867B91443826\B61D15F98E24A4A42882574055142AEA msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} windowsdesktop-runtime-7.0.16-win-x64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\AuthorizedLUAApp = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D7262B1034480C14790FF927CAF26D0A\Provider msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\170B71A1C66553D5E351152A6AFB2626 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64\Version = "56.64.8781" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0EA7D4ECABCFF6845AF8BD3A26F6EBB4 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4943F0DE11D5B484BA6E10C561374AAC msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\Net msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\DeploymentFlags = "3" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\PackageCode = "4D303290B805CF34A86C47A4FB5AF5B0" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4E3F426DBD05F2A509C6867B91443826 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\AuthorizedLUAApp = "0" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\MainFeature msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Assignment = "1" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}v56.64.8781\\" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.64.8804_x64\ = "{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}" msiexec.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\Clients = 3a0000000000 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\PackageName = "dotnet-hostfxr-7.0.16-win-x64.msi" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64 msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\Language = "1033" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}v56.64.8804\\" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\windowsdesktop_runtime_56.64.8804_x64 windowsdesktop-runtime-7.0.16-win-x64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Version = "943727181" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\D7262B1034480C14790FF927CAF26D0A msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Provider msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}v56.64.8781\\" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\dotnet_runtime_56.64.8781_x64\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} windowsdesktop-runtime-7.0.16-win-x64.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\PackageCode = "81EE9E981EA60964C8935F11B77FED8D" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\AdvertiseFlags = "388" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\InstanceType = "0" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\DeploymentFlags = "3" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{CE4D7AE0-FCBA-486F-A58F-DBA3626FBE4B}v56.64.8781\\" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C4A096B1A1834D04ABA4F3A8DCC57E79 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\Media msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\LastUsedSource = "n;1;C:\\ProgramData\\Package Cache\\{01B2627D-8443-41C0-97F0-9F72AC2FD6A0}v56.64.8804\\" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\{ef5af41f-d68c-48f7-bfb0-5055718601fc} windowsdesktop-runtime-7.0.16-win-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{1B690A4C-381A-40D4-BA4A-3F8ACD5CE797}v56.64.8781\\" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\Net msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\4943F0DE11D5B484BA6E10C561374AAC\C4A096B1A1834D04ABA4F3A8DCC57E79 msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Version = "56.64.8781" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_SharedHost_7.0_x64\Dependents windowsdesktop-runtime-7.0.16-win-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\04147B1B3295B4161C8ED46FA6E46912\0EA7D4ECABCFF6845AF8BD3A26F6EBB4 msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList\Net msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\SourceList\Media msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\SourceList\Net\1 = "C:\\ProgramData\\Package Cache\\{9F51D16B-42E8-4A4A-8228-75045541A2AE}v56.64.8781\\" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\Assignment = "1" msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\DeploymentFlags = "3" msiexec.exe Key created \REGISTRY\MACHINE\Software\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64 windowsdesktop-runtime-7.0.16-win-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\Dotnet_CLI_HostFxr_56.64.8781_x64\Dependents\{ef5af41f-d68c-48f7-bfb0-5055718601fc} windowsdesktop-runtime-7.0.16-win-x64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\B61D15F98E24A4A42882574055142AEA\Language = "1033" msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList msiexec.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Dependencies\windowsdesktop_runtime_56.64.8804_x64\Dependents windowsdesktop-runtime-7.0.16-win-x64.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\0EA7D4ECABCFF6845AF8BD3A26F6EBB4\Language = "1033" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\C4A096B1A1834D04ABA4F3A8DCC57E79\MainFeature msiexec.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\C4A096B1A1834D04ABA4F3A8DCC57E79\Version = "943727181" msiexec.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\D7262B1034480C14790FF927CAF26D0A\SourceList\PackageName = "windowsdesktop-runtime-7.0.16-win-x64.msi" msiexec.exe -
NTFS ADS 5 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Galaxy Swapper v2.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\memz-master.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 932978.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 115222.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3468 msedge.exe 3468 msedge.exe 2304 msedge.exe 2304 msedge.exe 2460 msedge.exe 2460 msedge.exe 668 identity_helper.exe 668 identity_helper.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 2756 msedge.exe 2756 msedge.exe 2068 msedge.exe 2068 msedge.exe 1172 msedge.exe 1172 msedge.exe 1800 identity_helper.exe 1800 identity_helper.exe 3220 msedge.exe 3220 msedge.exe 2056 msedge.exe 2056 msedge.exe 1076 msedge.exe 1076 msedge.exe 1076 msedge.exe 1076 msedge.exe 4244 msedge.exe 4244 msedge.exe 1632 Galaxy Swapper v2.exe 548 Galaxy Swapper v2.exe 1644 Galaxy Swapper v2.exe 1904 msedge.exe 1904 msedge.exe 3108 msedge.exe 3108 msedge.exe 3856 Galaxy Swapper v2.exe 4144 msedge.exe 4144 msedge.exe 2368 msedge.exe 2368 msedge.exe 4060 msedge.exe 4060 msedge.exe 4348 identity_helper.exe 4348 identity_helper.exe 3728 msedge.exe 3728 msedge.exe 3088 msedge.exe 3088 msedge.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe -
Suspicious behavior: LoadsDriver 6 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 680 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 63 IoCs
