Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1359s -
max time network
1365s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
01/04/2024, 17:49
Static task
static1
Behavioral task
behavioral1
Sample
bitdefender_tsecurity.exe
Resource
win11-20240221-en
General
-
Target
bitdefender_tsecurity.exe
-
Size
14.1MB
-
MD5
b193e93da8cb8fb53b3b4cdc081252d9
-
SHA1
b0d9d7822414095e325d843df73cb13c4ac214b6
-
SHA256
26fafb03090ce617b53d9b3f6038ba1726211cd77973c1df888fb7092fccb72e
-
SHA512
7ad1c11cc4d9527df8cb95f9a21e60bf9015de6e8f7f9e43ed89161a77c4f424c7a2286b080e50559a1aa80294e8fe38758816e17fb022aa7c3de90c14c16525
-
SSDEEP
393216:S6FaXw19Sf25WY27BRR8V9tz8SpNuGNvHqmbet:HFaA19S7Y27BM58ooixA
Malware Config
Signatures
-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware 6 IoCs
resource yara_rule behavioral1/files/0x000100000002a995-1044.dat family_chaos behavioral1/files/0x000200000002aba3-2939.dat family_chaos behavioral1/memory/3208-2945-0x0000000000E10000-0x0000000000E9E000-memory.dmp family_chaos behavioral1/memory/5032-4875-0x0000000000030000-0x00000000001B8000-memory.dmp family_chaos behavioral1/files/0x000700000002ab48-4880.dat family_chaos behavioral1/memory/3176-5349-0x0000000000CC0000-0x0000000000D9E000-memory.dmp family_chaos -
Drops startup file 3 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.url svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini svchost.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fuckthisshit.txt svchost.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\PixillionInstall = "C:\\Users\\Admin\\Downloads\\PixillionImageConverter.exe" nchsetup.exe -
Downloads MZ/PE file
-
Drops desktop.ini file(s) 34 IoCs
description ioc Process File opened for modification C:\Users\Public\Desktop\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini svchost.exe File opened for modification C:\Users\Public\Pictures\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini svchost.exe File opened for modification C:\Users\Public\Videos\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Videos\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini svchost.exe File opened for modification C:\Users\Public\Documents\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Documents\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini svchost.exe File opened for modification C:\Users\Admin\OneDrive\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Searches\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Links\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Music\desktop.ini svchost.exe File opened for modification C:\Users\Public\Music\desktop.ini svchost.exe File opened for modification F:\$RECYCLE.BIN\S-1-5-21-160263616-143223877-1356318919-1000\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini svchost.exe File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini svchost.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini svchost.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 489 raw.githubusercontent.com 484 raw.githubusercontent.com -
Drops file in System32 directory 8 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_8A3EB3B0E837053838683939C2047254 ProductAgentService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft ProductAgentService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache ProductAgentService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData ProductAgentService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 ProductAgentService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content ProductAgentService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 ProductAgentService.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_8A3EB3B0E837053838683939C2047254 ProductAgentService.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\h1vprybbo.jpg" svchost.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\show-pass.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\check-large.svg installer.exe File created C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\msgbus.dll installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\settings\bdch.template.json installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\check-done.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\btn-minimize-w.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\ie-icon.png installer.exe File created C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\hu-HU.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pl-PL\productagentui.txtui installer.exe File created C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\ko-KR.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\b-icon-popup.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\installer\lang\ru-RU.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\icon-warning.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icons\camera-popup-icon.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\loader.png installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\installer\lang\it-IT.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgent.dll installer.exe File created C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\bdredline.bdch.xml installer.exe File created C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\unrar.dll installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\de-DE\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\it-IT\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\pattern.png installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\pattern2.png installer.exe File created C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe nchsetup.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-PT\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\btn-minimize-w.svg installer.exe File created C:\Program Files (x86)\NCH Software\Pixillion\pixillionsetup_v12.26.exe\:Zone.Identifier:$DATA nchsetup.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\bdnc.ini installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\installer\lang\sv-SE.txtui installer.exe File created C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\trufos.cat installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\x64\critical_fixups64.dll installer.exe File created C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\sv-SE.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\tr-TR\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\settings\UPNPService.xml installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\b-icon.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\critical_fixups32.dll installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\el-GR installer.exe File created C:\Program Files (x86)\NCH Software\Pixillion\shellmenu.dll nchsetup.exe File created C:\Program Files (x86)\NCH Software\Pixillion\superresolution.nn nchsetup.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\el-GR\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\btn-close.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\icon-fb.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\en-US\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentService.exe installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\img\icon-warn.svg installer.exe File created C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\nl-NL.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\pt-BR\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images_2\common\close.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgent.dll installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\show-pass-checked.svg installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\installer\lang\de-DE.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ja-JP\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\vi-VN\productagentui.txtui installer.exe File created C:\Program Files (x86)\NCH Software\Pixillion\pixillionsetup_v12.26.exe nchsetup.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\de-DE\productagentui.txtui installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ro-RO installer.exe File opened for modification C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe installer.exe File created C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\lang\pt-PT.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\es-ES\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\html\Agent\login2_no_net.html installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\lang\ko-KR\productagentui.txtui installer.exe File created C:\Program Files\Bitdefender Agent\27.0.1.266\skin\images\network-error.svg installer.exe File opened for modification C:\Program Files\Bitdefender Agent\settings installer.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll svchost.exe File opened for modification C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll svchost.exe -
