Overview
overview
10Static
static
3eeeeeeeeee...00.exe
windows7-x64
eeeeeeeeee...00.exe
windows10-2004-x64
eeeeeeeeee...um.exe
windows7-x64
10eeeeeeeeee...um.exe
windows10-2004-x64
10eeeeeeeeee...ug.exe
windows7-x64
6eeeeeeeeee...ug.exe
windows10-2004-x64
6eeeeeeeeee...le.exe
windows7-x64
1eeeeeeeeee...le.exe
windows10-2004-x64
1eeeeeeeeee...er.exe
windows7-x64
7eeeeeeeeee...er.exe
windows10-2004-x64
7eeeeeeeeee...us.exe
windows7-x64
1eeeeeeeeee...us.exe
windows10-2004-x64
1MEMZ 3.0/MEMZ.bat
windows7-x64
7MEMZ 3.0/MEMZ.bat
windows10-2004-x64
7MEMZ 3.0/MEMZ.exe
windows7-x64
6MEMZ 3.0/MEMZ.exe
windows10-2004-x64
7eeeeeeeeee...MZ.bat
windows7-x64
7eeeeeeeeee...MZ.bat
windows10-2004-x64
7eeeeeeeeee...MZ.exe
windows7-x64
6eeeeeeeeee...MZ.exe
windows10-2004-x64
7eeeeeeeeee...ld.exe
windows7-x64
3eeeeeeeeee...ld.exe
windows10-2004-x64
3eeeeeeeeee....A.exe
windows7-x64
6eeeeeeeeee....A.exe
windows10-2004-x64
1eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
8eeeeeeeeee...15.exe
windows7-x64
3eeeeeeeeee...15.exe
windows10-2004-x64
3eeeeeeeeee...al.exe
windows7-x64
7eeeeeeeeee...al.exe
windows10-2004-x64
8eeeeeeeeee...0r.exe
windows7-x64
10eeeeeeeeee...0r.exe
windows10-2004-x64
10Resubmissions
15-09-2024 23:12
240915-27aqvsxhjq 815-09-2024 23:02
240915-21efgaxake 815-09-2024 22:58
240915-2xypyaxdkj 315-09-2024 22:56
240915-2wn44sxcpk 315-09-2024 22:43
240915-2np2fawhpr 315-09-2024 22:42
240915-2m3k5swhmk 1015-09-2024 22:33
240915-2gqdmawbja 815-09-2024 22:27
240915-2de4gswekk 715-09-2024 22:15
240915-16esravenh 10Analysis
-
max time kernel
592s -
max time network
602s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10-03-2024 21:57
Static task
static1
Behavioral task
behavioral1
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/000/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Antivirus Platinum/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/ColorBug/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/DesktopPuzzle/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/FakeActivation/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Happy Antivirus/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
MEMZ 3.0/MEMZ.bat
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
MEMZ 3.0/MEMZ.exe
Resource
win7-20240215-en
Behavioral task
behavioral16
Sample
MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win7-20240220-en
Behavioral task
behavioral18
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.bat
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/MEMZ 3.0 (1)/MEMZ 3.0/MEMZ.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/NavaShield/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Petya.A/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Central/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/Security Defender 2015/[email protected]
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/VineMEMZ-Original.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
eeeeeeeeeeeeee/Malware_pack_2/Malware_pack_2/WannaCrypt0r/[email protected]
Resource
win10v2004-20240226-en
General
-
Target
MEMZ 3.0/MEMZ.exe
-
Size
12KB
-
MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91
-
SHA1
761168201520c199dba68add3a607922d8d4a86e
-
SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
-
SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
-
SSDEEP
192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
MEMZ.exeMEMZ.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Control Panel\International\Geo\Nation MEMZ.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
MEMZ.exedescription ioc process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in System32 directory 3 IoCs
Processes:
mmc.exemmc.exemmc.exedescription ioc process File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe -
Drops file in Windows directory 59 IoCs
Processes:
mmc.exemspaint.exemspaint.exedescription ioc process File created C:\Windows\INF\c_smrdisk.PNF mmc.exe File created C:\Windows\INF\c_smrvolume.PNF mmc.exe File created C:\Windows\INF\c_fscontinuousbackup.PNF mmc.exe File created C:\Windows\INF\c_fsencryption.PNF mmc.exe File created C:\Windows\INF\c_holographic.PNF mmc.exe File created C:\Windows\INF\c_computeaccelerator.PNF mmc.exe File created C:\Windows\INF\c_magneticstripereader.PNF mmc.exe File created C:\Windows\INF\c_proximity.PNF mmc.exe File created C:\Windows\INF\c_diskdrive.PNF mmc.exe File created C:\Windows\INF\c_fssystemrecovery.PNF mmc.exe File created C:\Windows\INF\c_fsreplication.PNF mmc.exe File created C:\Windows\INF\c_mcx.PNF mmc.exe File created C:\Windows\INF\c_netdriver.PNF mmc.exe File created C:\Windows\INF\c_extension.PNF mmc.exe File created C:\Windows\INF\c_fsundelete.PNF mmc.exe File created C:\Windows\INF\c_sslaccel.PNF mmc.exe File created C:\Windows\INF\c_linedisplay.PNF mmc.exe File created C:\Windows\INF\c_fsantivirus.PNF mmc.exe File created C:\Windows\INF\c_media.PNF mmc.exe File created C:\Windows\INF\c_receiptprinter.PNF mmc.exe File created C:\Windows\INF\c_fscompression.PNF mmc.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File created C:\Windows\INF\c_cashdrawer.PNF mmc.exe File created C:\Windows\INF\c_monitor.PNF mmc.exe File created C:\Windows\INF\ts_generic.PNF mmc.exe File created C:\Windows\INF\rdcameradriver.PNF mmc.exe File created C:\Windows\INF\remoteposdrv.PNF mmc.exe File created C:\Windows\INF\c_scmdisk.PNF mmc.exe File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_fsquotamgmt.PNF mmc.exe File created C:\Windows\INF\miradisp.PNF mmc.exe File created C:\Windows\INF\c_fsopenfilebackup.PNF mmc.exe File created C:\Windows\INF\dc1-controller.PNF mmc.exe File created C:\Windows\INF\c_camera.PNF mmc.exe File created C:\Windows\INF\c_fsactivitymonitor.PNF mmc.exe File created C:\Windows\INF\c_fssecurityenhancer.PNF mmc.exe File created C:\Windows\INF\c_ucm.PNF mmc.exe File created C:\Windows\INF\digitalmediadevice.PNF mmc.exe File created C:\Windows\INF\c_processor.PNF mmc.exe File created C:\Windows\INF\c_apo.PNF mmc.exe File created C:\Windows\INF\oposdrv.PNF mmc.exe File created C:\Windows\INF\c_fssystem.PNF mmc.exe File created C:\Windows\INF\c_fshsm.PNF mmc.exe File created C:\Windows\INF\c_display.PNF mmc.exe File created C:\Windows\INF\xusb22.PNF mmc.exe File created C:\Windows\INF\c_fscontentscreener.PNF mmc.exe File created C:\Windows\INF\PerceptionSimulationSixDof.PNF mmc.exe File created C:\Windows\INF\c_volume.PNF mmc.exe File created C:\Windows\INF\c_fscfsmetadataserver.PNF mmc.exe File created C:\Windows\INF\c_fsinfrastructure.PNF mmc.exe File created C:\Windows\INF\c_firmware.PNF mmc.exe File created C:\Windows\INF\c_swcomponent.PNF mmc.exe File created C:\Windows\INF\c_fscopyprotection.PNF mmc.exe File created C:\Windows\INF\rawsilo.PNF mmc.exe File created C:\Windows\INF\c_barcodescanner.PNF mmc.exe File created C:\Windows\INF\wsdprint.PNF mmc.exe File created C:\Windows\INF\c_fsvirtualization.PNF mmc.exe File created C:\Windows\INF\c_scmvolume.PNF mmc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 63 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