pid Process 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeIncreaseQuotaPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeCreateTokenPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeAssignPrimaryTokenPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeLockMemoryPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeIncreaseQuotaPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeMachineAccountPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeTcbPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSecurityPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeTakeOwnershipPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeLoadDriverPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSystemProfilePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSystemtimePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeProfSingleProcessPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeIncBasePriorityPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeCreatePagefilePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeCreatePermanentPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeBackupPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeRestorePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeShutdownPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeDebugPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeAuditPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSystemEnvironmentPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeChangeNotifyPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeRemoteShutdownPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeUndockPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSyncAgentPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeEnableDelegationPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeManageVolumePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeImpersonatePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeCreateGlobalPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeCreateTokenPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeAssignPrimaryTokenPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeLockMemoryPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeIncreaseQuotaPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeMachineAccountPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeTcbPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSecurityPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeTakeOwnershipPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeLoadDriverPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSystemProfilePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSystemtimePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeProfSingleProcessPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeIncBasePriorityPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeCreatePagefilePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeCreatePermanentPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeBackupPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeRestorePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeShutdownPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeDebugPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeAuditPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSystemEnvironmentPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeChangeNotifyPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeRemoteShutdownPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeUndockPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeSyncAgentPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeEnableDelegationPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeManageVolumePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeImpersonatePrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeCreateGlobalPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeShutdownPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeIncreaseQuotaPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeCreateTokenPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe Token: SeAssignPrimaryTokenPrivilege 4708 windowsdesktop-runtime-7.0.16-win-x64.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 2304 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 1172 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 3108 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 2368 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe 1636 msedge.exe -
Suspicious use of SetWindowsHookEx 9 IoCs
pid Process 2316 MiniSearchHost.exe 3468 MEMZ-Destructive.exe 3564 MEMZ-Destructive.exe 912 MEMZ-Destructive.exe 3048 MEMZ-Destructive.exe 3324 MEMZ-Destructive.exe 1792 MEMZ-Destructive.exe 2152 MEMZ-Clean.exe 2152 MEMZ-Clean.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 344 wrote to memory of 2304 344 Galaxy_Swapper_v2.exe 80 PID 344 wrote to memory of 2304 344 Galaxy_Swapper_v2.exe 80 PID 2304 wrote to memory of 4032 2304 msedge.exe 81 PID 2304 wrote to memory of 4032 2304 msedge.exe 81 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 2424 2304 msedge.exe 82 PID 2304 wrote to memory of 3468 2304 msedge.exe 83 PID 2304 wrote to memory of 3468 2304 msedge.exe 83 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84 PID 2304 wrote to memory of 2152 2304 msedge.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\Galaxy_Swapper_v2.exe"C:\Users\Admin\AppData\Local\Temp\Galaxy_Swapper_v2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:344 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=7.0.0&arch=x64&rid=win-x64&os=win10&gui=true2⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d0873cb8,0x7ff9d0873cc8,0x7ff9d0873cd83⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:23⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:83⤵PID:2152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:13⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:13⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:13⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4664 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:13⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1844 /prefetch:83⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:13⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:13⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:13⤵PID:2388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:13⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:13⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:13⤵PID:1780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1876,6972647680427204988,2449168614637449701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3680 /prefetch:83⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2756
-
-
C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe"C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe"3⤵
- Executes dropped EXE
PID:2396 -
C:\Windows\Temp\{AF58B3D0-94BC-437F-B9BE-1AF5325C7A1F}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe"C:\Windows\Temp\{AF58B3D0-94BC-437F-B9BE-1AF5325C7A1F}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe" -burn.clean.room="C:\Users\Admin\Downloads\windowsdesktop-runtime-7.0.16-win-x64.exe" -burn.filehandle.attached=592 -burn.filehandle.self=6004⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5084 -