Executes dropped EXE 34 IoCs
pid Process 3740 agent_launcher.exe 3604 bddeploy.exe 2452 setuppackage.exe 3132 installer.exe 4904 ProductAgentService.exe 4408 bdredline.exe 976 ProductAgentService.exe 3284 ProductAgentService.exe 2036 ProductAgentService.exe 3040 ProductAgentService.exe 980 DiscoverySrv.exe 4160 DiscoverySrv.exe 2884 ProductAgentService.exe 3380 ProductAgentUI.exe 3248 WatchDog.exe 7572 PixillionImageConverter.exe 6036 nchsetup.exe 7488 freetype.exe 2364 pixillion.exe 6488 pixillion.exe 7812 Chaos Ransomware Builder v4 Cleaned.exe 6608 wgj1CCB.tmp 3208 Chaos Ransomware Builderv4.exe 6532 installer.exe 5576 Installer.exe 7880 pixillion.exe 5472 pixillion.exe 2340 pixillion.exe 5032 bitdefender_tsecurity.exe 2416 svchost.exe 5772 bitdefender_tsecurity.exe 8080 svchost.exe 3176 KG_Ransom.exe 2104 svchost.exe -
Loads dropped DLL 64 IoCs
pid Process 3132 installer.exe 3132 installer.exe 3132 installer.exe 3132 installer.exe 3132 installer.exe 4904 ProductAgentService.exe 4904 ProductAgentService.exe 3132 installer.exe 3132 installer.exe 4408 bdredline.exe 976 ProductAgentService.exe 976 ProductAgentService.exe 976 ProductAgentService.exe 976 ProductAgentService.exe 3284 ProductAgentService.exe 3284 ProductAgentService.exe 3284 ProductAgentService.exe 3284 ProductAgentService.exe 2036 ProductAgentService.exe 2036 ProductAgentService.exe 2036 ProductAgentService.exe 2036 ProductAgentService.exe 2036 ProductAgentService.exe 3132 installer.exe 3132 installer.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 980 DiscoverySrv.exe 980 DiscoverySrv.exe 2656 regsvr32.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 4160 DiscoverySrv.exe 4160 DiscoverySrv.exe 4160 DiscoverySrv.exe 3132 installer.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 2884 ProductAgentService.exe 2884 ProductAgentService.exe 2884 ProductAgentService.exe 2884 ProductAgentService.exe 3380 ProductAgentUI.exe 3380 ProductAgentUI.exe 3380 ProductAgentUI.exe 3380 ProductAgentUI.exe 3248 WatchDog.exe 3248 WatchDog.exe 6448 Process not Found 3880 Process not Found 6532 installer.exe 6532 installer.exe 6532 installer.exe 6532 installer.exe 6532 installer.exe -
Registers COM server for autorun 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\WOW6432Node\CLSID\{cb6ba4f9-380d-4cf8-a5b5-de4c325d6323}\LocalServer32 nchsetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\WOW6432Node\CLSID\{cb6ba4f9-380d-4cf8-a5b5-de4c325d6323}\LocalServer32\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -systemnotifyevent" nchsetup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ProductAgentService.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz ProductAgentService.exe -
Enumerates system info in registry 2 TTPs 5 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS pixillion.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer pixillion.exe -
Modifies data under HKEY_USERS 64 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Bitdefender\Bdch ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Bitdefender ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Bitdefender\Bdch\productagentservice ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs ProductAgentService.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates ProductAgentUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA WatchDog.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates DiscoverySrv.exe Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates ProductAgentService.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dcr nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.svgz\Shell\Convert with Pixillion\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -add \"%L\"" nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.dib\Shell\open nchsetup.exe Key created \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.ras\Shell\Convert with Pixillion\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -add \"%L\"" nchsetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.mpdp\ = "mpdpfile" nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.png\Shell\NCHslideshow\command nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mef\Shell\Convert with Pixillion nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avifs\Shell nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ape\Shell\NCHconvertsound\command nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.jfif\shell\open\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" \"%L\"" nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.tga\OpenWithProgIds nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.flac\Shell\NCHeditsound nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.raf\shell nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.emz\Shell\Convert with Pixillion nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.cab nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.dng\Shell\NCHeditphoto nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\NCH.Pixillion.jxr\shell nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.x3f\Shell\Convert with Pixillion nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.shn\Shell\NCHconvertsound\command nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.png\Shell\NCHeditphoto nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.nef\Shell\Convert with Pixillion\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -add \"%L\"" nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.wma nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.wpd\Shell\NCHconvertdoc nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.raf\Shell\NCHslideshow\command nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.pdf\Shell\NCHconvertdoc\command nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.psd\Shell\NCHeditphoto\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -extfind PhotoPad \"%L\"" nchsetup.exe Key created \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.psb nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.m4a\Shell\NCHeditsound\command nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.mov nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.doc\Shell\NCHconvertdoc\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -extfind Doxillion \"%L\"" nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.crw\Shell nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\.dcr\OpenWithProgIds nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.heic\Shell\open nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.exr nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\NCH.Pixillion.raw\DefaultIcon nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.hdp\DefaultIcon\ = "C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe,0" nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\NCH.Pixillion.srw\DefaultIcon nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\.webp\OpenWithProgIds nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.rar\Shell\NCHextract\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -extfind ExpressZip \"%L\"" nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.arw\Shell\Convert with Pixillion\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -add \"%L\"" nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.pgm\Shell\Convert with Pixillion nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.dng\Shell nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.jfif\DefaultIcon\ = "C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe,0" nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.erf\shell nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.svgz\Shell\Convert with Pixillion\command nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\NCH.Pixillion.emf nchsetup.exe Key created \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\dssfile\shell nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\.pgf\OpenWithProgIds nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.raw nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.rl8\Shell\open\command nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.bz2\Shell\NCHextract nchsetup.exe Key created \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU pixillion.exe Set value (str) \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads" pixillion.exe Key created \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.hdp nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.tar\Shell\NCHextract nchsetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.emz nchsetup.exe Key created \REGISTRY\MACHINE\Software\Classes\SystemFileAssociations\.iso\Shell\NCHextract nchsetup.exe Set value (str) \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\.jps\ = "NCH.Pixillion.jps" nchsetup.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\.svg\OpenWithProgIds\NCH.Pixillion.svg = "0" nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.ts\Shell\NCHeditvideo\command\ = "\"C:\\Program Files (x86)\\NCH Software\\Pixillion\\pixillion.exe\" -extfind VideoPad \"%L\"" nchsetup.exe Key created \REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\3 msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.pbm nchsetup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\NCH.Pixillion.avif\Shell\ = "Open" nchsetup.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e agent_launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e agent_launcher.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 agent_launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e agent_launcher.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e agent_launcher.exe -
NTFS ADS 11 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 790843.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\KG_Ransom.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\bitdefender-logo.jpg:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail.png:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 190429.crdownload:SmartScreen msedge.exe File created C:\Program Files (x86)\NCH Software\Pixillion\pixillionsetup_v12.26.exe\:Zone.Identifier:$DATA nchsetup.exe File opened for modification C:\Users\Admin\Downloads\PixillionImageConverter.exe:Zone.Identifier msedge.exe File created C:\Program Files (x86)\NCH Software\Pixillion\pixillionsetup_v12.26.exe\:SmartScreen:$DATA nchsetup.exe File opened for modification C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar:Zone.Identifier msedge.exe File created C:\Users\Admin\AppData\Local\Temp\7zO8C8198BD\Chaos Ransomware Builder v4 Cleaned.exe:Zone.Identifier 7zFM.exe File opened for modification C:\Users\Admin\Downloads\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.png:Zone.Identifier msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 6032 NOTEPAD.EXE -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2416 svchost.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 5108 msedge.exe 5108 msedge.exe 4304 msedge.exe 4304 msedge.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 3132 msedge.exe 3132 msedge.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 4932 identity_helper.exe 4932 identity_helper.exe 3516 msedge.exe 3516 msedge.exe 5256 msedge.exe 5256 msedge.exe 5256 msedge.exe 5256 msedge.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 6560 msedge.exe 6560 msedge.exe 1668 msedge.exe 1668 msedge.exe 7204 msedge.exe 7204 msedge.exe 5724 msedge.exe 5724 msedge.exe 756 msedge.exe 756 msedge.exe 6436 msedge.exe 6436 msedge.exe 6036 nchsetup.exe 6036 nchsetup.exe 6036 nchsetup.exe 6036 nchsetup.exe 6508 msedge.exe 6508 msedge.exe 3040 ProductAgentService.exe 3040 ProductAgentService.exe 6568 msedge.exe 6568 msedge.exe 3972 msedge.exe 3972 msedge.exe 7128 msedge.exe 7128 msedge.exe 5808 msedge.exe 5808 msedge.exe 7444 msedge.exe 7444 msedge.exe 2084 7zFM.exe 2084 7zFM.exe 5032 bitdefender_tsecurity.exe 5032 bitdefender_tsecurity.exe 5032 bitdefender_tsecurity.exe 5032 bitdefender_tsecurity.exe 5032 bitdefender_tsecurity.exe 5032 bitdefender_tsecurity.exe 5032 bitdefender_tsecurity.exe 5032 bitdefender_tsecurity.exe -
Suspicious behavior: GetForegroundWindowSpam 6 IoCs
pid Process 2364 pixillion.exe 6344 7zFM.exe 2084 7zFM.exe 3208 Chaos Ransomware Builderv4.exe 6568 msedge.exe 7128 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
pid Process 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeDebugPrivilege 3132 installer.exe Token: 35 3132 installer.exe Token: 35 3132 installer.exe Token: 35 3132 installer.exe Token: SeRestorePrivilege 3132 installer.exe Token: SeDebugPrivilege 3040 ProductAgentService.exe Token: SeDebugPrivilege 3040 ProductAgentService.exe Token: SeDebugPrivilege 3040 ProductAgentService.exe Token: SeRestorePrivilege 6344 7zFM.exe Token: 35 6344 7zFM.exe Token: SeSecurityPrivilege 6344 7zFM.exe Token: SeDebugPrivilege 3040 ProductAgentService.exe Token: SeRestorePrivilege 2084 7zFM.exe Token: 35 2084 7zFM.exe Token: SeSecurityPrivilege 2084 7zFM.exe Token: SeSecurityPrivilege 2084 7zFM.exe Token: SeDebugPrivilege 5576 Installer.exe Token: SeSecurityPrivilege 5576 Installer.exe Token: SeDebugPrivilege 5032 bitdefender_tsecurity.exe Token: SeDebugPrivilege 2416 svchost.exe Token: SeDebugPrivilege 5772 bitdefender_tsecurity.exe Token: SeDebugPrivilege 8080 svchost.exe Token: SeDebugPrivilege 3176 KG_Ransom.exe Token: SeDebugPrivilege 2104 svchost.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
pid Process 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe 5108 msedge.exe -
Suspicious use of SetWindowsHookEx 19 IoCs