mmc.exemmc.exeTaskmgr.exemmc.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 mmc.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Processes:
explorer.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe -
Modifies registry class 64 IoCs
Processes:
control.exeexplorer.execontrol.execalc.exeMEMZ.exeexplorer.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings control.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound" explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings control.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings calc.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings MEMZ.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7" explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" explorer.exe Key created \REGISTRY\USER\S-1-5-21-983155329-280873152-1838004294-1000_Classes\Local Settings explorer.exe -
Runs regedit.exe 1 IoCs
Processes:
regedit.exepid process 4272 regedit.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
explorer.exepid process 5204 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exepid process 3476 MEMZ.exe 3476 MEMZ.exe 3476 MEMZ.exe 3476 MEMZ.exe 3476 MEMZ.exe 1432 MEMZ.exe 3476 MEMZ.exe 1432 MEMZ.exe 3656 MEMZ.exe 3656 MEMZ.exe 3476 MEMZ.exe 1432 MEMZ.exe 3476 MEMZ.exe 1432 MEMZ.exe 3056 MEMZ.exe 3056 MEMZ.exe 660 MEMZ.exe 660 MEMZ.exe 3056 MEMZ.exe 3056 MEMZ.exe 660 MEMZ.exe 660 MEMZ.exe 1432 MEMZ.exe 1432 MEMZ.exe 3476 MEMZ.exe 3476 MEMZ.exe 3656 MEMZ.exe 3656 MEMZ.exe 3476 MEMZ.exe 3476 MEMZ.exe 1432 MEMZ.exe 1432 MEMZ.exe 660 MEMZ.exe 660 MEMZ.exe 3056 MEMZ.exe 3056 MEMZ.exe 3476 MEMZ.exe 660 MEMZ.exe 3476 MEMZ.exe 660 MEMZ.exe 1432 MEMZ.exe 1432 MEMZ.exe 3656 MEMZ.exe 3656 MEMZ.exe 3656 MEMZ.exe 3656 MEMZ.exe 1432 MEMZ.exe 1432 MEMZ.exe 660 MEMZ.exe 660 MEMZ.exe 3476 MEMZ.exe 3476 MEMZ.exe 3056 MEMZ.exe 3056 MEMZ.exe 3656 MEMZ.exe 3656 MEMZ.exe 3656 MEMZ.exe 3656 MEMZ.exe 3056 MEMZ.exe 3056 MEMZ.exe 3476 MEMZ.exe 3476 MEMZ.exe 660 MEMZ.exe 1432 MEMZ.exe -
Suspicious behavior: GetForegroundWindowSpam 7 IoCs
Processes:
mmc.exemmc.exeregedit.exemmc.exeMEMZ.exeTaskmgr.exemmc.exepid process 5232 mmc.exe 4264 mmc.exe 4272 regedit.exe 5592 mmc.exe 3916 MEMZ.exe 2876 Taskmgr.exe 4188 mmc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs
Processes:
msedge.exepid process 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe -
Suspicious behavior: SetClipboardViewer 3 IoCs
Processes:
mmc.exemmc.exemmc.exepid process 4264 mmc.exe 5592 mmc.exe 4188 mmc.exe -
Suspicious use of AdjustPrivilegeToken 27 IoCs
Processes:
explorer.exemmc.exeAUDIODG.EXEmmc.exemmc.exeTaskmgr.exemmc.exedescription pid process Token: SeShutdownPrivilege 5204 explorer.exe Token: SeCreatePagefilePrivilege 5204 explorer.exe Token: SeShutdownPrivilege 5204 explorer.exe Token: SeCreatePagefilePrivilege 5204 explorer.exe Token: 33 5232 mmc.exe Token: SeIncBasePriorityPrivilege 5232 mmc.exe Token: 33 5232 mmc.exe Token: SeIncBasePriorityPrivilege 5232 mmc.exe Token: 33 4240 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4240 AUDIODG.EXE Token: 33 4264 mmc.exe Token: SeIncBasePriorityPrivilege 4264 mmc.exe Token: 33 4264 mmc.exe Token: SeIncBasePriorityPrivilege 4264 mmc.exe Token: 33 5592 mmc.exe Token: SeIncBasePriorityPrivilege 5592 mmc.exe Token: 33 5592 mmc.exe Token: SeIncBasePriorityPrivilege 5592 mmc.exe Token: 33 5592 mmc.exe Token: SeIncBasePriorityPrivilege 5592 mmc.exe Token: SeDebugPrivilege 2876 Taskmgr.exe Token: SeSystemProfilePrivilege 2876 Taskmgr.exe Token: SeCreateGlobalPrivilege 2876 Taskmgr.exe Token: 33 4188 mmc.exe Token: SeIncBasePriorityPrivilege 4188 mmc.exe Token: 33 4188 mmc.exe Token: SeIncBasePriorityPrivilege 4188 mmc.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exeexplorer.exeTaskmgr.exepid process 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 5204 explorer.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exeTaskmgr.exepid process 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 1692 msedge.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe 2876 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 56 IoCs
Processes:
MEMZ.exemmc.exemmc.exemmc.exemmc.exemspaint.exemspaint.exemmc.exemmc.exeOpenWith.exemmc.exemmc.exewordpad.exepid process 3916 MEMZ.exe 5088 mmc.exe 5232 mmc.exe 5232 mmc.exe 3916 MEMZ.exe 5352 mmc.exe 4264 mmc.exe 4264 mmc.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 5124 mspaint.exe 5124 mspaint.exe 5124 mspaint.exe 5124 mspaint.exe 3916 MEMZ.exe 3916 MEMZ.exe 5732 mspaint.exe 5732 mspaint.exe 5732 mspaint.exe 5732 mspaint.exe 3916 MEMZ.exe 3916 MEMZ.exe 2000 mmc.exe 5592 mmc.exe 5592 mmc.exe 3916 MEMZ.exe 4364 OpenWith.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 2588 mmc.exe 4188 mmc.exe 4188 mmc.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 6796 wordpad.exe 6796 wordpad.exe 6796 wordpad.exe 6796 wordpad.exe 6796 wordpad.exe 6796 wordpad.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe 3916 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
MEMZ.exeMEMZ.exemsedge.exedescription pid process target process PID 1572 wrote to memory of 3476 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3476 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3476 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3656 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3656 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3656 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 1432 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 1432 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 1432 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 660 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 660 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 660 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3056 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3056 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3056 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3916 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3916 1572 MEMZ.exe MEMZ.exe PID 1572 wrote to memory of 3916 1572 MEMZ.exe MEMZ.exe PID 3916 wrote to memory of 1664 3916 MEMZ.exe notepad.exe PID 3916 wrote to memory of 1664 3916 MEMZ.exe notepad.exe PID 3916 wrote to memory of 1664 3916 MEMZ.exe notepad.exe PID 3916 wrote to memory of 1692 3916 MEMZ.exe msedge.exe PID 3916 wrote to memory of 1692 3916 MEMZ.exe msedge.exe PID 1692 wrote to memory of 4084 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 4084 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe PID 1692 wrote to memory of 1884 1692 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1572 -