C:\Windows\Temp\{DFC9AE2B-5BE7-4B8C-B9EF-2F9229C2B348}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe"C:\Windows\Temp\{DFC9AE2B-5BE7-4B8C-B9EF-2F9229C2B348}\.be\windowsdesktop-runtime-7.0.16-win-x64.exe" -q -burn.elevated BurnPipe.{4B48D8AC-D800-4920-9C12-2016B0982F36} {5F15AB63-053A-401A-B523-A2B1C126A8C1} 50845⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4708
-
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2196
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2468
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
PID:3956 -
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 209F38AAE9A51EC1DB31B487E206A64A2⤵PID:3412
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E104D0902F57DF4374F707EEFB93AB2E2⤵PID:3544
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 54A6D598CD3161994E4EB507915B4EAB2⤵PID:4348
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding D4C9E1397E79C655BD997065A81533DA2⤵PID:468
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4080
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵PID:3488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1172 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xe8,0x118,0x7ff9d0873cb8,0x7ff9d0873cc8,0x7ff9d0873cd82⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:22⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:82⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:12⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵PID:1640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:12⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:2752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:4688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5492 /prefetch:82⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵PID:724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:12⤵PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:12⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵PID:768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:12⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:12⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:2632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3424 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:12⤵PID:2468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:12⤵PID:3080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5504 /prefetch:82⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:12⤵PID:2452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:12⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:12⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:3556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1812 /prefetch:82⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:12⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4244
-
-
C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:12⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:12⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1840,12713917151249315946,5433449860150168552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:4872
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3624
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4976
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E41⤵PID:1644
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:1448
-
C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:548
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E41⤵PID:4804
-
C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"C:\Users\Admin\Downloads\Galaxy Swapper v2.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:1644 -
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C start https://galaxyswapperv2.com/Discord.php2⤵PID:2356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://galaxyswapperv2.com/Discord.php3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:3108 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9d0873cb8,0x7ff9d0873cc8,0x7ff9d0873cd84⤵PID:804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,10209981550582627901,10828227605996398568,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:24⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,10209981550582627901,10828227605996398568,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
PID:1904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,10209981550582627901,10828227605996398568,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:84⤵PID:3112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10209981550582627901,10828227605996398568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:14⤵PID:908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10209981550582627901,10828227605996398568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:14⤵PID:2324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10209981550582627901,10828227605996398568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:14⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,10209981550582627901,10828227605996398568,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:14⤵PID:4472
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1424
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4668
-
C:\Users\Admin\Desktop\Galaxy Swapper v2.exe"C:\Users\Admin\Desktop\Galaxy Swapper v2.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3856
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:2316
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
PID:4572
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵PID:1044
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵PID:4268
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵PID:4272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2368 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0x48,0x10c,0x7ff9d0873cb8,0x7ff9d0873cc8,0x7ff9d0873cd82⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:22⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:12⤵PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:12⤵PID:664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4976 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5424 /prefetch:82⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:4000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:12⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:2064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1916,4554430983485381699,6048610397811528946,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3088
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4824
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2108
-
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3468
-
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:3564 -
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:912
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:3048
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:3324
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog2⤵
- Suspicious use of SetWindowsHookEx
PID:1792