pid Process 2452 MiniSearchHost.exe 1668 msedge.exe 5724 msedge.exe 2364 pixillion.exe 7812 Chaos Ransomware Builder v4 Cleaned.exe 7812 Chaos Ransomware Builder v4 Cleaned.exe 6532 installer.exe 3208 Chaos Ransomware Builderv4.exe 5576 Installer.exe 6568 msedge.exe 2364 pixillion.exe 3208 Chaos Ransomware Builderv4.exe 3208 Chaos Ransomware Builderv4.exe 3208 Chaos Ransomware Builderv4.exe 3208 Chaos Ransomware Builderv4.exe 3208 Chaos Ransomware Builderv4.exe 7128 msedge.exe 5808 msedge.exe 7444 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2416 wrote to memory of 3740 2416 bitdefender_tsecurity.exe 80 PID 2416 wrote to memory of 3740 2416 bitdefender_tsecurity.exe 80 PID 2416 wrote to memory of 3740 2416 bitdefender_tsecurity.exe 80 PID 3740 wrote to memory of 3604 3740 agent_launcher.exe 83 PID 3740 wrote to memory of 3604 3740 agent_launcher.exe 83 PID 3740 wrote to memory of 3604 3740 agent_launcher.exe 83 PID 3604 wrote to memory of 2452 3604 bddeploy.exe 107 PID 3604 wrote to memory of 2452 3604 bddeploy.exe 107 PID 3604 wrote to memory of 2452 3604 bddeploy.exe 107 PID 3604 wrote to memory of 3132 3604 bddeploy.exe 85 PID 3604 wrote to memory of 3132 3604 bddeploy.exe 85 PID 3604 wrote to memory of 3132 3604 bddeploy.exe 85 PID 5108 wrote to memory of 3580 5108 msedge.exe 87 PID 5108 wrote to memory of 3580 5108 msedge.exe 87 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 2812 5108 msedge.exe 88 PID 5108 wrote to memory of 4304 5108 msedge.exe 89 PID 5108 wrote to memory of 4304 5108 msedge.exe 89 PID 5108 wrote to memory of 2504 5108 msedge.exe 90 PID 5108 wrote to memory of 2504 5108 msedge.exe 90 PID 5108 wrote to memory of 2504 5108 msedge.exe 90 PID 5108 wrote to memory of 2504 5108 msedge.exe 90 PID 5108 wrote to memory of 2504 5108 msedge.exe 90 PID 5108 wrote to memory of 2504 5108 msedge.exe 90 PID 5108 wrote to memory of 2504 5108 msedge.exe 90 PID 5108 wrote to memory of 2504 5108 msedge.exe 90
Processes
-
C:\Users\Admin\AppData\Local\Temp\bitdefender_tsecurity.exe"C:\Users\Admin\AppData\Local\Temp\bitdefender_tsecurity.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2416 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\agent_launcher.exe"2⤵
- Executes dropped EXE
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:3740 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\bddeploy.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3604 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\setuppackage.exe"4⤵
- Executes dropped EXE
PID:2452
-
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\packages\installer.exe"4⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:3132 -
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" protect5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4904
-
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" install5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:976
-
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" enable5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3284
-
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe" start "C:\Users\Admin\AppData\Local\Temp\bitdefender_tsecurity.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2036
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5108 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9aeba3cb8,0x7ff9aeba3cc8,0x7ff9aeba3cd82⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:22⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:82⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:12⤵PID:1408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:12⤵PID:2552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:2424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5392 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5816 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4476 /prefetch:12⤵PID:2036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4648 /prefetch:82⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5488 /prefetch:82⤵PID:5440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:6124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6520 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:12⤵PID:5712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:12⤵PID:1300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:12⤵PID:5472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:12⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:12⤵PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:3412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:12⤵PID:4884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:5180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8176 /prefetch:12⤵PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8456 /prefetch:12⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8440 /prefetch:12⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8612 /prefetch:12⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:12⤵PID:728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9284 /prefetch:82⤵PID:1128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:12⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9680 /prefetch:12⤵PID:4572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9812 /prefetch:12⤵PID:5860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9960 /prefetch:12⤵PID:4484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9488 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10216 /prefetch:12⤵PID:5920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10344 /prefetch:12⤵PID:5908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10484 /prefetch:12⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11168 /prefetch:12⤵PID:6184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10104 /prefetch:12⤵PID:6360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11456 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11416 /prefetch:12⤵PID:6716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:12⤵PID:6904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11512 /prefetch:12⤵PID:6860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11708 /prefetch:12⤵PID:6944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11984 /prefetch:12⤵PID:7068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12024 /prefetch:12⤵PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11600 /prefetch:12⤵PID:6580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12188 /prefetch:12⤵PID:6732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12136 /prefetch:12⤵PID:6736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11740 /prefetch:12⤵PID:6576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12660 /prefetch:12⤵PID:7240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10880 /prefetch:12⤵PID:7248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12664 /prefetch:12⤵PID:7500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11892 /prefetch:12⤵PID:8076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:12⤵PID:6372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12020 /prefetch:12⤵PID:6284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11912 /prefetch:12⤵PID:6304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵PID:6312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11220 /prefetch:12⤵PID:7816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10188 /prefetch:12⤵PID:6556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8872 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:12⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:7204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7132 /prefetch:12⤵PID:7296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12764 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:4668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:7896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7912 /prefetch:82⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8928 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6436
-
-
C:\Users\Admin\Downloads\PixillionImageConverter.exe"C:\Users\Admin\Downloads\PixillionImageConverter.exe"2⤵
- Executes dropped EXE
PID:7572 -
C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe"C:\Users\Admin\AppData\Local\Temp\n1s\nchsetup.exe" -installer "C:\Users\Admin\Downloads\PixillionImageConverter.exe" -instdata "C:\Users\Admin\AppData\Local\Temp\n1s\nchdata.dat"3⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Executes dropped EXE
- Registers COM server for autorun
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6036 -