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3476 -
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3656 -
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1432 -
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:660 -
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056 -
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /main2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3916 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵PID:1664
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:4084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:24⤵PID:1884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:34⤵PID:1684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:84⤵PID:2656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:14⤵PID:640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:14⤵PID:5048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:14⤵PID:1444
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 /prefetch:84⤵PID:5388
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4304 /prefetch:84⤵PID:5404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:14⤵PID:5496
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:14⤵PID:5504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:14⤵PID:5764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:14⤵PID:5772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:14⤵PID:1900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:14⤵PID:1524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5788 /prefetch:24⤵PID:4952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:14⤵PID:2628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:14⤵PID:6072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:14⤵PID:5376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=208 /prefetch:14⤵PID:3460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:14⤵PID:1072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:14⤵PID:1224
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:14⤵PID:872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:14⤵PID:4504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:14⤵PID:1888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:14⤵PID:5312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:14⤵PID:4984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:14⤵PID:6024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:14⤵PID:5124
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:14⤵PID:2636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:14⤵PID:2800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:14⤵PID:3992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:14⤵PID:4744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:14⤵PID:3068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:14⤵PID:4872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:14⤵PID:5956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:14⤵PID:5448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:14⤵PID:6072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:14⤵PID:5864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:14⤵PID:2588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:14⤵PID:6988
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:14⤵PID:7092
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7864 /prefetch:14⤵PID:6784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8100 /prefetch:14⤵PID:6372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7804 /prefetch:14⤵PID:5464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:14⤵PID:6440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:14⤵PID:5624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8488 /prefetch:14⤵PID:6744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:14⤵PID:6548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:14⤵PID:2208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:14⤵PID:232
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,529677027537267026,17286099274816518486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:14⤵PID:6684
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
- Modifies registry class
PID:4032 -
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵
- Suspicious use of SetWindowsHookEx
PID:5088 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5232 -
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
- Modifies registry class
PID:3280 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free3⤵PID:5220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:5300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20163⤵PID:4244
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xe8,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:5136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself3⤵PID:748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:2824
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵
- Suspicious use of SetWindowsHookEx
PID:5352 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵PID:2868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:6100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:6116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:3972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend3⤵PID:5984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:3948
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵PID:5256
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/3⤵PID:3276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:5648
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:4860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:6120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:3728