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:2152 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:1636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9d0873cb8,0x7ff9d0873cc8,0x7ff9d0873cd83⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:23⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:33⤵PID:4512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:83⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:13⤵PID:236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:13⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:13⤵PID:5792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:13⤵PID:5944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:83⤵PID:5708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:83⤵PID:5520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:13⤵PID:5572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:13⤵PID:5624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:13⤵PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:13⤵PID:5192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:13⤵PID:5400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,15404463834493741262,4321321769055697101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:13⤵PID:5936
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus2⤵PID:5644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff9d0873cb8,0x7ff9d0873cc8,0x7ff9d0873cd83⤵PID:5592
-
-
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E41⤵PID:2248
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1684
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5d6957f26692436f642aa495ee54ca5f8
SHA187a6838d1440821d62f07459d3a58d586a7610e8
SHA2568740f65a332b234739d9a4c9818f89dbc967e03511842119dedfbcfb7ac269e1
SHA5126989dc992b17a90b03ecc438ed460bc320958637cc85dfa29f644a746e7f4d18e814d5bb6e47584fcdaa483c106f47bfeafa6ec9af8324bc789a44938fdcc49e
-
Filesize
152B
MD5d4604cbec2768d84c36d8ab35dfed413
SHA1a5b3db6d2a1fa5a8de9999966172239a9b1340c2
SHA2564ea5e5f1ba02111bc2bc9320ae9a1ca7294d6b3afedc128717b4c6c9df70bde2
SHA512c8004e23dc8a51948a2a582a8ce6ebe1d2546e4c1c60e40c6583f5de1e29c0df20650d5cb36e5d2db3fa6b29b958acc3afd307c66f48c168e68cbb6bcfc52855
-
Filesize
152B
MD56717e0d50ea1851baf2d5a15edd1e6f3
SHA1becd46359368dc76ec2955a699c37510a3c756c0
SHA256033b14c414ae8d2573d28daf055a26397974868b597dba57ef21bca6eb4bd56c
SHA5128b4c6b8d554f20d06a8892b0ee06cea48f3dd56e129d44ae2c2494512ebee77bb5952eeb256dcd2408b2bcebc2ced06f2bd6e837deab1ddc9f0498934e632018
-
Filesize
152B
MD5b210697a947d9b6de8ec978b49234798
SHA1c9dbb44de9ccd61b6d74b3f0c3a363c482c4c500
SHA2567e82fde11b678ae9b6cedcfb98669844d40612a411344a4edf73e8a39ec51f33
SHA51242d92e4924b2c5db9e126e398aedb018c6e8a1a2f2c18c721b9333aa78748acd80d50306d67169cabab2374a11e13313764f17f27deb7563656c1b96eb42e066
-
Filesize
152B
MD55ba2eaa4529d915a87ceafe3e04bb90d
SHA1b5a624f845e4a65caf2cd8abfd8fc694be797690
SHA2560242204633206caf6197b98942f254fc44e10e870931d962939751b1b05df696
SHA51246606c4b79126451179a2bb94bfaf0db4491f709086cb83ecf10c7cc3ebad46d3d0ecbadd3f3266c50db94f34db376b54af449dd95bdcad2410680b0266cb958
-
Filesize
152B
MD5577e1c0c1d7ab0053d280fcc67377478
SHA160032085bb950466bba9185ba965e228ec8915e5
SHA2561d2022a0870c1a97ae10e8df444b8ba182536ed838a749ad1e972c0ded85e158
SHA51239d3fd2d96aee014068f3fda389a40e3173c6ce5b200724c433c48ddffe864edfc6207bb0612b8a811ce41746b7771b81bce1b9cb71a28f07a251a607ce51ef5
-
Filesize
152B
MD52a3b34279f8373c745cf85d502ee0670
SHA14bd02a6ac4d600c40e4b4dd9d36c7727f46891d5
SHA256e024391a7649fe69dbe86272e2d3d1375aa876c9aee7e5b1c7cdda072c41c7be
SHA5123280d612ce610e1dc6034ffeb6f7e8b32f7ffec8d8cb3f7489dd8c2ee8bfd63bb3932905d0d37918ce891ee744afdcac61492be0f49ce95e5397cf1d80bfe163
-
Filesize
152B
MD5cfb7f468d2475f2e567d0d4f4f061ac0
SHA135e30421b9426fb34b9825ff64523dbf89f869c7
SHA256f78617e168fb0cf91669a1f5d3bd81f27cde5a4dc32256d036983f27ae9dc3ef
SHA512eea8372f5c2c9c2b5270879c9b51162e3bd4a97fc386a460b27105babef146a9a5904799873779e89c4c169461ad1cfb63d7dcf9b4caf243d6c67679bc2b936d
-
Filesize
44KB
MD5b52f52590e2a1cef0ae2a56d31843fda
SHA176731e50c6c7badfd0881267b18b784d1e78be71
SHA256185fa9c265a2b508e4b9e24ff2306060535985bd4980781fc4062b25ff612436
SHA512bab109f40f27c8e6e03fd98432b849bbdc034709312644717621a265bc3f61e9954bebd71561015fbd1e95a6e7b295552aba3ac79ce6ff34156a215e2691a4fd
-
Filesize
192KB
MD5dce3f93d95c9384d2268107a51d8aad4
SHA15d2eb359ae368211b820f775a35cc051500b769f
SHA256733cf4c120d90e4b8ca0e476189c80edc24442cea20bbc829de2427bb3b1dda4
SHA51223707a215167ab8197e8367ba357b808e4dfacb98c5b62b7527405a96e0c63f98354cb98e016cabbf7d34a15d8d929f503c0d6c3003b3efcb0ad299b53949bf7
-
Filesize
162KB
MD5f2fd0506c0855762bf8346581c5db65f
SHA1247f4b783db6e34f737a97fea71f3c3e71c197c8
SHA2567c018581d08019d7e17a30c4d223599d6d555746f78c7acefaef859e8fdd0694
SHA512894f2d14f8148deb4a4dcb8e2fcaf69388f08bc6e1eb046f76bf9f622b75f7d83f12cbe2bb231c039f1d08c8ddd0350e694f51922ff9d9461b8d9acef59724b6
-
Filesize
128KB
MD579257865470ccc435199e575d627960c
SHA19629ed72a518df1e5058e61a3d8623d805f6f8d1
SHA256e802b8896d45690ddfef9cd69048a5d969979c38e11d20eaeb84ca9bcf72a448
SHA51263a074c378865cd7fd7ab41f3b0dfd40d2f2d2bd1892798117d6db5937d35eb6117e5b27806e4e08513eec8c10f8f7c2de7411668efef54d600a5bcbef28acd2
-
Filesize
430KB
MD512ce568001757bb24f13d6a6e5161ce9
SHA19a4ae6c4f6bbf894123558fee1b8afc1137b36d6
SHA25634cab69ceffb3a9f7d465ef0f2261e54d41e65cfb3ba548d1566bfbe570c6fd2
SHA5123f63b9ef95edd17a691427f86c0c1a4d2236a563457a258e5e457dc00d2bae70902ef91b05fb686c13ce25395265a3d4716cbae3e6f80139bbf683458ef50615
-
Filesize
1024KB
MD58c4cf15a41626ea5fa18079e87251f6e
SHA1bdfbc484823bd45613ccd2b4426d2a4ef59dfc46
SHA2568744e46d68f2ddd11b68240af4ba3873530de0233d2a0a6b971ec4ba359e6bb0
SHA5125ee565aa7698e5413f02db609bf175ebc566b410cbebb9250080e20b6f960a64cde390639d2af3b65798d5e848b9bb6601958695051721f42869cdd798debe71
-
Filesize
194KB
MD5f5b4137b040ec6bd884feee514f7c176
SHA17897677377a9ced759be35a66fdee34b391ab0ff
SHA256845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40
-
Filesize
3KB
MD57f1835fe5c68dd642bd11fb48b6b711a
SHA1797780c1a5aa1eaa499d53829c4167aa2ec695b2
SHA256c67885480333427cddd412cd2a0c1715692f1cafe7069ba3b2e4237a7a60e423
SHA512ea24059a61221761ed48c30cfbf4f1620e76fdf2e2953d8591a1b690371fa7c2ba31c1dd9b532f8f62721430af61066d4780f2d4d18289e2691be264d2d6e67a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5d3dd25c926140bef4e5eac29cdac95ee
SHA1a05babe03d95f9f44e84cef4aaa6414e6a5a1efc
SHA2561c956d019e818a2f4204419e213bc1b34481dae2dd0e4a0ffc687303b5af5129
SHA512ff3f41007830c6697dc745674fb1b6555642aba2276111db8e0564cfe5a9008fa554c0a1256314242d35507c4e6312a589b6c645dbe1ecc5ba635cd77141c42c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5485483cc6d280dacf488dd0cfdac6386
SHA1a874e8a2b888b69f07450b18f95b9006571b2bc7
SHA256805b93c8178b6b8c852e62967d1e6b79c0c4bc9d3777be60aeb3cdc0d238e951
SHA512ad9e375ad684c3742021a713f11fc49a9f8c4817c44fb39d6328160a0b748108c5037bff1dea6922abb5299f98d54f3f6d4dce1627f4991c4b8a6678b679bb8d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD544feb7b890e38f31340d2026757052d4
SHA1a8dc38ea8a294a1e6eed3e19daad864977f7755a
SHA25695ee4ace7f540da39771728fc5f4d82ae32a555f728562538b41f344a11d1f29
SHA512bb903a3c9b4a828f05cf91e508da33686e34e9695d07ba7604735605e603bbd5e5cb08124f4fdc4e28a39e3afc60605e35ae6f4f52e8dd3cb8e1ce812effa6dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5b4a59a2b7831cf4798a0ae888cdbde30