C:\Program Files (x86)\NCH Software\Pixillion\freetype.exe"C:\Program Files (x86)\NCH Software\Pixillion\freetype.exe" -LQUIET -instby fiPixillion -instsvar PIXILLIONRelatedprogramspaidoffLLIBInstquickon4⤵
- Executes dropped EXE
PID:7488
-
-
C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"4⤵
- Executes dropped EXE
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2364 -
C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe" -add "C:\Users\Admin\Pictures\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.ico"5⤵
- Executes dropped EXE
PID:7880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.nchsoftware.com/software/thanks.html?software=Pixillion&appname=Pixillion&version=12.26&appbits=32&base=imageconverter&domain=nchsoftware&buyoffer=pixillion&pclass=plus&rgst=0&instby=dl&iid=oFzybWghiuY&help=0&ostype=48&osver=10.0&svar=PIXILLIONRelatedprogramspaidoffLLIBInstquickonPIXILLIONShowoutfilesize2onLLIBControloffPIXILLIONSplashv2offIc2rUTfgPIXILLIONRecentfilesonDRBvGxohPIXILLIONRemovedropdownonF3ocCC9wGUwfPIXILLIONOilpaintfilteroffHZDtR4hvDiphHo1nIb1oNxmtI03nZTUvDFWwIwldPIXILLIONRemovebgtboffOqwkFHoeHtpdPIXILLIONNewoutdirlabeloffPIXILLIONOutputfolderpdlonXparPIXILLIONSetoutfolderonEwdjPz6fOVJfOElvTNDhPIXILLIONCompressbtnv2offPIXILLIONSucav2offBISrHm7bMBNePIXILLIONAllfilesfilteronGVjhPIXILLIONApplyefxchoiceonUizj&usage=07D202&usagestats=png-ico(2)&usechoice=lluim(0)&daysusedprogram=1&usedsubstpct=2&secsfr=238&active10s=5&refdata=refdate%3D1712019369%26referrer%3Dhttps%253A%252F%252Fwww.bing.com%252F%26ref%3D%26ref2%3D%26ref3%3D%26kw%3Dconvert%2520pictures%2520to%2520icons%26theme%3D%26pageconfig%3D%26download%3DPixillionImageConverter%26clientid%3D%26platform%3DWin%26language%3DEN%26browser%3DEdge%26screenwidth%3D0%26screenheight%3D0%26cpucores%3D0%26webvar%3DPixillion.DownloadProgressBar3.Off%252CPixillion.ConvertImgBulletPt.On%252CPixillion.AddFileH1Title.On%252CPixillion.WideBigHdrBanner.On%252CPixillion.WideScreenIncreaseFontSize.On%252CPixillion.H2FileFmtSortPopularity.Off%252CPixillion.RotateIntroBulletAddMultipleTxt.Off%252CPixillion.IntroTxtNewSentence.Off%252CPixillion.ShorterSuppFileFormatBlock.On%252CPixillion.H2TitleAddBatch.On%252CPixillion.ChangeFeaturesRightPreviewImg.On%252CPixillion.AddLinkFreeBulletPt.Off%252CPixillion.MoveGetItFreeBlock2.On%252CImageconverter.H1DownloadLink.On%252CImageconverter.TopDivDldBtn.On%252CImageconverter.CrazyEggHoverStyle.On%252CImageconverter.NavBarFreeTrial.Off%252CImageconverter.NavBarSpecialOffersNsFalse.On%252CPixillion.ChangeStickyHdrBtnTxt.Off%252CAll.ShowManageCookiesLinkNoWV.On%252CAll.CookieNoticeBtnOKWithThat.On%252CAll.EdgeDldBubbleTip.On5⤵PID:948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9aeba3cb8,0x7ff9aeba3cc8,0x7ff9aeba3cd86⤵PID:7580
-
-
-
-
C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe" -installsched4⤵
- Executes dropped EXE
PID:6488
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:12⤵PID:5356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12724 /prefetch:12⤵PID:8060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10436 /prefetch:12⤵PID:6068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10700 /prefetch:12⤵PID:7648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=97 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10416 /prefetch:12⤵PID:5864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10068 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:6508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=99 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:12⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=100 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9836 /prefetch:12⤵PID:5452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=101 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=102 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:12⤵PID:3464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=103 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵PID:8176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=104 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1252 /prefetch:12⤵PID:6340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=105 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:6384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=106 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=107 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10392 /prefetch:12⤵PID:5812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12828 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:6568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=110 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13252 /prefetch:12⤵PID:6560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13248 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=112 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11220 /prefetch:12⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=113 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12752 /prefetch:12⤵PID:6184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=114 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=115 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:12⤵PID:6936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=116 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12504 /prefetch:12⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=117 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11884 /prefetch:12⤵PID:7524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5940 /prefetch:82⤵PID:5924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:7128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=120 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=121 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10956 /prefetch:12⤵PID:488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=122 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=123 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:8128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13016 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=125 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11228 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=126 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13108 /prefetch:12⤵PID:5668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=127 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:12⤵PID:6008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=128 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵PID:7792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=13192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:7444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=130 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵PID:2856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=131 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9576 /prefetch:12⤵PID:5468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=132 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13192 /prefetch:12⤵PID:6060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=133 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:12⤵PID:7152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=134 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11168 /prefetch:12⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=135 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13020 /prefetch:12⤵PID:8044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=136 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13468 /prefetch:12⤵PID:8108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=137 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13444 /prefetch:12⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=138 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8748 /prefetch:12⤵PID:7628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=139 