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5124 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe3⤵PID:5860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:6052
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5732 -
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:4272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/3⤵PID:116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:1852
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵
- Suspicious use of SetWindowsHookEx
PID:2000 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5592 -
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"3⤵
- Modifies registry class
PID:5528 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:5740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself3⤵PID:4908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:3968
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵
- Modifies registry class
PID:2236 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt3⤵PID:1796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:528
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2876 -
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵
- Suspicious use of SetWindowsHookEx
PID:2588 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4188 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money3⤵PID:3204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:2056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵PID:6924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:6936
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
- Suspicious use of SetWindowsHookEx
PID:6796 -
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122884⤵PID:6868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus+builder+legit+free+download3⤵PID:2172
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:6768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:6188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:3352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus3⤵PID:6436
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:6464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself3⤵PID:6640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:3348
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=batch+virus+download3⤵PID:5132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff96f6546f8,0x7ff96f654708,0x7ff96f6547184⤵PID:3116
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵PID:6700
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4196
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:900
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5204
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:5352
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2ec 0x2f41⤵
- Suspicious use of AdjustPrivilegeToken
PID:4240
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:452
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4364
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵PID:7120
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
Filesize
194KB
MD5f5b4137b040ec6bd884feee514f7c176
SHA17897677377a9ced759be35a66fdee34b391ab0ff
SHA256845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6
SHA512813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40
-
Filesize
24KB
MD5b82ca47ee5d42100e589bdd94e57936e
SHA10dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA51258840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383
-
Filesize
317KB
MD5d53087069c1ecbeb22a830027b2caaf2
SHA108160f3ed090eb1057fe0c7e08868c9f73abc907
SHA2564ba0eaf9cc5cf2e294c2bfd7c906021805d9b84fafbc791bf614082b0d39d8a8
SHA5121bf67ec2269717f2f5e6b39bd2592546e6cac58609ede247111dfb2cf363d998db11b717f7713ed367187ad131c6b11fc5764f589f78937180263a12c1d04c57
-
Filesize
18KB
MD5709208bcead5447196f4fa1e50f41cc1
SHA1324bda626d07ef510e504c66e2d2d74ce972838c
SHA2562a2338b4be512ceb9a02e453e614feedb0db1cbb631c8ec14b321835eb85ff70
SHA512c3b2a759849c29d9b5799fe846555098ee2455ac5b7195ff5b8f929be8c109223a4c4c0524e6c7839607226f7dff8dd5b3e2d4a9a0e3ad310313ba63dcbe475b
-
Filesize
289B
MD54efdc3f9c3d21e3ad986f627d75b870f
SHA118bfafa7e6d4e7f384623be55843ef385721937b
SHA25661e2595bbb0b89348c1f041e741350a6e903f4e862037da86aacd910615f5f2f
SHA51273b2ff2d56693d8abb4d4dcd7b972c061932cc3052c8e5a4bb508f50393f8c0c6f3130224c231cdfbcc57fc41688f28cd8f506c034ae613805c04e553441378e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5c0fac1cadc52686bf46c1009c30aa22a
SHA18af0fd4e932a82ddc688c3296560f6ce07d67727
SHA256c1492029a41a5335b2e5cbf5924ef8a67fc30a1101cf704cd2ce706fc39ae2d3
SHA5120122182e8791bcd35e7295663a77a10a83d298c5ec7eb12847c5753132a0e9874ccd2e57f26c4659ed9cda4bf0784a7f7083fe16938e807ef35ddee8fb419fd7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD547ef5490224b5aeebfd45e23413edde6
SHA152b40399fe246f710f3948cd59e07babf5b00b33
SHA2565c6352afa60b9c43b8bbfc2dbca546c3239f646f9069294f7a082dc0a4518b16
SHA512c9fc7af39aad9d035c342d87b470496dd8be0a93f55610a5bdc7d2dc1d7b65ef505191d6408f33ca6499afa252b1ed2b9b0d0e6a3bdb23153a92d93d3f22d41d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD59c1c25948d763cc3f82ea98c476ec9cc
SHA12c0338058b34d2a47209bba1d2d5e81b4a4ad70c
SHA256def40ba8a876d6f435bae8b5704d2d1f980dd81a18283d3028b88effdb93b4a2
SHA5125937ccf27023450d69500e47aea6bf9d34954a3551231bc6db8a02fced20fb5ede4a084fdbbe3cfd89f152828b22095358f0ed1e43248028f5c2594093143e44
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5fb80521c5f27e9ba103afdb284184bc5
SHA1b87b23d0e028f4e3c20ee3d0dbd09ca67db30477
SHA2569f96460e59128a0ca310554fb0d8ff96de37ca55b366a41157b1fa75c28bd8a5
SHA512c3a55f15ffaa93ac2e0bc5ebbee4c12b82fc790e9bd0b2ee61c26740cb9c25ccf7e0a6d35f53d20ce74a7ce280696beeed0f1a6c354f1a974e5425ee9de5f1ec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5645a39747d33b7697948f9633716634d
SHA15559808df2e202d0a4d6f0cfc27ad17fb33045f9
SHA2566a1ae8734f854e86bd74ad47b68027eea5585307e7838d3839d3661528fca6a6
SHA512119b43f13e18940dcb67584029a11340151bc7c73456b1a35632fb4db84d1258ba335c7e6146ca221135076b2e2ee04fe6ef6677ae2f32f5e6e38641a043cab0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD585fbf71f62e10b7e9b139577874fdbf3
SHA1a94c90a649e76390f44abb6560ff6cd3536d0791
SHA2568d87d1ab12bb4453cad5295efbeb54d508b7a7fff4e6c1684c5ed50ea21f9274
SHA512746b3794abb3877a1e2a96d5bb48e458006a72695bec7c2480c5d578cae19d184acecdff7475b930758c87546c6d2696f6a912c81a39634003fcfe886caa90b2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5691dad135158472a2daf227d9f2ba64a