SHA165fe21628dac33a9e7f2965fda2086316364a07e
SHA256b71f3f01f7c241702711d33eb3ba72f8261a28703a6ce49c20504248bfc18c00
SHA5121b2f10fc7d9d5d9e0703795c4f3e06e4a27dfe80ca00ef0d2fb06134109808a2abf69e7418250218904fa75ff5019a42da0d04a841e99e50106b9958a6870c1e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5f1f2e3dbb0960f9b679324e1a5dd59eb
SHA14552ea4f757d2fdc1d69e74b656dafcf0ae21a1b
SHA2568a664e96850c090fd0513d06e8302305231d67e54fa8aee90b607689a8443628
SHA512b009b42ed123a54d1ad49c4fd63024ba26c9052627e41ddd3aaa6ee457e5cb5b8212c032e4e3cf358a0e41e1e3a31074650aeb04edd0d4077492b8f512c8e8b2
-
Filesize
20KB
MD559df65f058162b813541740d9d5705a6
SHA13ab68887b877f41dd5c498d3089451eb0ce1d16f
SHA2560b26f683e7bc1d32fc4c8c66fb8fbeef7807181774ad13a3f7abf1617e064bdb
SHA512ebf8f6c856bfa54768c3977b9c1c6b517d37f203c2a29125628160f50b75bf2bff7049dfa7375d6790ba7890d305f863d7c01a1ed8d9195c72e31bc57e436d2c
-
Filesize
264KB
MD537b63ad4645f7e50e3061d31ed4fc6ca
SHA1e26169c83463f98111cb3030fd9e980f4885b44c
SHA2562a65bb947568b7623812a10c3a41aa527bf0c6435b128ee1f78047462f9ca6fa
SHA51249ecb8fce7ac1dadc882ee052a447dfa327e66067cd59a85f5cddd0b075dcbcefd8f1233d477fd0c10a6fbd5164b14cca81f34ce9b2a8090265b1f2914f898e1
-
Filesize
264KB
MD55cddda9fe573e47490033cf7b2be4507
SHA148d3a330769069a615b9e18537a2ed1c35e1e4b4
SHA2560bcb062e71925704192dfde1f51a90db5588c14645c960c928b2f3e7ba6a5257
SHA512b9270e31af796e7c188897ede9a62d935a84fe10640adc6f617ef46cbebd8d1040618d430694ca9a905491bb9a81ba8d44bd9cd820d5fa21c769d1bae8c17172
-
Filesize
116KB
MD557cfa1a8bbde274e356ed92ffb0e99a6
SHA14ac9ac9707e36f5b22aacc044a903cf61e898924
SHA2563bb8e4befedd5c25759b5f613ca9d6d32ab72df7fa64efe76ec30979b307f32e
SHA51287de08f683819e873bf48e34afd6ab3f367aa4d7438847515e03fb511c291a0be88d539a6a8528ea53bd0b8a7bff833be37589a3a5a423ecfec36910b68277ae
-
Filesize
2KB
MD50a5d73081fa9de95ae4a65676750535d
SHA1f76853d9096e278261685b80d9eda98d33ffa80c
SHA25613a6a635f93d836790eff069803ae59f5f2c6c203a9f2162d72408b3bc10ac3c
SHA5127591014d81a638302305c9288e0d89649bf486abb5dc5b8aba5c1f68759c41119773e118fec9ca35e598d152692b3d5739732871b68fe3110ffb1218b706d6d5
-
Filesize
276B
MD5cc7a07141f8b6b31a0117b0d83d0e5e4
SHA1d53c0fdaccff24d9c65cc0e855f6dedb850f0972
SHA2565486af8f12477b262160e92e31e23b844fe9a53ae6cff3621c82b844f074a98f
SHA51272f51efee6adc3221faa1c9fb9e10462abca0c29060190a40a619a4e2d0bf170d847b586145b8ff4c604eaf7cecc7b7e154f46b0fce21a785d82dabf1eff248d
-
Filesize
331B
MD511d562c1df0513d7467e3c482eb6e787
SHA1d1480f1e684a724c5d90bb1b835b63cc7612160c
SHA256182277605ae75c1abba233aebcb0d96d89370e15345e57b3f64807cbbd157f82
SHA512808c9dbc4c7cac8ecb551748e78821444cca354487e50d44c74573074b9ecfb3a1dd861df98b347c4afedff65baebb50b5c0ff32738ec635b570763576d2675b
-
Filesize
1002B
MD546b4646dc70e7e27921454f474179708
SHA1222d59f2c5ee97cbe1100439787874d5a3c7a15e
SHA256ac9182b139f053ce430ef69862e09fb5d343e50ff3b2c912d8a4777eb8ffe02d
SHA512bbbea3fad64c7ad1c0e16a009da2d227cd00594d04af9f05ac9a0f9fd5e09c556a8e68fb49e8888aa22f1252e00cdf476301d2bd79c90dfa7fa368855f8c45e9
-
Filesize
5KB
MD59eab076142093d1772a3140401692312
SHA1b5d81449b7880c1017b66a5e5267c8ff04524de4
SHA2565642c7bdc37160f9358349e5a4ffbd56812de02dec097db929c0cf5c7e93c656
SHA512034ada31cef367bb7541f758185862fc8174102420efb82ea7e8af9b9b123a27422e0540a55380963065505ecd0a9ce9f38e0d62cb31a2c14e5ec8c79d602a6e
-
Filesize
8KB
MD529a51d1e83a4cdd771d5ceb2895fadbe
SHA1ae79e707fc2512e3e0ea07e003ca8a1836fb967c
SHA25631ca158526157fe2c79ad8482ef67a753b42f808007685af9e78f8609b99cd9f
SHA5125cf2fcfdb2b1229298fcc5fadb17ef8a6f6d86a8aa8c19cea709d39f3f19d8ffb5c51f3ad363a932a1c3bbcfe3e61af20a50c58f41bafb9b96434fdce7e8375e
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
1002B
MD50d2691e6ffe1773bf3d85f32edd30749
SHA12eaa6a6a97e0cccc4c6e890abdd0751c5fa540f6
SHA2565264d4364e200bae361755047e46e542c0d77cbc8f8d2b69d26043267b6db52c
SHA512e19706c66efb8b8b2b77f7f1f8e191263de924500ae28953e6669096c5122dc4ca1904b1359ff2dca5c8029726ad6bbdbb5e25000303dca4b6bf2699fa271b4c
-
Filesize
7KB
MD53643f74c6f3bdcfaec048239ff9243cc
SHA1b4d22cb570d4d2afe2b70d1510f9fba0012e32f2
SHA256d8b1a145e0afb7bd11d9ac988862346d96ecd9725d6fa15bec6d59e6731dddbb
SHA512478ce9179d6b6b12afe5981abf13d1ae7a89405446c6cafb779d1b3ecc1fcebe51d3956684b2bbc49dc55b8913405a4ebb2d829f304b29d773b6681019d52d64
-
Filesize
1002B
MD5e5be0ae50129888224457950c1ff6501
SHA1d2e44f6c226280ed281d19e62bccf57bc5f9719f
SHA256a651e83123237c6628c0cca528f42d0a1325cda9609aab22981010f0da707073
SHA512a0ef810341bce5992dddccf0cfc09ca85e0f30290ce4d66862d260a838d96b0522a7d268af83b40f3cecd11e11fb06b593b0d2049dc1b471238d1d7f09ffa8c3
-
Filesize
9KB
MD5d54793d91fed006ca118143b3cc73a33
SHA1a3c6e4431acc778414133724a5a1d73678cfcdb5
SHA2566cb260669578d1899cc3dc01df1e2da036fa3ecaf5574070bbc4ba63173d52d8
SHA512542f3ba33a6bb2020ea74121c944dfcd71c91751800e01108014ba7e5ac7b750b08c981c2cfe26b383af8e4845ff4cdacfdb6a1e1db13f35bf3cfb2acbfbfe2d
-
Filesize
8KB
MD5e1b7af99083522cc7b094a684301d99f
SHA13fb6eca28742980ace3728df930a38ff0abc3061
SHA2564fdc97018975cf6136b6ff5db712958c38343102ed883875c4d4fa168c192922
SHA512c2e9126afd7151b815b6dfb1c41339caf5319a3408d0020c59d991c79815bfcee827e7d043a05470d6f5470cbcfbc1b3ace542991731250551fb94debb5e8379
-
Filesize
8KB
MD5453990e883199349cad956b388fb1669
SHA16676bb0a8b698b65cb2d825fc7c404bbe90d1547
SHA256dd9fb2a3bdddbc27479099de3622603d6c56ebf7e76d4aafd2f9b59115d32a0a
SHA5127ce33fe9d589b87e64033e73dd4a06347ce60a5bf232a00beb26dab415e88d1bfb43715f92fe576699b91b7e3a93465d9e1c780a3d05fceeb07d4c87605511df
-
Filesize
9KB
MD532b876be3e7ea57b48c3d5553c024037
SHA1c541d2a7e49fced1bc7efe6aeff1ac3631facf64
SHA2566e4222d86ba9ccb9c3b4eeaf40a36b3913a2ebc0ec98d8f7060a61bc8b3fe87a
SHA512fa4634137e5ca25494f3c51960dec93d0887a32b18610a3bf665f8df86e1b00857377bd13e94a6bfb489e9b153e512d089d7f652e1c2270c3e5a4d453fb33041
-
Filesize
5KB
MD52def41c5430f2ff7c4f1d39474d27428
SHA15cc9cc2be4bc8b65f2ca444f66a2ae6483605bef
SHA256b1a05c69d3ef14d5066ee0b3a22f73c2c636d79ca5f038cda635c4ef6ebcedd9
SHA51252759a39671035ba807accc261ad233dbecac929ef6b34e8eda303b8cee470a11c2171adbd43376c31a7364a55c0d61dab6c4bb034c7eb8c484bfa1a004d2ee8
-
Filesize
8KB
MD5aa2fd1069303d91d88fedbf977ab7572
SHA1f80742e25f40b4df235b65e278383790b51dd2a2
SHA256569f6cf6c59c24176139dfb3fa52f4a557bb99b7faf8a17489d07ca90c7fa3ca
SHA512ef585817edf513b7e7c5f6a74cd1dc202da9ce49c611c32beceade550b839327062747fb8e19bc188eec8580fcc0f60bccb9272af7110c4365db5854729869a7
-
Filesize
11KB
MD5259262a7b34a30cc1f7982ad5e6840e5
SHA11396fa2d8165b187cd83d48a32873ae9d40c6500
SHA25680d77757dcb2e06f1ee8a3d0e1e962eb68c5d6183a3c5aedd0d4b90f1ad488ac
SHA5125de231ee4c60f794897a3572e29abbb2740320f13dd76ee31fc85e7c729e0f67e00cdea639f05f426e168414bea36631e281f8c396565d2580e2cbffe29d5c0a
-
Filesize
13KB
MD51f088adcfa65afa41cacccbb2560f6bb
SHA1e0dc287eefe59c6ce86e386fac590c6d8e3ad461
SHA25620f8ba8689d3c4b511dac0cb5361285841fab93cc33837e45a8b52c3925eab5d
SHA512067848374080992952985d5eabc09738a42e709cc42d48a2f67c6f3f5f746e0641d87a1f9aaa7cc39449bddccbfd22b032b5ca90ec31cc587d695feb982527ab
-
Filesize
14KB
MD5dd172a7856af5d94e7e23961721e8abe