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:12⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=140 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9300 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=141 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13960 /prefetch:12⤵PID:8176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=142 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12860 /prefetch:12⤵PID:8072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=143 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9700 /prefetch:12⤵PID:7764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=144 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12484 /prefetch:12⤵PID:7280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=145 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13436 /prefetch:12⤵PID:7964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=146 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10444 /prefetch:12⤵PID:8016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=147 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13656 /prefetch:12⤵PID:6652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=148 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:12⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=149 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=13780 /prefetch:12⤵PID:904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=150 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=12652 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=151 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14152 /prefetch:12⤵PID:7612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=152 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=14188 /prefetch:12⤵PID:3288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,11093800471683675755,10310855993275978734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=153 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9852 /prefetch:12⤵PID:2148
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4684
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4776
-
C:\Program Files\Bitdefender Agent\redline\bdredline.exe"C:\Program Files\Bitdefender Agent\redline\bdredline.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4408
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"C:\Program Files\Bitdefender Agent\ProductAgentService.exe"1⤵
- Drops file in System32 directory
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3040 -
C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe" install2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:980 -
C:\Windows\SysWOW64\regsvr32.exeregsvr32 /s "C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoveryComp.dll"3⤵
- Loads dropped DLL
PID:2656
-
-
-
C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\DiscoverySrv.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:4160
-
-
C:\Program Files\Bitdefender Agent\ProductAgentService.exe"ProductAgentService.exe" login_silent2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2884
-
-
C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\ProductAgentUI.exe" show=progress event_retry=Global\7295237F-E98C-4C46-A4A4-07F0D66278C2 app_name="Bitdefender Security"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:3380
-
-
C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe"C:\Program Files\Bitdefender Agent\27.0.1.266\WatchDog.exe" install2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies data under HKEY_USERS
PID:3248
-
-
C:\Windows\TEMP\bd_1CCA.tmp\wgj1CCB.tmp"C:\Windows\TEMP\bd_1CCA.tmp\wgj1CCB.tmp" /source:web /attach2⤵
- Executes dropped EXE
PID:6608 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\installer.exe" /kitArchive3⤵
- Drops file in Program Files directory
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:6532 -
C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\Installer.exe"C:\Program Files\Common Files\Bitdefender\SetupInformation\CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F\Installer.exe" /attach /source:web /setup-folder:"CL-27-A80376B5-6FF2-470E-A642-6DCD2E109C3F" /step=new_install4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5576
-
-
-
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Suspicious use of SetWindowsHookEx
PID:2452
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost1⤵
- Drops file in Windows directory
PID:4260
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x0000000000000440 0x000000000000047C1⤵PID:4684
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2792
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵PID:6368
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar"1⤵
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:6344 -
C:\Users\Admin\AppData\Local\Temp\7zO8C8198BD\Chaos Ransomware Builder v4 Cleaned.exe"C:\Users\Admin\AppData\Local\Temp\7zO8C8198BD\Chaos Ransomware Builder v4 Cleaned.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7812
-
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\43b432e6b2954c99aeb7fdce78010983 /t 6272 /p 78121⤵PID:7800
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Chaos_Ransomware_Builder_v4_Cleaned.rar"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2084 -
C:\Users\Admin\AppData\Local\Temp\7zO4284671E\Chaos Ransomware Builderv4.exe"C:\Users\Admin\AppData\Local\Temp\7zO4284671E\Chaos Ransomware Builderv4.exe"2⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3208 -
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\qlykvbko\qlykvbko.cmdline"3⤵PID:2020
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESF061.tmp" "c:\Users\Admin\Documents\CSC198049FDA07F4C449B5FC8D51646D0CF.TMP"4⤵PID:2416
-
-
-
-
C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe" -add "C:\Users\Admin\Pictures\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.ico"1⤵
- Executes dropped EXE
PID:5472
-
C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe"C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe" -add "C:\Users\Admin\Pictures\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.ico"1⤵
- Executes dropped EXE
PID:2340
-
C:\Users\Admin\Desktop\bitdefender_tsecurity.exe"C:\Users\Admin\Desktop\bitdefender_tsecurity.exe"1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5032 -
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Drops startup file
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:2416 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\fuckthisshit.txt3⤵
- Opens file in notepad (likely ransom note)
PID:6032
-
-
-
C:\Users\Admin\Desktop\bitdefender_tsecurity.exe"C:\Users\Admin\Desktop\bitdefender_tsecurity.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5772 -
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:8080
-
-
C:\Users\Admin\Desktop\KG_Ransom.exe"C:\Users\Admin\Desktop\KG_Ransom.exe"1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3176 -
C:\Users\Admin\AppData\Roaming\svchost.exe"C:\Users\Admin\AppData\Roaming\svchost.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2104
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
263KB
MD59d922ff98ab5ef728bf482a46c565647
SHA1a4d4958331070b2c8ca8aed814b32a50d93e595e
SHA256946ec5e46e155101da5a5e8b03aaafb4f0359efa437a99ae38d395763e73bccf
SHA512c1c6a50e0d8694838a05fc8f0fdc064ca1b8904fed3ae4de458db226116ab27b636faab00cfaccc5d647244d1b36ddda4a78b354d61a51c262a3645f4d4a453b
-
Filesize
141KB
MD5a250181db96761bf9cefd9764d4d6365
SHA185af369856ec5d16d001ac22c8fe3556c8495903
SHA2562c28b15bf2bfe0aef64e3a0102a2cfc8fa2d9d285e2dff29a8c4fd06bf8a5e5f
SHA512a0dde233622f60085c0266608ddff6ef713fddd23f7f8d333c5cc078b330126f137b701ad64fe837ad35111de7684de54662cbf76e6d0ae2892563177aba87d8
-
Filesize
1.6MB
MD5040085a581765d2e45821d944e60d64f
SHA1ebb4c62842a323d06274d4cab99fd51044412c27