SHA16f96f4b261f96b2c55cb033207124b0e268fe4c4
SHA2567a4fd52b19ac5e63d545858461730947ebe0289bef82823f1db01e8cf788bbd6
SHA512126256a3a901b1504b92218491a7209778349e1231fb161fcee8ac959ab7265c9fa4e2d8407505c5e958050298bbadd86101f7ac4bdadb2f08c311623add300a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5b4f3ef79966e7895e0d4608b2002ebf9
SHA131af19ea8090902c2c6d98152911f9551409e174
SHA256bf0580b25de21e533e41282c7e5bf865fb9742c6bdab899dd701ec1fdb67c00d
SHA512b83e4fb86dd741c61e7605d3de53f2a9f1341bee06b718dd955963f3ec2c6a1a052649328747e2deaa01a15ae08c3d5232994c86ea88d95bee171233e7510d5b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD5806ece3cd1cbd12d64e244c373a0aae5
SHA13aaab537254980b9584e52b56ff9752b54428e94
SHA25665efaa1b4e348ccd02b0419dcc088d7f42afcfcdb16f99716e866409d0db297b
SHA5121a37677ab91d86f248f73c88451cc0547163492376e2d4641e32fb6e1de020db0b7fec11cdef5d2382f2239a52beb896ec79d3f8130acc24c5e6a882dff817d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD55c870abec49adc1e21f3413dd5278bd8
SHA1043059a5d7eed7680ec94f88833da68747269d8a
SHA2560295159ebc00a6bdf7fe1de69e4ba6dc871462526dd71ac83f6df0ac2e1253fb
SHA512dede70fcc780d27585578d81d79dde375d96c0ff7a967ef8bdd07b6f77734acca194d052f40e12833bfd1f12a8e799de35ca7b77116f2a59e3dc35443340d3d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize120B
MD507966dc49b5ab2d32d8714138a46f366
SHA1cedad48b736dd71ef6585a18a20265adde1b81a1
SHA2568ea5cc43b8645944808d9a8066b345bafeebcb7e23b2e1b31dbfe12a2c8f19f4
SHA5121a1c0402ce9a85654ced028578b6de12dc78237b9abfabd74597154525777c16d066da5f2d581f610be7e060d28ed7f22ae132219f25cd11d1efccab64338a2c
-
Filesize
1KB
MD5611e9081a4f57413aacb58643609e9fe
SHA1d62e5a7772f75951349ad77f70ed1fcec8b1bb4c
SHA256e369fb964b3da2a821f3cbc9dc3eafafe1ed648e5dec3902033f37be18405e12
SHA512cdb6bc9f345962fd67d5a2c514bb740d27690cf960ae855440eda158d52c7e605a1811252bdc25e03bafdd69a513aa4f20b09f0993208913b12556fc1f1daba4
-
Filesize
1KB
MD507826b04bde1f8976f099eccbc5c4bd4
SHA1550553dac18a6a1718e4558f556b52ad6c6db2b4
SHA256a1201502f12cc973015fca1cd952349973f61c62cac2817ee5f416d37ee6f1b8
SHA5125a582f251a56e816ec9efa86964f772f77e0383d4a58b3b2d8528aa0d3a082b85db8ef6331ae7838a1c7e1634b1ff4d23604af54667756bae9ed8c7638c953a5
-
Filesize
1006B
MD518ce88e09f92b51daf1459dd490e66ac
SHA191848b14256336b11aaaa9879504a75298ef034c
SHA25642569a1e033a10f2e83108b3de8bc8318fe8ccee8b6bdbfe87080c3cd0fe5335
SHA512b58d9e7ee313c39e9491ddf27e0abeb0546d1cbae01f1caabddcea8880504c7442372aee196faed318ef20f639715cf85ae3184810170b9a63067daa7c2a2d42
-
Filesize
1KB
MD5a1b12166e2088ff7a5d24b69f4466562
SHA14d98951d15ae7778e10fd6515ababdcd29e23577
SHA256fdff2331dd11039ab7e881ccf63b3fdc4ec98cbbc4b6f3b07b6c7f3f40bd8b69
SHA5123df14781c903990369f49e940daec10d10ca5ba5a1e070b7aa31b8aef58ec7cfa0e52c99d0309cd566a1f85edc4325e2fbe18cf418eac3f80afa6189a4bb4622
-
Filesize
1KB
MD51622c277a202119dd33542fd6970389b
SHA1e76f03e6455a494fd0d823d5650747b2a72fcbd2
SHA256f5910a4e44eb698ff197aef890c0db84a3a667c03150c3c86d0acac99d65a9f4
SHA5125bbdbea282819663a17fbbd2c658edc2706f3ee20e51cab67088d9c8d7d108017dd0f4612e519eaa2e5a7075f06420ba536cc31a81fc97307921b3930bdfee5f
-
Filesize
6KB
MD518555d668e9d2b936b4ad9efbe5cd74b
SHA1c1b7e7ed9c738d1f70d8c8755242c584bf07e019
SHA256c75ef390ee4de3024fa34c4cd17fd8b210ef041ac699aecdfe0c87025261c0d6
SHA512afc66f05f24ecf5e48670690bfdc5b0f212d709ef57f27b387d3f8f546a683ae78bd738c51efb9739e82e362de96634863eef1c8a43c1c0ee97417f5fd0a0f69
-
Filesize
6KB
MD56f14a43ac775f628d3498e52ae90bd70
SHA16124a67505c591b276068468bb10980224370f54
SHA2567f31d96cfa9b93008c76dc8eb509234095cb411037fa4f875d4f2c572b2cece3
SHA5125c721998b3c6af4b703aaa180bfbe7d24eec541f7031d8bc1e0edc8176b793c8cf02f78d4a3172785f34e5f5393a77f1382f85db4546cdf03620787271e9ecbd
-
Filesize
7KB
MD50db5aca165868fb27a5f9a97a951c0f7
SHA1602f4ccdb6c29e5308397df435a1ee8006541770
SHA2569389d5b3faa9407ecba939e0e5c4ee0c4e6abeb7d7878ae888478a3ae73509dd
SHA512090f57153b5b7e0e8aec44e8b55d7a593845a83e72893d620cca5ff05b45762843047cde40a960ce9aff19551353ca83931b642e58ff73c02e35f1378ada7b17
-
Filesize
6KB
MD51762d3f874e28e4adec0c723b75060bd
SHA1a10d199f8480901a6397fab4825e37ba64a34dbd
SHA2568b9715e12e4b1312abeafb6848efa36dae125708c9178e714a6fd9f78e0699bd
SHA5125c99ac4a5635b7886d8e5452ce23f5beef54746df6cf1c100eeb2c28a2be8237857c31ca72c371f39b0391d82a9628a95d0779b51a1aee45503ff775aa18a3e3
-
Filesize
7KB
MD5f147eac3b8879f2cd5e6f98a0d788437
SHA18397d044e067914a0975f4b7eb5e4d4c320eb689
SHA25685091e8bad43163db82ca1a8908d53eead1cb15c206aaa55ec05c97aee9ce11a
SHA5128f3703bbca2582cac73f4143e6b57591e06ecea44c56d7e0d74d9c041959c654107b6517fdce094b8661aed0089ee0eff2624a5e20e7967ddace042b5fb870e0
-
Filesize
7KB
MD55af166a45fb2474e7e08b122240ee315
SHA1cfbf3825e610cfa83bf890e45454548e44eb6216
SHA25630946e50b1eb19fcd264b9d23655e7b3f93589334a9e794b67b7b494aac528f1
SHA512def6846d6a30452ecabb4ada4d6efd7a0d3ab54ddbf9586f874c2a5703f079078f3fb0449123f77bb335786d7dd39ecfe0a513415dbe1ac13bd2d22b2a9342bd
-
Filesize
7KB
MD5bc98adf09458d8878500e9f422708e03
SHA1fc8659d2160b6482d77dc4954e07e743883f7980
SHA25626446545d4c446bbd635b4ce377fdc3417d9a9c28230d412f9510f3a073eb193
SHA51260f4b4e0400e146dcf0a629dc144c122eab84ab17d6dc0e761b6820c0c4438464533c107f8eaa4229d235f8aaa2e73c8bebdf3c343246f1d961ded0ae7afb89a
-
Filesize
6KB
MD5b567fa87fb807e54cab36c63b6190b5e
SHA130268b040f24ab2ca47b923127364c989b858c66
SHA2568a49bbf30092c8d8a9900ea7457dfa0a9dd8f48fd6dd4710175f0aec97df9b9f
SHA512c5a2588fb30dc5de04399d7ee586dc63cecc854e72ddb9fb180c1a3aac6d8a39478131625430e12b3e1753606a0e34f67e6fdfc583d3dec2b3903f366166da08
-
Filesize
7KB
MD59db1161e57a949e0e0eb95deb29445ce
SHA14c13c2062d319f432e7fff8374c2fc7af63e4e55
SHA2563caaee14a256b232d37663ae4b9027fc8da84032cef3b23ff80c12f7ef8fdf3a
SHA51205bec69b63ac96d031394da1f0d659715e8941aaba4484acfbf16d1d1d804c7bedac82701ff9a363757cc159208ddda3bbb6d663c7508ca8e50a69f9749d864e
-
Filesize
7KB
MD53f8e2822d64eaefa360730336f8c1726
SHA1db104517b5429233504d06e753bff033f009de4e
SHA2564ae057154e03ed1f7304af260c06b80d00e812aed86b000951f85c055a07f719
SHA5121b7167b53c9defbcdb42c6c058174ea01982b574299a7a1dc8176c2c8cc80a42f7ecaf398adeebf50910684eb1594a499dd10223bf5fccc01bb117d25ef7b45f
-
Filesize
7KB
MD5dfdf4d2b243eb77764f80fbd289ee0e0
SHA1959596813796455f8ee3ada3bd783b7fb928476f
SHA2560876c6e46b421c95108cf40feb26f45ac974b2251447b6c0b394db55b380fae9
SHA512cf52ad65cbe469d00b98879e9bb73d0f0529023da7db29263b9f0c0c154104d6159a769b98e57d6821095e511ee2e9c7a7580371accfd28802d4250e57e813e3
-
Filesize
7KB