SHA1470689c6c6bb323221093a1a4cd9e289af27a7c7
SHA2564de4d7c67e8b3565dda123d469d0aa83c0a1ce7fdc65b17824557da5044fb5dd
SHA51210f12c7c4471065b5cc77769db5db49c8d177c86cc5ac37da29fc518d3aa39d4fa0898b54eef6c69bd5de52fe7cfba4768e7da3beefccaa07474649148b935af
-
Filesize
14KB
MD51c1981f4f673042726b4cfb2a2372499
SHA17effad63d2b83784c4990bd319f9453ae22cc925
SHA256d0d2446a5eae0ef1b6e172ac8d5a58600e4625d89108e96afeb215f29c019a6a
SHA51258ba7db4c1409436ed92899e054609ec9972a9f5ddd818403c97c31795ad124b7b69c26daa1fcc6ca6b32b18cef773a3c64e20d9b64649e1209be9ddadbf255e
-
Filesize
15KB
MD5f072e36024d35520b5998e7d89e34f0f
SHA17b09fe77cc20a9fea76c7dd405850c9faa11a618
SHA2562c7b9b517f637443e2771c8732c4d53b76f556d99eb1d63d7f534dd250c3e48e
SHA512af7aec067a48b8d192343af3e010bdeb17dbcd64e445ed4a98135ee0f286da2d2690e9fc58219027adfbcf4514c05bd97b811d75a17293a75bae456e1b676c9a
-
Filesize
15KB
MD50c3092cc103c10dfd1f31fdadf8e9a6f
SHA19e56005246b53490d4e87c5f92986d1bdd0a01f9
SHA25669f9d20f46f3296bab9dd1c8256a21595d04110348ae19023697964a9e5e896e
SHA512bf64d2f978a04792b497ec067a8e8e2ac82c570168c75a03d16b9ab16d5cb2dd234c66007a4d9b4e915e003468832d34c4434937b42610ed1bb46f063ba342d6
-
Filesize
15KB
MD5eb2b58a154f1deb8839bec26ac434711
SHA12cb5e567b402aff1b435fa607a2fe60315d7e4f5
SHA256e960b5b4af754c4ce99e47524305c058677071f77cdb4fc1dcdce74498aedda6
SHA5120642a3d390a8542bdf91f05a6fb06164debc6bb543c4b1d19604ea04692904eb1cccf25845a629b9d553e03d7ae3714658559cda3f90af3abaa22b2e036991d8
-
Filesize
6KB
MD50b3581ba75b543b85e5f37636b52429f
SHA10a9e1e73b4bdbfd54fc46f242d9058886a255df1
SHA256cc3a0bdb76286857a5a76f3a868578102b7ff707cad009a165eb613bc1fb1082
SHA512d4052e058dcb377948f6696a6980c79fafd1c8c9be2480889e66574040f5be5870d1178dd59fe068ec202ee6e1c653c32fb42ad4be3b8f6d72019dbfb0eb6fd8
-
Filesize
7KB
MD5ab73a90ac98adbb4a504364c3c1070c0
SHA1b832abf45524f4deb760527d7ddb6b780ab61800
SHA2567a27bc46fcb7ffc6a1c8ebbb4525830084aabbbc72a074081c337a0ccb4fde1a
SHA512af51af87683be2f43b133915e2e0a76e8f30048c5a5c0a924b6a157a2c57b360f241b3046bc3c8da2cee2441b1bfe149c46ed0fcdef78a05df38ebab3ee81a21
-
Filesize
6KB
MD5e62772b5f74ebbbdb201f8383f792d78
SHA13d6d5c11eeaf6f94d305e20ebba8694b8aa4bb75
SHA2563692e8b5239f18da6ae3cda10ccd2fcb0811b8dd0b04dad54ce285e9769b3cf8
SHA512e3d2de618a1322b2d2c541251fb3139cd3d67c8556a9431c6b2e76bea85713c58ded1f9dce66e977a26df1a5c80d53842c3f164bde0810af395dbfc63d45862b
-
Filesize
7KB
MD52b38994a911100f9597064424ca123a8
SHA1fdc948b806cf20912bb7b76d9689e8e974e3453c
SHA256d631abddf2d5ac7b7b86d8d9937cbacd42747316b46fd5d8e096015837f393af
SHA512cafb693b2899bb50b19f09b6d55d9040cdb626b3bd02a1c75e71d5748529f08db63c17d940ff62d9eb2cd3f5434ab52651dfbd8fa50f551ddee7bdb7066c54bf
-
Filesize
10KB
MD551b6cb6355228f5786582e26623d2402
SHA1217f6aacbfa5ef51910337928171dd16a039ddb7
SHA2566d316fb80f247614eb81d946475c3d07736beef378c7ccd157d5336bf0e96ec7
SHA512e536a79d898eae6fde2fa201b8718025d406b24c71c63df2611647de3f431ee9bec95842efb55fc0b01c0332b7fd6d400688042a23fd1d8548dde1aace5927d6
-
Filesize
15KB
MD5c441646feae6b6b6b410eb3ab74a47b0
SHA1066ce6134dacbbf4bea987ff699f11a2e0060aee
SHA256f8ffc54265506315945a7e6afca749dcc7f2f8ee9711eb87f76b7431c2b1f200
SHA5122ad176fe03382108c70e27f37c77c61500970afb4f25a8ad438ef1b6634a2048690c73f75e61a8767960f7a3f0479464bbe087117bd88120d747628103060d06
-
Filesize
6KB
MD511ca4f99fe91bac2198f7c4a2bdbc494
SHA1bb96610daf14ce09e7b3c3917adac8a495ce71a4
SHA256b288fd5606fa7c9660bf5e61008d0d074b809776bec871da22133f7936f3d202
SHA512dc75c36aa433d5680b4b4909a1285da32a2a90cc804d964b172d811cafa448a4da3e79e036b7f01b69f30d52b06f56c2cbd08387b236f4540ff9077a579d1a5f
-
Filesize
7KB
MD55c6e1e5b6f80071a135242bc46a27091
SHA1f7653b7635cebcb3c4c3f3bce01258e537ea3423
SHA256233e7c0a9b1115462c09abe834c39a2a1ce041721416f159369ed94ea622d849
SHA512afb508f2b5aaac3c8794413c31d3f33f8c52a89f50a19ee904933eb2fe7b12989929c0b4626e6ec47be1d3fd2f8f4e205e5c11677998d1b4407e767e27ca7b93
-
Filesize
6KB
MD59703e76ec41b8367b5a37b367b2476de
SHA1d107304ec3686449bbbc2f58f47c831391a842fe
SHA256e2d4e52866c93a2416941ccba58c5c63b5e7171bfcbb037cd59a29fc331e3df9
SHA512f52fa6f577a0af46e4596fa759ead1e27b3c4a8c69487c80713b34522f2279ab70f19ce9a57bf2145d161e563a43a531932cf830954270bbc08ba1a29c77be66
-
Filesize
6KB
MD5fe61d3ba72c28ef196a0e9e541f7619f
SHA162f84e47e87b559ad38fb9c95914167ff119d3c4
SHA256c61ecb9ea0038a830524936e34ba59856723e8f312dbadf4d799ad69a07d6339
SHA5120015bd57454cb4c7792395557d469b5aeaacc674a5d958fb26da74baff238fdb1f5394bf33a13a2d439a186bfe428a74200a793bfe7db2c4f101ed9d712d50ce
-
Filesize
1KB
MD571d0486abbf389e332925ef15b688c1a
SHA15cbbb0e7db7b6d95deb3f9d8fe422e81268d4a58
SHA25646d4edcc24bd203d8cadd84e87ece0324460f62977af88280afc744aa2ea4bb7
SHA51243a828557252aca1348e32428b3fe04c1eaa03c3598e46f782f126c11be930272e85a028e3920dd63d884d9864134cfa299f28400c5df877f2c5784802e73fd2
-
Filesize
319B
MD592db4bb79ac7e03a61a65cbfdb49f952
SHA1a6b42319520cad12dddc418e4f610815ab7c4fe4
SHA256d41d66300969af51e9865f56b3e8adbefbd0e5d99f4b296e03d64299f736c06b
SHA512880255aa5f9afadac003ef2f6bb223de7d803f6391abb91e10f47a41ef74e6b90823aff1898491e067202ad8c5ec4b73b95f069e41eca5a6fc61d9131b015a89
-
Filesize
2KB
MD55f5636d20eeb7a4ad29ced049bc81b55
SHA1b703abe54cad05e6ebbfede67abbcf8de68732b7
SHA2568319278ee9f9c49eeec2a4794cea2d00ef5d1a710ead8c9473b092794a96dd19
SHA51250737a1fcb7b3d00cddeec2ddf21f2269aa210da3e0f32ccdec09f8a397a98f3433e7123a354cc89b240798aa6ca87e5ada38d3e563879a9e3760bc2391cde92
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD5dbfe352f7064725bdaab4dd112a28d35
SHA10c9b72cfed91bb52ed03ce0ef7078266cbe17d44
SHA256ff6488b0718e50b92e384ba3418227c2b0b24a9471d46c3ce30a4865c88d8b81
SHA51255432a95c532df75b727f87f84694631a807c1eeae1174de399c9c59c784827b059ed4e8b072e0cb42b444685f23e47afa02f02eef09ef37576bf0a380270123
-
Filesize
344B
MD5bccaa97c437a08cb376436d348e437f8
SHA17b3ac709ebddac81b72b47d26b51eceaa10d8096
SHA256dfcd279ad5b6fb128392793dace1f9728f1c7b925ef55c658d54a3e158039ddd
SHA5125aedd46c74a22a0f12360c15584ae9657845978beb317a8a92fa8dad45c77187dbdf21de512be9299914506bcbd926842efc10049353baea59a37cbab3e1c502
-
Filesize
320B
MD59e34f9602082c18cf2f6981e3bd85418
SHA147f5dcc4e42ca04a5576a648500cd30097830be4
SHA256e234617acfcd055c91843065918f1f009001745f5f69eb2c2db9c6a3278ba08e
SHA51240c72100a688f5e2ed6443cb9f6f2349a6a5acb5eb178d6545f5227ba52762a2602db8f555c405449b4110a0621c7e7f0d0e2d697e1de557b78626ecb3a3c76c
-
Filesize
707B
MD57b32191a8656159b03492d8b488e6880
SHA1570987a9156d42655ab0ddff8012ad0d4b062545
SHA256c7c04ba223f955c96f5265b9be933eca5c027234c54db7becbcc4e396ed208f1
SHA512ac14b360bf0f520039cb8aad71c78d5fce1d95e9fbf3bb7cc36905e306cd709c6420f258186b5104b853174464b8fa52b0f414e83195969414e997f0249fca75
-
Filesize
1KB
MD5d72530f5f1570382a55e1f6dc8037cd1
SHA1633debbec82a9dedc0a8081394f9a09825756a25
SHA256c5e0edf5bf97abb7763fd1329757363b2b39425857e4abaaca6427f655ec2270
SHA512c0a530fc57a6f5c5f984810018292526c02018186be4a249288c03a1576df746d03718a64449f7214df3dde96525285987a232f7187b20240c56f96f1ac8451e
-
Filesize
3KB
MD5b2036a0c8fd5feb15f52faef731b8737
SHA172d89dca274789662bba46baede008701b86f14d
SHA2560673ac2532117944875a53ed97291be322a36ca8422b98904d9fc5ed9c751670