SHA256efcc3b7457195adb080986525b34cda9e0d5a3582e953f4d2733257039b40db8
SHA512adb5ba2d2e2c518296a73d0b6c2ded9f3ae8a84f250f7180c4bf833093709fe0cd30ea10c4d2cecb392f9992973a5f707884d9bf6506e84b9c379516a1b60e6f
-
Filesize
1KB
MD5b396eaa7cfcd6de11bd5087871d30d28
SHA1353b9f636e6b09cbc035c9033bdad993700b035c
SHA2563926622c0dbb1343a665edcfbc406047d313f91b90adae7421f9c06f4301d9fa
SHA5122225c9922fe18d8e5d094d64b835fac8be63a98489bb323e4566b41990be4c40ba2e7fc6695f7c147395bc3e7bb36e9873b0eafd0655cecc98cf08f75c41f38f
-
Filesize
508KB
MD5e2a0334684b05bf05a953b80a4832d20
SHA1d29dec0042c65ac02c411e4caed37a5e1aa84d5b
SHA2567dedb34158f800166567887c7a007a85eca0be379d20d51da3230f66c6b094c0
SHA5120d486947d1c87ee632930afb49dae1061bee5b271e16a419c9e37a92c7083509de3e8980a73f8a9f2724421612f2cb9d33ea4156ab5c3afa34e4a98fed84ea92
-
Filesize
129B
MD596d15c4f3db04429631866751a1d2890
SHA161066ffead2b6859e4d3fd497a78b05343ccf25e
SHA256e8d31c1de790f738ef75daa0402584560a0672402d0d3ded0899d2dbc95fb911
SHA5122e5c94e2d92eadd28f604ed1f04d6e2dc9d9a4ffb3c2270e9d19792ad41c0c536260616a17b433f4f2bc57b31b116ffa06eefb61955b98029f15593db4122189
-
Filesize
2.6MB
MD5c86511990365ac18cfb527e41a6f7eac
SHA1d5119c749ba9c4f4a91120381cae151ce8cb82ad
SHA256eb247a43d0cfd0662559f1e3a2bb6656a6b7d465c8d404d5a3ea090daad78196
SHA512d76df94f69421921a04f768b04120cef09db6e6f8d8a930033893766444029c0be9c86250e49e9ea11c6d804cd16f4676ab0be860486d22f4992a65deaf30df5
-
Filesize
155B
MD5758591d297b16ee7b5127f2fe3e67a27
SHA1d782a572579a9f52e31bef5377997c7f9be28790
SHA2562c6224951714e685114b51c4e598c2bad8c7bc16975f7401ac51e101afcab837
SHA512808f47903ee90c68939aca97ca06b1523bc5355d7de6c1b3ec14d0cd560b3bf77abe7c429964176711b91bf6a9bb2a1a9fe22206daa465ff2ec55e55ccc2eff3
-
Filesize
1.3MB
MD587708aa959b727dcbaf61e1e70e39102
SHA141742e628b8e5148e7dc79392bb14b51344418ed
SHA2566192ff8a25dfe8fe1f8ae025fb727ac29e69dd8f6702e89793ee9c27d09b5109
SHA5120a275257fa5baf92ba982e0d450ed1cd148c106b8a3170f30588df11089cec42b56e2371e62f675db87315622ddcc58bc42798d4927689a8dd4486abc5146b15
-
Filesize
36B
MD5f4c2784aa289f17d144a589751c7980d
SHA1b414dd690863acf3614c25c911697f1b16c24c62
SHA256e6e827f81840ce8975cd5e30467ddc1661c3f407cd9d342d00800f32c01dcc26
SHA5123f3f8f8ae91d679745189722c88d97d19e8728ce3289deda2e89a79061ad06d0a627a9783a9ef2a833f6a7843d882bebdae77d178f3d810b581093b299f2b70e
-
Filesize
34B
MD53a0a7d7823833be6e8af5ab1af295139
SHA11895dea63fb05e7e6f90e052936de086874c4c75
SHA256a5f15ba3b16384b584780f2bbb0ef3e7fd49ccabd0b9ca10437882f65f49c7f2
SHA5120d1377acaf8c5062e4ed7b3ad3fe0fbae594b6ce234aa9339471a31c63d6ea768c6cb2ca24820fc7726282c7fbbd41da29242cd3c288d7a0e8cc6b7e49c9835d
-
Filesize
301KB
MD56a9e978a4fe23df6dd4c329db64bb893
SHA17220c35ec2aac2df1613969ea9fd388f007961c4
SHA25677eea2da6b65bbcd7ab5852fa3fbbe9c2e8e090ed2af27c4d200ef06eb094154
SHA512c677fdb998f076302a1acb782b5ab422220abbd686610514c16af9bb5aeafef4af4d04ba60c397db3181ac1cf24bf68571d4f611458976261508a794323b3637
-
Filesize
78B
MD5bda7be337da35949bb617c42de5fd811
SHA1bf5e6c6a7dc9f9ccdb6207ac0d31a1aa76ec93e6
SHA25654e2f0d07609a40a45bb12d3a271eec1fb9021f62b756a4bdbdc42191fd79dcd
SHA51219b96b62a4055bdf254b13acba70fb8a4ec606a45abfe4fbf97c29aeb16a9e12d4e2529339f7571f62558559111f493bc52797388bfe629194cc89fb9d1b275e
-
Filesize
973B
MD57a9089116cdda102d9a2d0621846a500
SHA1ba1c5c58b072e247790f31e13fea0668605d62b5
SHA25670d5b628a3da01b54abc0f9daa69335272236fb753050e0a905a1cb797530ac7
SHA512617b1a3991dfccf6b325a1e53a5697372d99680784f5d557f06291f4c6fad5e2f1d448af56e97ff51d625f81295e45e622e6873d1b11356a4ef9e320b0d5de02
-
Filesize
669KB
MD533bc0814d3ea990455a2e956a24fb71a
SHA109f9d7550d82512ddfdba4aafcb538a9eccab342
SHA25679a1b5b25ddac2372655399805ee5f8d770e1083440c67247d7ab5a659909f37
SHA512ea5a8cc2cce28e657d776d81e4d9865773eebc473a6052989d6f88b246bb907f9a3f260f7a816d9e30f752738e0fc18126e0b024f8e628422a58141148b5b5d3
-
Filesize
1.8MB
MD547f4ae0cf87bdc54a2ef7c4f4b11737f
SHA1c3a9389a6614d0127253d5b6092752dd709570e8
SHA256af2928fc85499f5e63c78147bc5f971e9155004f557db92a9bf48da6d912431d
SHA512676619dc3d1c8f7978760bb5a26df62e87006df8c1aa4e6223204f11563dd284c17921e997fbb4f3923785c507b133dadb4b142467d8d48e5efab3b7f7dbb5cb
-
Filesize
1.7MB
MD53e42b901cb1c89e5994649703aa27d09
SHA12df41dc5b36165fa2d3d02f2e5eaed6e33f435b8
SHA2563431e5ae5302dc04aecd77b1e52c2783c316a32e90349a8c418fb0e16e53a660
SHA512e7ce58642f32bfcedd787d4c512945d2ec0ee445a9a65ede932196ea87395812729dc3fdb0a22fa601ccb73a9372385b8bdc844f65ba61748175213e7f838b64
-
Filesize
943B
MD5a55ebebec2556f8d930ccfd213e87b16
SHA1678cf574f431382fb53e5f0a783d81e9869ea96d
SHA25641bae1de798795d9614788fc2a69e6058074990820a248f0284ed7fba41b1175
SHA512128f3f83ea4f70d4f7578b28c65fe269bd070ec28ba8dc09bcddc29644867eb006648f9ce15ca85a7b57a2108d3c20b9aa5dea871dd9e23621ac96fc8b6fd8e5
-
Filesize
357B
MD5359c00356b7b0e3a871dccf4f5b7e17b
SHA12d12be84f3db7a11becc6838b13764103809924f
SHA2566017a4af984473cb2c626419304c79f1dc33b1632e9601510a5c85323b319a55
SHA512c6891cbb382983f605457f0ab11d33971b53eb305eb3ce9f518cb329a7f042da6f7634c13e9a8fc02c696e4295d95b5f2a2eb8ce3492b50654740617c900d1b3
-
Filesize
44B
MD5d2de780f292bb508ac912c96910be873
SHA199235d586881e5a4cde571b096a8317584f1190b
SHA256620a66403b2ffc67447fda1d2c839f454fb27026de3d3c3115b19c5d9e92bfc8
SHA5121454e5cbdc6428e1efe00d2534a83a0defccf8406c4e51e19a508a618145db0b7b5e2d18da7063230d1077dcc844583132774619fd6b41959711cb710cb86b09
-
Filesize
152B
MD5f2dc80f5403feb8461b7ffa09890d6a0
SHA1d5b61e6d672e7e71571e0132e21cead181da8805
SHA256eadeadba37eed18e5acba408d7e076270b00403fed372b77164577232232428a
SHA5125e2119529b99b76be105c43714e4b9977ee2147172c1c44e92bd9b41fa7a66f55d4073c864aac668a912aff2898bd216fb38f2fe34ef65de69ad12965218caf5
-
Filesize
152B
MD55c48e8b68231fb5b2d7f1188b930bc0e
SHA11822aef5da8fdd47626fb91afcf79a2be175a325
SHA256c3b287c29eaa57166b2ab1ba9bd0aaced13cc2f946a04b8d708ac429187fe944
SHA5122bd09b83e44e0104fbe080a8573690217dc9fbf7fd59ff25a1a9e9ebd2d87ac533f9b99350773d081a7e748b39657115a13e94538b153bceb13ecdfc4672a0f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0259d0fa-fab3-45c1-82d4-0207452cccfb.tmp
Filesize22KB
MD5d8e447560deeeb982e1184fbc6a52df3
SHA119d2dbfcd28b2fda3cc3da8aa241d34fc90f7384
SHA256f4efc0664389317fb09e78888bc629a977cd7faf715b621342594b97ca50fb40
SHA512b67e29e00c2d099926f07140186bdfe8d96eb0c9aceeccfb203c8ef2b4b7c4faa50085b0db64a9955b054df13790a3654e675d03f634bb6fa48b12c86fdc3ba5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60b196a3-ac33-481f-a061-fe88770f5946.tmp
Filesize21KB
MD599e664d58ec6f0bef4330b9e0b067af7
SHA10a597e46ea4e298befdf39b63431f72716bf8064
SHA256b62d1b81da1dab0721c0bcc5fb40682a869d898b7eea80897e5e2dd883d3aa90
SHA512c5362c9a241009da7b098584096efda47df5e8fe8b9000b9a1a4d0999dd1ba12f44b2c8a05f94b4162fa0d9605b1de6990416857f5a8251ee05c3a5068776c62
-
Filesize
69KB
MD5a127a49f49671771565e01d883a5e4fa
SHA109ec098e238b34c09406628c6bee1b81472fc003
SHA2563f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6
SHA51261b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
34KB
MD5940778258e4fcdac8e634777675f9f34
SHA1d558ee1b00e167b0b30b194d4e81cdeb41a76bbc
SHA25604087420922e7ec7b88adc540d15c42732ed22eaf75bd4ca44a3dd8abffafa79
SHA51266558200377a4526b1c0522be0836b4ca407f33940fd82f915661831a0a8b12a3f44cfb03ed013aa433e302dda3ac3f042d42d3b5e6e4cfa1eda4ab06c8b735e
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.1MB
MD593feab00f76536d681c1b77eca2c7caf
SHA1c48cbe893b3178a56357c132cae2fa63918d790f
SHA2565da61564d6ae3fa4506522460d177f8b642b20bae63f81cee14b9ca71fd49226
SHA5126276f945f1008c70bdc559a8d6a14c609a033af2fae6bd80c129da546e7df6cfb3fcdcc452508df8ee5be7a0a87a6f9930664b8b9726c4e52877802a9ceca5ca
-
Filesize
75KB
MD5cf989be758e8dab43e0a5bc0798c71e0
SHA197537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7
-
Filesize
32KB
MD5bbc7e5859c0d0757b3b1b15e1b11929d