MD5e8947c43531069e8a4dbc5523f1aebc2
SHA1a4bc54d289836c6de0eb9ebc88ebd9e9d40d12d3
SHA256f8765d3e1e3658a3e6e9f3e31b40484130ebeb9ab183a33fb93f5d13a6ef747c
SHA512f26f576478d9c27ce81550668c3b97dd298586b03e557162c7298524377b5345f271070b917534f21f3bbc2e61726bbdb587ffe74e7d0a5e8ded05568b7732cd
-
Filesize
6KB
MD58b320a8977a29d3ba1be780ede333eef
SHA1c91e119b53753cf7620d1e9a274206d650e5bdcc
SHA25656d54ca7e92689ddeead6e32c746c5a9c28cfb1730d3ac709afb21b54c8c2140
SHA5126d062ba66f2ee4fa75d2ea11e0107e5d236c5d88db619b6ffe458f9fd58df1f19b2fffe1a6a0238adaac3455920c6b372cfccdc86ef41390127d54462e2a5bd6
-
Filesize
7KB
MD5649c1ab8f41998097a0a57486dacbbc2
SHA16cd00b40aa467036891519585a4c8d453f870b92
SHA256dfa5aef4a9cab35894526a815db71854b5c1ca03687b28fa37850fcbd7a3261d
SHA512c3fbbf6c0c98bd767726dcab88a5ee6f776f2d33274fbc3d95f4129ddec85074035b528ab5e21c0feb4a939cd824d3854bc2fe316aa4911669b046b168962ecc
-
Filesize
7KB
MD591788d938c1003a016601c5664f2f15c
SHA1e7b2fd9f3716616e79727ca5f42d1ec37d55a1aa
SHA2562ae1c9042f50280e29ca78593c6791818ca167b3a3bc55b967118a99ba8e6fb6
SHA512375c1d2743cb32e7ce0bfd9ac438a5d65ad966869e694cabd299880f30c80a45c243947ee23eb8ea01a003b0e4ab09a8f8024d20a1597c4f7d63715b351b5503
-
Filesize
6KB
MD576291f755236cd33e7150e48d9bf8ce5
SHA1be77b29fdf6343769b3640f59300f5441e46ebb7
SHA2565691e4c641c6f08d3c4d5d9311ab9229a38b66127bb4886ace13ecb9f66c1c8b
SHA512b81094f2dcc1c6dc15ea4ca6798ba37aa14c2410a3833b52f84c988e8c83f0b6253f1c5e2dd37b5ac116e2cdc82b5f57e2c7b38e7325a14b40cb0ffad0b5a754
-
Filesize
7KB
MD5ae6654492c6a62abee78bf6b81411579
SHA1d1dca36d0ac633ce30ac4117d33f0f28cc598f50
SHA256e232122d56af5802ada52509c5653154b33a2ba5c91df9a1cd5254a5ea1312d6
SHA512bc76da160116dce2f915f66691372bd2c59d7da749ffe4c570b8c28f8b97610c4f41b4d8113bbf6fe06c5c8da2a100369a789bf2499a8e97ddaa5f68c67a74ef
-
Filesize
7KB
MD56bd9400c2387649130d387d4a34770bc
SHA1f7ed61ec82664b74cecf6302a20e0fdb1a207b3c
SHA25664c97c3e3c85db1a653c03bdcd957129e999d008036256eb980c20fbac32fb06
SHA5129fa0cbf3cfc25bb06cda756cd4dbf029e850a8b76939f767e1ac9ccde94698ec69afcbb5599342e278fccb7c7b98f159699b22af6f86d0816a02ae41e31abc4d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53482d6f21c6f0f7fcca2764bc97444d4
SHA1220cd2ad56a708240b587afdd99e49a8d05a8952
SHA256d5e7fc531b5153724dc5df058ec6aa036fc3256362342de05ca6d2dc0e5e002b
SHA512d0143a037aa0f099241ba5a600d177a11d60b5ab241c560addeb804f4d03e21fd916fdad551c83cdf5bca2211f86cda48956d586fd7b8aa20d4974fbd4f74b79
-
Filesize
12KB
MD5bf17a2f614fac24ac564a5d1f98d30ae
SHA1b23189913c6fa081f75d4227989e9df2b83bc311
SHA2560cefca43765c4fe0cd51a14db0795c44425bd99a5a16bd4f710a72be3d9487db
SHA5122ed37ccbdb77a0c7b54fd45e2968f0c1f5d3d78f33816822c38db36d76360abb6d735083f8b14e599ef08486d697605d4a4f9867c74bca061469ba17efab6dd7
-
Filesize
12KB
MD531ee628aadbc6389e437db9cbad9c2a6
SHA1d6a5db598f425da1f6b90db0f693a5420b059ca7
SHA256f7b55cbe816fbdd398ba79d4e164116e50aaf786d85401926b27a1029de0cff0
SHA512dce1da9165db03ff27408f157456da9935ca034de446427531817fee976d68324117f0f9a30fb6de2c800764ca449faeb63d8f56451f826ae1cd1627e2b18964
-
Filesize
12KB
MD539b4e0ad36c3398211c564e3b868ec50
SHA131a166852112bb1094a356116c503ac5b8468f87
SHA2561850deb11808923d91b88860619333cbd6267d1bebdf2b0165a70ebd0dd1f5ab
SHA5127d4521d420d40a2ab8b01029758541c3a95efd668ba5f767249cdf6f3ad6d38bf6fa1cbcfbfc0f3c12e58d6e0e5ffb17b391f89effb526ac7ec8cd1877f6884f
-
Filesize
12KB
MD51dbf76847264d5a79a847c0ed83abfec
SHA1ced47ec574c4360b97297c7f91425e67bb31dfe3
SHA25614518e0b3fff07d5581f7068b17a3c8851a86e8a30af51c2b667904d59e0a39a
SHA51299f3a2123b69aa1998206a2e3f77c5a5dac3883374209078781ea9c45e122a923f8ccfcd547eebda098a7347fba2741fda89df4ab681fd56ef0adcb8a8ff46ae
-
Filesize
12KB
MD52efbe651f3232d52a858f3d558bee313
SHA1e03ed3aa4f9ae98bb2097df33368057de0adf363
SHA25632d2ccb8b65bc6084e92c168f1286e4bb058f37d369fe9619f8b7a0b0a4c5945
SHA5127822d5154ecd1a962acdaaa5382e61ac15b281be06fec0d308c61dd85cfb0e58dc393b66086a34619463f049a8f369774f4d6dded72a05d33eafef74c5eddda7
-
Filesize
11KB
MD566f04341844f7c91d092a98864dc5b41
SHA1c70226446f2cfdf0792ed66f5322de99cba8e42a
SHA2561a3187647fa60f4b83ce519791fd1ac954bd733a1994286ef350a0583231ccf1
SHA5122074cd11ddc2e3efd50f6a014342875c60c80937c599e2f0f9f84ad75ee51362ea133da9908c09bca8faae75186c5dd73b3200078c30ace044c048c23d4a4736
-
Filesize
12KB
MD5d369fb0f10c1fd259092d52529213071
SHA1563616f75a59b1b486c618687b610db70554412b
SHA256ef58ed1f48488acd3a247e840a90a88d6c9902b6856e3c187b99d0061da197ba
SHA51243844ec19d55b7626014eb1d7cfbef42b8fd2137cffd5acdd9ff1a00fb235183802a7810b4a88c8f0fbb0b4931c180969142cc8c1fe57cf22cb1da426c8c3fc6
-
Filesize
12KB
MD548e44a25945d1bb057a9411e6cb0c192
SHA10260f68c04fa53dd094b48022bd643922912e425
SHA256bccace38d00819d932537e65f71f9ef51d758240022c6c3682e1ba0ba15953ce
SHA512ce67890bf42ee626ad28b59cf2b66140fa7949e2f0fbbe921cbfe1393de772f6807d3556c9d12a9ff5c2a8bcf75509c8068a443b24b34818060d5172d9f549fb
-
Filesize
12KB
MD53d87f1593d01612b6ab8d3ce6e68462b
SHA1fa8e191f017f73a56a6542683ab05d646d9be06b
SHA25673ec642cb7d10a9b6170bdd899d8f8ed6169472d9cb6e7d42e22a6373bf91dab
SHA5126b36f158d03ce8a0ab77722d051acff582d850604f657af56eabc2de06688e382555a80fd40c62c4bbf69c0f09f7aa0e0231a3c4563275ee7e38962b9e3d1708
-
Filesize
12KB
MD5143ef7f1df00a3916284bdc988b5fad5
SHA1407813bf77db5f707a4d392d915492c8a0f2843d
SHA2564a42bd2066f5b1a56bb55c73d53669cd5c91b5687a2da8cd7ac889e152c4147b
SHA512ba18fbdc8bc1f4d288bd99fa2899ba79682ba96448ee54f2eac6cbae3984439b1af87addf9041656b342d71066ad93f38920018827505c5efcef1fe1f4b49884
-
Filesize
12KB
MD585a078672c200446dd06ee54cc0efc27
SHA17ee0edf286b9ebea872cec98a8f5833bda52f8d4
SHA2566d766b5c9bfbb2d54e18693c94abe9c8ebaf03da47b709800582edc2e4ee160e
SHA51284aed8cac3a4d840d0efa215ebc227112851b1c93ce5beeb0bdb041fa2ac9e02b267f252f5c6f8250e845fc62aecb6ccdb4df6b497f3db97d2fa82310189784b
-
Filesize
12KB
MD5ddc7e54be0d122a7be0e136a00c38176
SHA17620fd5486315735226287deaf608cc0d5a6b59e
SHA256b5b19a67925bb9460328f741aad003c0eee9aa2f4dfbf7d8299cb3a529e9de8b
SHA512e6b0c24e60bd0175d9bb10fc1f709a798deb4986330bdb4b28fe607f3af83de312c3bdba79b6eac527e801ccd96af01a32d51ecbf8b1a07ecb08d90aee1a90e7
-
Filesize
12KB
MD5f8e84ba485e3433a51b37f7e81038c94
SHA135fed32770f9d04c26b717e5453cdb6390f84557
SHA256532d07e60e1593c621972e6173b4f094b3e9744bb568a08de93d53a816c93430
SHA512d4a904c8ab8f86b399fa86814fb997d31606e6da2cddeca8b2a3757686dce6d30b554b06354e8151504291c94a6cb69ee5b74fe4ba0e258243a7a904945b5e94
-
Filesize
10KB
MD5b1098f9ca6412ace5d9b6bcca5e5e3ec
SHA1f3383b68929d323f7fd1924e2f10f4993068facf