SHA51230ff58fab553fc822f496362e1e4eee80ddcf09c950aaddf547d5e3fc28151a82a2b5da275f904db81d43a2bce000d2ceb7f71bb4f6f5a646945dd2c6077fc99
-
Filesize
4KB
MD501aa45bf9deb0b0a573fab9a66305464
SHA138e16f12d8cea390e14b0004b11ca018dfdd6ab7
SHA256cfd365ebf9ee5247d8fd6e76f12fc26d4028a50ffcb215440240bd34ddc6923e
SHA51273c7355bfcec39635ba7051015541fc1906b26b0cfcb80cad7ba0c7e05cb7a96f76a662c169522e91fcd069132202ceb789386d51ce4c6c9307987297ad9666b
-
Filesize
4KB
MD5767ca8bd3b50d287838e233801740bfe
SHA113a449355c83f6916ea0513e167c003a11ce3111
SHA256643ba3be9623cf5d7ef180da386d88dbee5140bdef8e4c108b291863d62aed65
SHA5125acd6ca2ea42a51a6ac8162ff4c18882a42c229d79e538c0e86fc1eaa2025b823b4f7ba21fab72271831489d4f4e27edba2efd5b8fa1fd3992d127f128cae35b
-
Filesize
1KB
MD51ea86802a2e688fc417d06023910f627
SHA158219c520de3a5979d45bfd5aa8e0fb6fd9d82cb
SHA2569bfd4bd6afae26d8c17200a78fc8b60e4bddfc0b4599fac030b16e1c886fd92a
SHA512bad3a015104876cd03e0972f139ae13208995c02b4c8fd7309a7686c363202377c37e27a1c0eede4d14968e129c7515bd5ee531799bff8a1dc57daea174525f8
-
Filesize
4KB
MD54c1dad3f20537ce89151c6ce89cbac98
SHA13020daf330b080d5b2d27c02d5b5a0b8ebef58b3
SHA256440e20c978e414b779bdb1f27d9ec132e129e8e4a4bce81f2afd71134e9c370b
SHA512b29c7ccaabda4c0bd30835b5264c8ed732895e63d0b1226a3fab52fa05b8e514ab84f6eea763795620b2caecb205bdfe179f9d2c3ba6dedc4d4d43e4f791c7ea
-
Filesize
2KB
MD57329bc5ce4176b152e961c5cda83ee96
SHA16fdeb5600a1459127856a05fae0154f9bb8bbc84
SHA2562d96716321370fede3d9953315cf1092e1301708e4425eb4233b8ff06d0351d9
SHA512691e2c1f6f0242d76e28df49109de7b3e6d360f6b317396222c128229db252f5edc639d410d3416973c3dfc6f94b005bf69427dbf07dd57709e0dced8153d99e
-
Filesize
4KB
MD553ef7d8d06e3a5f0ceb5921ddacc16a5
SHA103226d5faa3f6f270369e457340b3d74e0dc1246
SHA25642a0df0394a4ba9288b30382dfed7e1994c79b4a3d0f0babf56ace846dd1ab94
SHA51253a9fa1bd1807fe9bdca65f6c9ebabf0f17d33036413bff69b3a714c2c1f99270041277a3aeec68c5c59ada7816595203a659fc906d86ae083ac58c85f1147a9
-
Filesize
539B
MD504426055114fec30a9a9901a1cf7a1e4
SHA19e597b053f9b2e3c32cbd322e8f8b01c3332b29e
SHA2565618e65c09732280ae982fe0e03b396d233732c72f3b935ebb8e8eabb1dcf0d8
SHA512e92e767509e672eff07dc64206e2a176602d100695557e784c557bbc82767b357a3e330d972f734b3d84a2fe6651297fcf9a79773837700f0e4e6cfbe480729f
-
Filesize
707B
MD5e44e65f281a80ca0495818044dec8e3d
SHA1008751d6e6e1e0d6632b2b3ce0299d90dd195737
SHA2568b641d1713566c423884e74629dcdb903fb8362e6bb2fd462636f17c20d9d703
SHA512e9ac61bb709798a634c32349cbdc7cd241f654e27e37fef2db04b4536e43065e6f06c1cf7680474e1c88459c2eafa04cce226f0f5cdd39ce3a05ec717b3c493e
-
Filesize
4KB
MD5dbe44eb089a3d1d58fb461b52068c387
SHA1f20d8b430ac6eae1b413f889593572adab626f3a
SHA256a488f7c504ae0892852b36773e33a32d0e85f937e59877d2600090dc5c12b681
SHA51279d4584b25259a9071dfd21e55ca0ecb1bf483eca9f9d46e65c97b71e2ef3021d996bb2931797f37fec336ea5402b512d4404bd620a4117600c3a665c47478b4
-
Filesize
4KB
MD5df077089a845f27285aa1bcbb504771d
SHA18c1fe8bf2604ae37534e3036d2c6c196cd373c66
SHA256be2c76af3949cbcfc7be420bfdd1964f47be9047dae6683d7b7ffce13998ae18
SHA512c579219dcbf4bc25f42b6c7ac53e6806e93d1a2c9c026a10a899533b1841ad698fa963ef22f908ebbe77a4b2aa30c4f38a23d13fd2a6e40eaf68804ba5e97326
-
Filesize
371B
MD51108e8331a6c2c4c7957a1f294d64a3f
SHA106f16cec86c892265c9f1742fa003e21f856bdf5
SHA256dac4925e17ae7ea4995b3716ef02f293379f2b3ef1908f83a39d23ed20dbecf7
SHA51240e3a1e83fb1ca18ac1fce05f18a6afe3f1e298c83c45e74418e07c595f8ed311448882df6cc16ec027fa1353e152dcff77a146eeccff5f5de77508dd26e516a
-
Filesize
128KB
MD5b30804dc34857c6561c01dc132f2b90e
SHA1c7e19bb62a10d6c816dfe41454e202f1fc54d603
SHA2565fe9f801a80fde7c1e534f737ee5399c8cdf53390025999b4f84d720144089af
SHA51271e58e083daa04b75efee8ff95e1deee3a9cf7475ac0d0772b41470a91ba295884b5853c728f679fca30c7f41da7836bbb8c0837c9a1192022d80d42b5ecf794
-
Filesize
112KB
MD576046e587118ac6f7d70a756971fae0e
SHA1a1124cacc9447fad8465f6be1a3fb7c50f3a5fda
SHA2566cfe5b6c7d20388c3f2ecab418b8eb29a186293c2a579f0ee0d2269844b133ef
SHA512533ee5223d7b074907d15be56af4ba0616332bf5b2a4ea8b0496b9d081a6203b8dd8410232cdf0094a530748a25879b6049cf737194a9f9a70f06dd496f8ab89
-
Filesize
16B
MD5589c49f8a8e18ec6998a7a30b4958ebc
SHA1cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA25626d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD560e3f691077715586b918375dd23c6b0
SHA1476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e77f63ff-9548-4ae3-9c55-3033aaa4411a.tmp
Filesize14KB
MD526eadeec409dc7d9fc97575cb8be6834
SHA10c45337ba40d53d6537aca6ecffce1e5ea0cee51
SHA2567eca65732aa89fdc777f2eac430746deaafaf634f7a2d36352a759b85003362f
SHA512f06ed0389edebc41360b3ab5fe4cee0e7e753e0b405d5865fb432a6889d68532e44a065896f1e97db94aaf1461d38e399a2f7991e96754497d7d7008cf00c5ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f934443b-cb35-436f-a2d6-f125827b05fd.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
44KB
MD519b20382fcaba2a6e7ee9db769af8b1a
SHA15f041e4efb64e5d7032cac5f6c1d5afdbff3e497
SHA256bf1d4d6f8551440a0a377c3e6b980ea127c51c9bcd700d789b9d34433037e668
SHA5126823b0eb4abd46b056787810cc5b437becde04b57f8b24cf933ae8e090663ed35b81bc438b906d53bc767d6d4ade123b585a792e4393b9b2682feffdf0d43729
-
Filesize
449KB
MD5dd6f0e527ffe6bd701f446692c58883e
SHA1b6f37230e7f309f739f8569aa69d31d97651854f
SHA256b06eb39e7429e69408a047b482575c988aa7a641b9b6eba535dff62c1faecb65
SHA512d48f36ddabdbdd3004bd37ced17c21f29198a50edd4885c004f348532a3af38918202fd0fd1e8046e075c53d0c6c996e12241ad356757879419c446c52f926c1
-
Filesize
322B
MD5edfdbf68321f172ec21340e0da378f53
SHA1f23147c2611d56ac543935195d6530e2a0e2005f
SHA25601791dc496055aef62295c405d47b722942f99e0a3447b99cae8707a4580010e
SHA51269a516c37a3ac4bce0933daae5cad1778220832e2b706c34a631bd711b82ac6e9fa5084ba6b41188bfc40c7873e39526c162f415553000174875e48c883ab284
-
Filesize
340B
MD53399c8adc9dd240f2702d8c7ec7c2676
SHA17b642b72d8720c32ef8e9ceaf7707fcd83508abe
SHA256f391d7217ad9c0eed32f1fc366b8b4bae232c9a14184e976b2d8cc4956acb67e
SHA5121101665ae874cf098609a1c50ea814d240adedeb477256d054e115e248ed3f69647fcdf16221fff6e28451c37fd2246c9d6f236f6465645cbf035c2fb873e257
-
Filesize
44KB
MD55642f9a6f58e2cca28285df04831180b
SHA15450f96fa67e41bdf203a3ea090f8c185b8f7765
SHA256287df8d35bc7d240511cbffcdadd9f9c9eb6312a8b61b114b36cdb3e472bffeb
SHA512670e4dc58ee81a8c5caffe67f86286047c82355008e6f0b1dc34b39de7dec2d24ece2f055f83fbfc803d5da94d565212990b2175bb6c70c46f9c05878e7a9845
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
11KB
MD5bcd2f9bc6796460f712931dc349f066e
SHA1e6859c5949c14b4ec56215f72f21873495aa6e8c
SHA256fd30d828cab2b8a499d28dd04782c8f95ba38cc12461eb0e21696cb3dc19fbde
SHA51206daced0ec3f87dd02730918094c024154bdacb3fe18f7e07e8469da20f618475bd5131fe58d13ef9e7b7a1604c91c4a94aa727bbb3feefa0ebae495355d3e8d
-
Filesize
12KB
MD527f6f0efdd01772778d6ea50d62ecd97
SHA1d298c6f26db48151513004f80b27b7de1f318fb5
SHA256ce063f402faa4f17c1876079871592076b1945a00990d310d6c92ddc7414bfef
SHA512dc13075098a88ce947862ab75bbc96e4f9afdf52853b41bc3affda2fcdf5d70d2113f9976ef9cbae66de40e6bff499e712676425f2f25e75c01d16531cb539d6
-
Filesize
12KB
MD533b8fe46bc52c5b22f6a22dc59ee30ab
SHA13dbff9291851cdfdc71e4cb0af4c7a5ed860d612
SHA25654fe01f4659640ee79f9eb243788e5843e70f3d8138d359f49e32f4da1fa6f1b
SHA512712aa4f0229db2cf2c4243586661408ba7922dd3907bf2de3349c42e8f4b53685b81918ab175fa2e96afd6112d8ae3a87cb990f4d29033799989e27afd030796
-
Filesize
12KB
MD5d90cddfb052ec20ad782c3ae03d82455
SHA1c8188a6354285a30a7851816a49e7df5e6c098e5
SHA25635e5515391471cedec70202ad2e522791a59872bebadc217fd7325725b93cac0
SHA51249590cd3f81f224434183442c49b0b3fa93d4e22a4d582ba5acb81560985dea4d8e1e7474f220b660d19e47082b2ac7b2c21801490f63db4087a17b3c48b923a
-
Filesize
12KB
MD579e0af80d83aafdbba56e37748d0799a
SHA1ef59075182971708b85f7f36f7a857000c9b4938
SHA25645ee6764648bb943e0978ea63f45fc45dff40acfe94631205b5f7d14d7a2d8c4
SHA51296e7647cdfe3dd2661948d85719d5b220191c6224b53575a14be90b0bf9d6f365ac669a2b8c50059d44c63f2271350ab8471007efa71e5b027113aa9911d3572
-
Filesize
12KB
MD53a9d22f98ba31f767194812505cf0fdf
SHA1d620b5e12892dc6ce8e40492cf28e8b93198b2e2
SHA2568b0bcf9f6c95bfc639f13641b89d614c8e1be42578b60d8e86b94a6065a6d911
SHA51233fe1ef3976642ab0a360d7ab1c4eec34066a555d365d76940be2c1f4a3d9a42f0f9fa341119552906e5e6f37095406e82358e731d57156376da78845f026b40
-
Filesize
12KB
MD5414b643929feb269dbf60638ffe36271
SHA174aa687dca7319f2aa2d1755957ade510b66d0a5
SHA2567c9403207b34b23b3ad55da33c4daafa6b2f63db4cd3d996df76950dd4d0e24f
SHA512a050b699bcb4e4f71bf845083348247f521af03e65b70dad62f1633b135c6a51c4ec6250aff98bbca94b5f74dc2423ce3251b2f10f253b06191580fff3f6f1c3
-
Filesize
12KB
MD558c2913e159ddda4c1631707a548ed7c
SHA11f8576a18084972dc67d221739af112917aec9c0
SHA256d9107cffd2ea1483dc326762de267c830c277d67d944118506e48920d5086384
SHA512b22cbf82a9c9b71165b337fd5b067f877b477031ed93e803a0f60c57c3a43d90bb70e37fc74a1cb20c043941d83813072d34293dc81807bad3a8780f7782a6fe
-
Filesize
12KB
MD5fb93f07b6b488842bce695dc72ec487d
SHA11d6dd86b98963c41c8a96de94eb67fd7dbca3b3e
SHA256a5f329ae12fd4d99bef7b049d406cbe86a5807423e950b7a089e469197a7c8e5
SHA5121327afb94bce3a3bf9d5cb353b68390ce112ec759caaa687dc163894b7d27573d25c52b8bbfdc4e15d54125d5b6f3f6bd9bba4ba7d093d969d43a3036f696af9
-
Filesize
12KB
MD5aab5defd7b77a93e1a5efc1964e43895
SHA113e120ad7a9a8dbfe6918d293c21516800953883
SHA25647602ab5e24ca8079f762074e8eb35f5bf5c44132b9367413ef1ac31a9acf648
SHA512593d650a9a45091ede412d383c83229504ad966ea2ddd80f5ba46dac4cac70c7f68331d8cf445a749207a965d0ec68bb36cf9da1e38a9268a1b3f3f6a23089f1
-
Filesize
264KB
MD56dd10bcaa629032f0e39b0a383f3a440
SHA154b901b1625ee1e61a49f832a5d8ae7af138e86f
SHA2561b681d5e3c39c1d415c95be836167a390be40989826d5bb114c3548e4b56b399
SHA512d1728616fd60ef5249c1ffa1c117ac0404213b47a23b050aaec6fc18d93cd369cf0c0683ff81f6bdb80c7a0bcf749a6725e0beda862458b280304a19ac5f4548
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD50f137da24a7f95c1f5efc595b7dea47c
SHA1a92df2e2f6e5a988251ecba9753f8261991c543a
SHA256d7780e4b261a6039a80cceb18531df7678e321593e5bd5ac0486edc9fae5d5cb
SHA512e50f48c6cd15d381370356ba1e7425da8d5a57cad875aa9fca73a2c13242f9c64249c2ec1959b46129aee4da2802f357f60526f924b99d433eeceed3c701cd9c
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize10KB
MD599054564d65459fba74d35db62b4c5a2
SHA18d223d5f2f521cf641f1ac887d53d9faaf42ec14
SHA256e9cd52d6530d9f8953eb3d4699f1af0d52ddc0dfaa312f5e448fe71362f4e8ab
SHA512e7b26d4d3bc48265507611f75211700943545273134c458d30355b903359d7e58c24a9dcfeab70ec54964b7eebe50a27a6ba1049d457a8593f5e2d2a84150f9d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5e1faaa0ffcbebb93831a277f501bfe80
SHA1a2baed66c124f86b6c849566f6121556be92284e
SHA256ad2baca1473bb6989e40f05a57abacdf7a49b8a7ba047ebf7eb57a66f21060c9
SHA5129e9de17309878b58b7e3ae3a5ea82c3b411a4f8a8db450fb5c686940d63826e24b38434c71d576928206cfd8e0409489735550b901c7f9e9d300cfc1b53f2dc5
-
Filesize
4.7MB
MD51d0c228d384719d8348c7ca2213055dd
SHA1a994f33dcd502f50c5849075e06f4d0e9867aebd
SHA25688f12c6fc3de84fd90dbdbbcc877f883d462b6ec5882631412328e89493e759e
SHA5129d5b16bf855b4971f65f62f54934648ae739171c19b55e14dff665377c70ebf76cb8fdb02b2d02e8cea5c1374667774f670d4c3373cf9cd89532726860e61b6c
-
Filesize
17KB
MD54790677e05d72ef7429dddf35562bf4a
SHA14243d6ea53db7e8cc0c355e70d6cffb54787b90b
SHA256319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96
SHA512a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3
-
Filesize
14.5MB
MD5c660d43b5e0b2ff09e493ddda17da8a4
SHA1153538de767d4560acbecabf384d7603c5d569b5
SHA256846689d356bc79f072fed305191a7937e80cf4f14f6ed073b85c785f8033b690
SHA512779112a7b21d0f956f83a98ffd6e5a248c60004537c22f6970218caf574afe3edb29be55177d5eef9a16a011dfa034a7d78eb5352696c106fb0d47714f47861f
-
Filesize
384KB
MD5756150de95a13fe03025aa23c7588612
SHA1145fda1132273724139f18cbf5c66423e441b180
SHA2564390227ed5fb565cb54ba52be92600ff78ab474a309445d956dcafc68949c17a
SHA5121bb858b307527095b35913f3e7493a41ac2bbb86f35ab11ea186687b881c62e844fd16c823d0eb58c6fbc199a6d8fbe4d1ea1188bf500a817f476465fdd58491
-
Filesize
10.7MB
MD5a4372ca679b0a4e8107a5d3155a0baff
SHA1dd8403b2bc0bae24e4543be08c6204e265920764
SHA25646acf6e9ef69ce0b4b1047761d8cfa51a702d21c669e5c5aca5b1dbada52e1cf
SHA5128c230f4243ed1ebb1f35d697016f417fac5af6afcbc9e7607c015837c1a48674d6936444c2e6e245b6747fa9f9455be9b2f35caa39422204eebf61fe921180bb
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\Windows\Temp\{AF58B3D0-94BC-437F-B9BE-1AF5325C7A1F}\.cr\windowsdesktop-runtime-7.0.16-win-x64.exe
Filesize610KB
MD59656c3086081a41540338b94df6ae084
SHA1dc87b2d0dde3604437d13d2f89fe9ecb7c7b0373
SHA2566a7a85e1b9e899ce83ca29eca2e0b34126acf97675991b431b279278a03c41f2
SHA5127bdfc5943968403b787700f5c4e12d88f34bdca4569fbff21e178c17eba40f8db68135aaf426b990617316c10b86687a08375c611c4a9e5a8db8eb2c2be3e9cc
-
Filesize
4KB
MD59eb0320dfbf2bd541e6a55c01ddc9f20
SHA1eb282a66d29594346531b1ff886d455e1dcd6d99
SHA2569095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79
SHA5129ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d
-
Filesize
197KB
MD54356ee50f0b1a878e270614780ddf095
SHA1b5c0915f023b2e4ed3e122322abc40c4437909af
SHA25641a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104
SHA512b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691
-
Filesize
744KB
MD5a1f68b5ec6da37ffc65f12f106d70f3d
SHA11bef05fa3f179a9ad079326a5a38b7728a81967c
SHA2567c01b2af6cd178d88dc11b2c12840beb0b08f8dc4e8958ba8d7166759e0c64b8
SHA5120dc65ee5f8a4720012e678dbeaaa44df10e12ad7941f4835c37a0d178abb7f282d0ee13e7b45fc56141489826c3c980020179ffb5973989a463f4aeacd188a93
-
Filesize
804KB
MD53db1b0ad874499a5bd80b9ad2ed2103f
SHA177f02d58918daa3cb25364960a1196ce2f711d0f
SHA2567b32cfc57dae7fe08f7ed00d54771107aeb4b80305a7269f6b9ac2cb19710c35
SHA512e2214799e8febb31e2dadeef8904e5692fb94f916500960642b780a4b68f9bd2d8d7e62d579418bcced9a7b0f7ff958e672783fc019617d17499e8c5e1b777e1
-
Filesize
1024KB
MD558f75f0b6261762fcb57604d0aecaac8
SHA15307edb7ac9d9513a0ae10369170b9c7a2c533a3
SHA25640d71992b3cb08b27ff96af388f08883afe775e96aeaba84b44a2b5fb3c1c2c6
SHA512a4e8234df0b7059176ca6bf7531fe3489c7f14386d20228d926685168fc6929e059cfec534cf4899eb997075ae48f3fd3ed798e6eae547be771838daa9c5c7ba
-
Filesize
903KB
MD5b80d0db328e9dbae8213030a2fced41b
SHA127ad69b205f9444c01512f1e6f1c2a5fe5d6a10c
SHA256b944e6b8959953eaf0095f561cf9e92635e23e65cabdda5d9110ba1a35456a81
SHA5124f2f9118dc0e65aad18071efad5c0a057897e6a4ead120bac56beb2b5aa611902eea6a361ae9d99f34a1fa91c29a5e15fcdf1365be78531fc43b7b548b156018