SHA2560d39822906f00f876beec95a498ae548ed811cc93d1e05d6988de95ae37ac330
SHA5125bccdf675edec553d3f31f402d033583914864b5611d41d6dbc319bdcff03e3cfa1f5e596b2c9a69f52e905b34e2e9a793467dc9069cbcec1970d8035ee40d3b
-
Filesize
6KB
MD5d904efcd9900a615362e85d92c6f15f9
SHA1ae03db2fcf178cd640516f77355d4c3e223f515b
SHA2566553a364d7551fc4b98abe35a8b9362dbc113fb00374ff54ab2e77da9877d521
SHA512947230b2cdb7f1df541f27ef8abe212de9d5fafc5368d9a746454c36332536cf147fef026a5a9c6d510ce1bbaf6a4fa6e53a7d3bbc73306fb922a65a25a51e92
-
Filesize
3KB
MD54705549566d5f15cccae4d54209a4eed
SHA1ad3986036ebf800fe196e0ee2a8ec609b57d1f34
SHA2560c8dda91d03dbc25376b19a14de363158bf6790b0f99638dabba9e5ba26f808c
SHA51249ecc489bb6ffa4f370011af3f21e6b553bd9b282820165c22148d22631e941827773b0e6b1f8c568334b6b10c40cf204b85d120721f87611ea1a650edc1ebca
-
Filesize
8KB
MD555c37531cb8d70055e8fa5e74dabf42a
SHA1fb46341f146c582e63db0e26d2a5da006d6f3424
SHA25670df4413fa77f63e7783e51b9c90a9f7293ebeaa236be194f788800650f2206b
SHA512814bca88ab2a8ce33feb288bd8110e7e0698373c7f3c171d9960167f4bed209005d36cf46e7f0c3860a22f86b1fbececb3c83492d34d4b38db418ce429fa14ae
-
Filesize
3KB
MD50a315c6977821ce6f6fd5f7d24db5f0f
SHA198e94284dc265ffdd122ccc21a92b6f333e03ae4
SHA256ef825557b279725b16f1baf400a6f5ecda9b975fa25012b38bd805d4843697a4
SHA512287e131abe12ea97bfcd402ea100037572d673e102ae713249081b4052269bf69a4891f67c3cb2b595de84da9bee324bf7bda11a46b0b688ce63ab011fe5cadf
-
Filesize
6KB
MD5d8d9a71849ca16660af5ace72ade1668
SHA16dd58a17518aa87394321d10ce993a197d91d577
SHA256015862cbcd7d24c3226b351b45055e253ed34df6b164d8c365cfd1a0d86d4e7e
SHA51252eb2cff58492a24db6e0c9aafbf89a2e40e5d99091464832a83419d5bd98058289d6766457cca5f04ed46b071ace8cadea960168d25a29f5ea43d81fe9ac21a
-
Filesize
8KB
MD5716a1b21d16beae0405cc08d35d137cd
SHA1a013a0d39efd59a831edfe5194dd182af25109aa
SHA256e3170e44d159d924bd7884c4e0fd6b590ffd93b0ce2c1eebd0d68606039f7df5
SHA512bf6664be664c1675b1038afe91d108a0d0f487f158cf6d0b183ab5ac5cf10836270c71687b69a220bd7ef8383bd2aa1cc9715edcedd4fde1735c7af50ac103f8
-
Filesize
4KB
MD5866728e21c696c8a4898710a4bc496ce
SHA1297c96a9a31719382b7d61344e192986e5785deb
SHA2568be1726cc7b63937477554216c86c1deb3d93b4e7fd1ec2353bfb19961b23fde
SHA512260cc2b40efdcd0ba8314a12398ec955e24b3de7759aca297aeb4e76c3d07f9302e253e83e170fcdc9818b7532f28ba33dc16aa3d7db17fb4e7f813deac2625f
-
Filesize
4KB
MD5b93d641489836820549a799c8e0adeb4
SHA1cb8c8a23ec4af9db35ee5a8b7ba05dc45a88c407
SHA256d26f373639b2492bb19b1fe49cb4a15468fa82d33a5edee783085ea930ea548f
SHA51250971c7eeb11d71c709d973d02095195d402a9ab841d209b7768915799b0efea44149c2295271d370e8ece6bb7e61f2a710743f235d3dac2c01b504bea8b22d3
-
Filesize
4KB
MD5cc316a005167b7a7b9acd1e1d24d5153
SHA1daa6b910ea852257d8098fd1611760a8b30a3634
SHA25610dddb5334d5da9bf1088bdd461b9ed42810da1d7afada078c7a1ffa112a5a27
SHA512459ba0ea0f1153ccf313408c162ead62b502468a9f4d29a6306c30e343bf0a8eba41e7441ee73401e4c06dba44cb18e4f007f7e07bce46692a8d53390241853e
-
Filesize
4KB
MD56d10cd287fcf654c2dd6fb3ac539ce5e
SHA1d6fc8ae1ea7b603de1bab93ed1a38d71a3df508b
SHA2565de889da1e6b9aa381ef18e110790ab14b7a030439ab874c2442ff182eeecd10
SHA5121d188b53b37df186f1115c709b339e189b1438d1a53837aab3fb77b7cb2d39ae6680cb9b0d8ce3f2d84658a7bd964ab1b422fffd2caa08068ea5b9249de9336c
-
Filesize
4KB
MD56bb06f3d52d06b3b24e84d2984c5c08c
SHA13b81e4f2018a2ce30c97f21f959741e3ba70fcf0
SHA256a57b046ad7389b605187c476badc30353ef7c3b10086e71fe554684d3b4e976c
SHA5120b4670dc0e25cb5e4ee579f7332a397fdbeda98b0c0f1a145273346af4a517580e0a38b513fb8ccd162f78a91fb31d67f25f28e32c448a46b3662242adeeda31
-
Filesize
4KB
MD55e157c5a7c47fea1a7ca4b1b4ba3f5c2
SHA18cdf1bf1598acf3042d14948aeb86b68027c7124
SHA2563d30e1919fa1723aec4e9c45a968db3c2a0cb6ae4d007c231a6f7f4482b55b2a
SHA512662c356fdb61d52a8dff6a8449a2919dc01e519e1abafe0b052887437f78f4db865eb0679d2dc241b9a6be3341462fdd66ec5e294fd65d0c4bd9e78d73f04679
-
Filesize
4KB
MD517c1f035e92739b3245233ac39936713
SHA128af330a2b4f2b4cf044e93908f48bebdfb371c4
SHA25625498e56210375216760d8da11e64f0e876f87cfb4dbea23c7010a117c3fb2dc
SHA5121d5f632402c4c7576fff47bdbfd662c75a7791f93332ffce4366c2c746d3ac49f4e8ba87ecba03c43bac5f51056707f0a1b0dfe2d0a92831d491551f217bad22
-
Filesize
4KB
MD5a7e986ec89a6fa2c184bbd464d7a55ff
SHA159c5a9a5bdd840205a1a7f7bfc8b2626b6fcd15c
SHA25604424f5ceef1d7f67d2ee00617e28563d6cfc047bc82537341ed354fd9315499
SHA512427708322bc8fb28b56092d650d9c152e4a0e0f33159c94e72b37a2ff5de48afed30c8ec9c3950a731459ca264477740a434fc061678bbf0bb29970a19048d1c
-
Filesize
4KB
MD543e0717abfb53b384e88b6754225c2e0
SHA15c8d10d4f48cba883086b1cecd35422122f0d5f6
SHA256def401f9c84b1805afe2457eba78cdb3929e860f5e12570964223049c463b417
SHA512fa28ab76b5f95bc4c83e435f18e306d112c208decea52c012b3f1435d045d83e7b7830ecc377cdc16961fbde6c4885161777509bf8ee43a45faee8dc26544559
-
Filesize
4KB
MD559617852a677b758475079e1037d5f15
SHA1d0de2dcf4fda3adf00cc92372222f79dd51b99fd
SHA256c8ce2499470b7827775166a19c69bef5302011c42d63c7c826a63cc47f5e520c
SHA51277741411410947e555a6ed76511223a61aa3d36b8336056afb49105da7eeca75ab2a74a5ff1218158f06280b53ec41f2b59c792c0e7cd4cba80831098e221fc6
-
Filesize
4KB
MD5610e8d79ecd12f229d146ee7b86e9f31
SHA1867a5a90dd9ebccb74d07b9e91c58860b4bda076
SHA256bb0d5d1aff05fd0b4b6f4f28b568be0b841c8e290faed19853ee1956a73ea9e5
SHA512d0f8e18b9fa2d92276b8777f2b2b52788ee5d7dec17d33e0d6f9eada983510ead70b472b3ac9cc40d389de4dcb5da3dea9fa6741f584fab32ffab17591262c97
-
Filesize
4KB
MD51c20b551c8177c64891f1c20f38141ca
SHA15698b6c521d66a0c19ef1400bd05797f2d0dbdeb
SHA2569e7a415f05f5ef98ed2afc3cb9b3af80970bdb80b00abaed19c89c6d4a2f3df9
SHA512401c6e105ca2571202a1f2c4e7cd6e9b0e86db8122d45fde55ef3f84ef515938f516854fe5f665fd4934b4e39a61fd7700d65da6d95f3f1f54d0dade235ec3f5
-
Filesize
3KB
MD52cdb8750cf4d771d4b645b1f7f7f86b3
SHA1f55f5b770bbc742c345e540865cd705c7189305d
SHA256da71d267e72aa379063aa4bbc0c4e8c12f02b0f51c86c68303483d8ea9414886
SHA512c358e452236429f2ec91e64fc513a0210302e48396a90cddb0ff5241114f47b48e1aaa5cb4cc8b0589d1bd0ddce5dcb1e9d9c993aad44c2e615008ab3b3c5015
-
Filesize
3KB
MD5b19015e21e1bc2886b0b674d2f450bd1
SHA1540de50a0d3b98b6abbc084178ba05e4704321be
SHA256a1bc54e853d96acf8279a0a7f98de870e6d217d281b1119aad865816659b1eff
SHA512cfe69151364ff1227b2eae37420ae70f34760150ca78b2e5dad9a83cd0538f6e1ce2798b4f31ee6fd9b9e17e020d738c7ec3805796e8d40bad1cbaa3914350b6
-
Filesize
4KB
MD5bb847e08dfbf8ce69557589b4aa7fd4c
SHA1ebadce3c14414fafd389a6de3da117cc7829ce9f
SHA2560aeafc2017d6bbb2c329c177ffe8f3a183cff408b18925e55d9564aedb8ae0cd
SHA512979f20b3e0c22f9c932bee6261ce627829bd26ab1fa4467ffb8b2367d5f37b9c440fa56f268b68f5f6a7d2c1ffdde93b7c6666bae05e1ce19e54b5bfcae32071
-
Filesize
12KB
MD5d6f787534eea52824abfef940379b071
SHA1b200fb5e314de41c743ac84fc973584dee668946
SHA256feedfdacbcff878dd0f877736f880b045941e25cd3c4013357d4e2a293a1e7d8
SHA5127ba2d3f0858a5aea61486ba8eb96fed621384258b5055e97a314d9cde71081545d881059d9bcd5bce4f5cb2d7cc341090d2cc419cac44302708b8bef17e4beca
-
Filesize
6KB
MD529f6df5957016e418fbd0f2407e3575e
SHA10ffdc37e214ad11658b1732a8448eab853713b6b
SHA2568175f3000d31f9afadbbba3149b647da59b30712668751cd04216bbbbc9897ee
SHA512e5916dfd44a4456d0f8c7f42b993426c1196059c053a46ac324104edc674944f622b43c7ecb652e1904dd11932d98b87216e7860f5ce193bcd8899162dcbcc8a
-
Filesize
4KB
MD52934af8ae0d09bf121231b1532691784
SHA182600e7a68d878c530598e89a8f7287a7ee9522e
SHA2560dba878369ec7193b655fe173370bc1878e169858ac326b4d61b6139c09e7f38
SHA512588d4acebfe1c8ae665ac880a66e6f4864ed082c1845bd1a975caf2bcfc6ef34eac6bb91ec62389cf5ae57a90ef9b65e7e9edf973ece82ca82c948efa18db0d0
-
Filesize
5KB
MD5d67604a350e1623b4247d0abe711bf49
SHA176ceaa375f12af2bb8085e8600dc1e14ca5a077d
SHA25655fda9640f1c33eacbcfdbe628d5b51d715324acb41e0a7342386d002e76befa
SHA512fa7222eb8d447c473de1dd8c8236fd31ad405390ca11776f320922ce7d005d95cbbd4d3d21337e111614285c1c71eaea465aa0110021a92924f7f74ca8adb2c6
-
Filesize
5KB
MD5127fd642367e38c9e0752e17366d0657
SHA14872ac870ae0aef8c4a2df0dedfd62541042dc00
SHA2567f602869bd0d58864a25cc9fce24362c1d036ff7dc7fc09cbc5397020eeeca8e
SHA512d9ec19fdbac2b7ea94d98e87b5b406c1094734ba2f905f016d1bfbade2b47b644ece4876cc13a264e6c1e01f1c5a8fcc98393486b642664ee9e4c353421afcf1
-
Filesize
3KB
MD5f05a9ab030493333562f4dd3233d9e54
SHA1a41c5c305b5accc6434fd6a316c23d68d922bb35
SHA256e84bdf9054222b23ab9ad598b8071b0111c711127f6aad05b9b5396606a2e27c
SHA5128b9fad95a30845ef6976c1f73c97389f858dae8cbe53517e9ed387f6268aa454099a47a4795f5f5134ae40c29c9030dfc7ed69bf4e58f59420cf0b63806d4d95
-
Filesize
6KB
MD539c09ed0d3bf6e3e3caadcaa90652186
SHA14a93cf11247ab27e41a2cd8cb116d657dd3dbc3f
SHA25691eba6fff283d83747d7600fd308ec242deaced8c1adef942db1afb1e95a58d8
SHA512e687923063e91863152adf4be0d552bec4eba25618bc15f7defc3b2ed4240778628b8ac722c00db32ba87ab7db5c8ef315089776fb7382881873627c698a8e60
-
Filesize
4KB
MD5a522a6794670703c82eff714c6666f0a
SHA18d4f79fb5201ddd8c360a1c6b108ad0a9ce1d23f
SHA256c1bcd5604382360452e26674e52b44435ae26b5b38550f710af3f7eb5a26d1ae
SHA512b4f7335ab1da7e6da77e20e68ffa7c15383f2760ec5463a7f4b37eeb8a045d1ce57243d991a70d7451eef3f27a7215efc41322fb290907e7a32a994442f2058d
-
Filesize
6KB
MD5f682c1211fe61d321483d7eaa294b0ad
SHA1e11fcb6af65212c4d4c80eae8bc7ef771bafd7c2
SHA2569eb0c3574ace3ff02ab410610f541981912a131a24fdac22618dd6f2133c6295
SHA5124ae43f1d0851a85b41cab71c2a82b4701e19c59810578ec56b7bbb5cd33036d4e307d829517a05b62546e1ec805bf2630e874ba64988507332ab17d6e11b9db1
-
Filesize
4KB
MD50c4670f3f962d25d8af18385e6b20049
SHA1da29726c9361f0e5100c85f05325bb462c2d4af2
SHA2566198ea629c361de669258e31a6a4c1cd5a061a067dada91faefd56ef6ecd3c3c
SHA512c31c7f25da256f019396bb17823ae78e0dd51898438a974b0185415b2fd6b34c62d5a98e8c1833db7b591182fd89c26d7908662cabaf57c96fc522ecd9397694
-
Filesize
4KB
MD5a5b60198ed9c83074babfa86f60c1e4b
SHA12f3e922d885fec14b965d9138ec90a1571125e8a
SHA256024d245e7af8409c38f53bd91cf4ede6c11dad6a192a27351ce027db7fdcbb03
SHA51247571c1995d026e90114bea355d67842e8e77ab003e906f7f5b247c1fe50743609165b944368f7b92759082c78f5b0ef020023c45bb712ede8e408979a7bbd00
-
Filesize
7KB
MD5ad4a69e9ddeb7149c4ce94ffde89a08a
SHA17b4baf0991c53c17e80a3929a1f0a2ba20b7c726
SHA2567b65e444e4862bdd6b1d9adf2142e0c0801a5bdc5ef2fa26e6d125bf818ae130
SHA512c133b4a04fd88bbc2449156173e086bfc6d69e48b6a3aefb21d96094858015f832325e5eff53b6e0f98954cd3d5030048d5fc73d862d69c49530967c78f9db21
-
Filesize
4KB
MD58eedd7fa9d4b1058c4da2ef231001f50
SHA131c78dc9650ce35421c91f9d4b6f52a1e63266f2
SHA25657e2e7ce2c280faa9ac28f484efabc52081c1bf7861d98dba7a223b5bb6ac520
SHA5122ca4c651e0998b243c56b12f4ced0f06385c2c4a606c10485a47423e2e712f105746e4cafe132777de373cf8604255092f4de93dad952f055c7448ace9ad34fb
-
Filesize
14KB
MD51fb296ca51785eb27dd289ceb90e8082
SHA10024d66ce2c3bd8d215e2a75c78bac3b5bb6fb5e
SHA25645a627584acd8f55ac0f185b736d4fe8b1b8448bc43429a6d5eb3dfc6e0619a7
SHA5124180b4bdf466f19ee52067cbddf4097cfe4898bc7bce044e986564ea6ba583c89e50869f33af65e2df565012f451ea2ae3b7be04c3d0c2c42de2a1ee98b34e15
-
Filesize
7KB
MD5a836ce407e59d74219bc0b9eecf283b8
SHA18a81e6f50f5072a3ec8a95bc762ad4cfa5ce7417
SHA256e2db4528df46f2d1ecdbd9cfd1f49ba4d76cdb1209c68c2d44ae2c4659c6bb3c
SHA5120224a30d40d10f81ebd48d5c39d5c6427eaabbf00a0815399677473c2f8f1446d25a38ab02dcc54d239be54f6e85688c7f609c542a58fafbc5a659f0f759cdaf
-
Filesize
8KB
MD5650d5874d4eb68223ef16e408e11ae7d
SHA1e63eb4f67f18cdf11aa6cb31bc47530a04a0f18e
SHA256543633094a268c0a6164101fdca70598da596385b14d3b6d63e35c9b56d4aa7c
SHA5123fadda6fb50d65263777a9a80f21e0c27c556410685f8169ed2edc94f0b45445b1036de39a224c2b33b064f9956418016d783f5f79f6f6bff3840e6a77c632b0
-
Filesize
8KB
MD569603754983bc431853ad1642f03cae4
SHA19c0cbe2a94c149765156e7f3de14643ee8fb2fb1
SHA256f74e054dbd20089e0dd1ad8d0aeea16d3938c252ce916f0737dc1b1fea3a0880
SHA512d28016e01a4aa294fdcafec441d2518c1cbcf4607a4f26ec39f4082e885b2a3602b353629b58a84e1c77d71aac1fc52f7708344ce8ace1e60b56565c17778025
-
Filesize
13KB
MD51c5d8d8648b79b79d2ddda9d78fa637c
SHA15de477696fdaf88c626717f8a3a5c06c7135eb02
SHA256ab0cb0aa7c4b85d6209fdfc916c5426cdf92fa8bc63c3fe15cda9485bc39f7a6
SHA512e0a1d6d35578edc27783a22e40ae533477fdf0ff315d119d4fa460faba1653b23104976b1e0f685d0201f7cb9c06a304481337b567c3b2aa57ee72d31bf743e0
-
Filesize
8KB
MD5136f45db37584f25b74b3418c6afb0c8
SHA1a8a03866e1d3da7f853e1c895910db1ef1002bf0
SHA256406d1250c69c9720e289816947323d35fcae354d32a5c56b1acb6f2c1fcc1d62
SHA512c30c277c3708ccca0c07d2f536cd23d5b6ea16a861e78de8358334b9862e2356fb0c397da948e2270995f95e15b40d767d4cead34c0ec7fceeebb37907ee7094
-
Filesize
8KB
MD518b00181943b281edb1fdd130e494d22
SHA14a706b45cdcaa8c64b7819f3de4c7d77192c73f9
SHA25621ca5bab5c5d76a3d280ece521da88183004576d95225a18e2ff0acbb8246fca
SHA51272a8e7a0a1e5c1a56b49177e03df42d9d7ddd93ca5396d9e24cd8446dae8f139cf0b419ac2572761a1601d3eb1652d1bb431902eff6fb689552581454cdf59a8
-
Filesize
7KB
MD51671a9ea5066b2b30ad0b59fbcd67992
SHA1eb44dfe3216ded035bdc4b891a06763e2a0584ca
SHA2562e4a7afab81f605c4b994bb71ddab299e7f1f7ce96140fb930110c3aa5d1167d
SHA512610c718048e2243f6a46bb02f9921fdf0bff26306cd58114002ca7269b68db27ed37e5c7be45e62dd328dae24f634496d78a08263d708f27868536a98a4d4b38
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e