SHA159df2c56b3c79ac1de9b400ddf3c5a693fa76c2d
SHA256851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2
SHA512f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea
-
Filesize
40KB
MD53051c1e179d84292d3f84a1a0a112c80
SHA1c11a63236373abfe574f2935a0e7024688b71ccb
SHA256992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3
SHA512df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff
-
Filesize
53KB
MD568f0a51fa86985999964ee43de12cdd5
SHA1bbfc7666be00c560b7394fa0b82b864237a99d8c
SHA256f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f
SHA5123049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7
-
Filesize
162KB
MD5a1d9428879a7aaefb214e7f5dcc707c6
SHA19223cf3d285f0e612e81da3f0a53c98ec3abc7d6
SHA256dd9a76fa10002fbce9288c8fe3ea9f399f22312828e0d7518f951136db93f10d
SHA512677e4d3ff3c3eb194eda739a23f6131d9b612f34e608a19839dd5bba983748f93c8174bb1159b498b914ecff0f5cd366520d38929178ac9e7e4326c7ff60a7bd
-
Filesize
44KB
MD5100afabd23cb02fe8582868da939ea44
SHA1802b5e8af07c6cdb8ad1d81ed4f8703032598f29
SHA2566e9e35f2d9abd7852c1105825cb0645222d10e6861eaa6287a6210e5a21aa524
SHA512f8cb150a915f7cdc393418567962efd20eefa3e31a6575be14bee413c7a3a99b0681178f03cecab8602fc539d9711b0469f0219f0ec94397407ad8ff977e720c
-
Filesize
1024KB
MD54322f0449af173fb3994d2bef7ecb2e4
SHA1b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934
SHA2560502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9
SHA512d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef
-
Filesize
242KB
MD5ec1d6f2a95ce63412ac2a26f98d2e278
SHA171dc591b9dda38379283a88a1d855ad3cb31ffde
SHA256ceb2ff2b2503d161d3df7cba93731705a44582ef0a4ff0c0caab8a43176e14de
SHA51256f7c53171f497afa4fce571945d6c59700f9d9fde77c1fbc7793b2afdaf0c7a82b24a28c80ea5fe8f27e103a813a06be9b23b71beb5e24af8ee255805b55704
-
Filesize
20KB
MD539373644e8b7c341ee42f6afab7e16c2
SHA135b1659d04428f3b9a53b1a8527e7920ed6d3fe2
SHA256833ce2813d693a7c3958b74ac471b64ad0703561ee32d58c191aa964acf223dd
SHA5127cb85721f5f8d663b27f432c34c1dc9f0f7d831c83155f2e7725e557a6dafd0d66803f5cbc8b485e471e881a90cdedd7b1fc653072684d993641592b579c5e8d
-
Filesize
37KB
MD55624ab9563b1d6e902c7e4733f96117c
SHA13287251724e70e9272566c0a6035587f530022a0
SHA25627442aa29f245775a0e1f2d6f452cfad21944afb6c8a0e36f28683911bbc511f
SHA512c643c69272f343a10af33c3ef358cbf86d65e0ffcd2615d03e1841492487bf87003bd91fc6c25be64108e5a732fb7aab723b3d6ecb80db45cf94f11d82c14b2f
-
Filesize
64KB
MD5b71e1d6916fd133122234072e5374356
SHA19cc67ec7eb4c77d564acdac2b05ec4b67ab8d314
SHA256506eaad993526ce4f9f4d253cff391704a22862904e7148577a4dd030c078cde
SHA5128528cd4dceec9684fa2233219d7fe8057b1e695b673d4f4a7487045f1fa6c1bada8c6619b78c0a5ac8df77ed7ba796f7ccca8814eab3baa19e637075b5b327e5
-
Filesize
44KB
MD5da686f9de78291d8a6fa4b6fccdbfa82
SHA131eeac6181dc8a3f09f8d5b1c2a6c4e35be4f9bf
SHA2564cb7bd414353f3fbec7c2312e8fc98c52be880669bb50464c8d07aea58b9b05e
SHA5121c0ef9048a1881c3e5d5039df92175ef6e48b45a5fd5838dacec4cf5add1f633ad3068915c196dfdc992b9344e5848a0bd854eb70eaf235f281c2977e6228e42
-
Filesize
22KB
MD579e675d72bdce45fbc43984cca5b1e11
SHA1498bd777fdf8d09e6508262fbf04f2f7b4fa46b3
SHA25660cc64beb4a9047b98408732d4ff65fbd4dfcc9430453436e72c3e0ab57d085f
SHA512760c8fd2c43f6696b8f20f0e475d68c45a650566dc8bd8d719d4f64652c82b20f7cb37bde18af8c7a5226bb7c21faa0629119a8e46fa768a046a62ee290da889
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
24KB
MD5b82ca47ee5d42100e589bdd94e57936e
SHA10dad0cd7d0472248b9b409b02122d13bab513b4c
SHA256d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d
SHA51258840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383
-
Filesize
198KB
MD5cda68ffa26095220a82ae0a7eaea5f57
SHA1e892d887688790ddd8f0594607b539fc6baa9e40
SHA256f9db7dd5930be2a5c8b4f545a361d51ed9c38e56bd3957650a3f8dbdf9c547fb
SHA51284c8b0a4f78d8f3797dedf13e833280e6b968b7aeb2c5479211f1ff0b0ba8d3c12e8ab71a89ed128387818e05e335e8b9280a49f1dc775bd090a6114644aaf62
-
Filesize
62KB
MD574c240d81e71ae376913677111b6fc7e
SHA19002418d668b0b5c3541a86fd6195693384b9fe3
SHA256e0c7d5f46ac580b10c72b512709965137f941d206ab0995d13a77a0e3f5055ea
SHA51266abaa43ad96f7466d1affa8bf039c90d2bd6fb64898e506fe0889ddfb3554d89a1c3e9f652724cb791c5c104ca68879e8145064173a09fe2580e3fa4fb9b64c
-
Filesize
31KB
MD5c30d2da9fb20e32f49471c06ab0b4683
SHA10d1aa96700760ed1564756a24a0eaba66fa27430
SHA25628c0929af10cee967c8c4b07c6e0cffd475fd6b02ee0fa430d6394c80b8fbe1e
SHA512431314c00a7de250551d1015b256bcdb50859d43e86729a8ef72470d619a5ef146e6cd74183dba953e0b30e6393116c48aad1b54323905ccc795e831c1c08720
-
Filesize
38KB
MD52b7ec9fe5044c75348bc52964bf50b78
SHA1039e784c53ba423877c5c845ffb044abbf4c110e
SHA25671c9403962b1f930169325d2c812125a0088d2a695609486bb6f31185e84ff97
SHA51292cb64599e198177093bda32e1c962fdccaa049d9875292b97c6b014d0d0afde750dcef27151751dda3f8639df41bed611bce7816c04d4e581b17b132d169016
-
Filesize
64KB
MD5b3cecdb68c56273a9a559a2d966d7e67
SHA19ae2157fde228d8571bb5ec3a4d3e2ac3ae3218b
SHA25669cbf6f57cae1af820ffa152a0ef459f25647175c7567f662205cbbc80e4aa85
SHA512ab09ffdb889facaa1dc09e811cdc1ac1d1e875037572774e4df80b7d6118150f0a9baedf06b283d1c4fa9772ca9826a80e3f5cd8b2dec5e25463a77431b67f57
-
Filesize
19KB
MD548f1bb392d4cf86123e80420497fd7f9
SHA1d93e1b87852b3664d4863aba65691772e9b516a2
SHA25667dffef53ad5c00c67b5ec3a9f4e603ff710cfe14588087c2703074eaa223369
SHA512dc986587ed25b08b194e1232313e6499af0576857786ddb39bdf2a066c36ce654aaa5355d920319d2a46d28735318d471db91c32c316ee426601e9c3506b2d08
-
Filesize
1024KB
MD55e087dd5c82d3c53fd0330f39149cb18
SHA1d1f2507b355e411a66e4dbb91183ba3d530cd590
SHA2564a2d5c1b2750224e0eb6233a55c08a0e69799ee61bd0935a2780d9b25a1fd190
SHA512d9a0b3abf300fce2d8b51202b84c7a718e19273774619e01688eb069d65e7ec8a2fcc56a65dce0ece3fd6dc17a5ee58ff03f7a2805d403f75ecdf07c8eb0328a
-
Filesize
1024KB
MD5099d8e1f3f8203715803f284eebd02a6
SHA10275efc65797bcdbe502594f2938e215a7bfe80b
SHA2561bfdab24a0f2ad3a40a43db5afc6ce4f97e4a4092d35768300399ab99fa07730
SHA512bc57372f13e4f1aa456b0a77621790bfaebe35665e44bfbe5ee1fc22707ebc98c34fa0fd7679cbc793b520160dbd4c387523f645bda5e6a90edbdbc20e61c7b9
-
Filesize
1024KB
MD58910042fe03e114fbd94ad4ff0e5ebab
SHA19b5b399f94443348bf8673bb9c5bb557c939ef4d
SHA256c26b976ce362dafb12bcabb6059ca5f84aea2a5c824f19b310e094b4b717bfc0
SHA51204eb374767965ae120286543bda6c2bb6ac2a0ddcecb74b28ab064522b9b6e7ee9bd4c1849a4ef2804321fccba579751c4d9410a08a9f75c3abdd28d3cbc317b
-
Filesize
64KB
MD594a2df7230f5e738824679dbe704adc5
SHA1c48afd74f3e4378983800cf72cee530bef29b6b6
SHA25668d7cadc617fcb5790608992ce9b366698bf804e29d8e24d12c9d22a452d4be6
SHA51285f484cf067441747325e5b02d5c5e659c199d56e963a00fddc8a0d449e3defdbeced55bdd68dd208cb6cdfa955c1fd20885616f0ad77215c5c9b634c1c2d77d
-
Filesize
1KB
MD5a8118a762302c7f12a9026f821dbabf4
SHA1d9fc7807b6c3cbdfb407013d35ae142586ca3cf2
SHA2569c24ccdfecb995f5ff360b5721255db4071fc3824002c407604c20a46a934105
SHA5122df6957e1a9a65723bb2f057401e5707f1353cb956727bbf62b9d4000b71c9997fd7cdc50716b2eeea355d655c774fba695d79b6f4fd8d8bbbce7941b0f03750
-
Filesize
14KB
MD588b374754fa89638306ba0661a954fd4
SHA1b1954d98f492846e404ad694699fc352e3e004b8
SHA25662ff3caf02d4531030748f432c3514e6464352b270094b834b18dc31af674da2
SHA5128e14662ccd2d84a7bb1e2ba65c53046e07802f0537bf3e811344866795294ba5059fad247d0c6c24677423a5b0f8b6ca8a4060f6b491c97f7ce693bc10f6a50d
-
Filesize
2KB
MD5519ccc334290db123c175369112bf9a5
SHA1443f8c5a1bc2b4867408924a3940e501967904e0
SHA256730166cbc41d27fc044252b1302de19626d29df4302fbc4c2490d80845d0c927
SHA5127a0b0ce55c546e7e28938c5affcba50a5131e4978284822b3c1414469c3a0967bc9221f23f21e073b3c267bdb7ac141ad05eb8cf9194ed066fbfce0baeef2563
-
Filesize
4KB
MD58c3ebfa9ca403c40e2fad8437d1bc6d2
SHA18335249ebe2edf3fded941e98677031bff445f27
SHA256f00e3e522cde5a2bbb51cee8b7c105119ec098283935b9472465a3263d9d3665
SHA512a33dfa255a33b4141a36b9a2009d18c01f814d10890bc0ea71efd05d240b4932ada6e1433f0bf7cbc6bf931695e3ea97b5e7bd3cc4e4dc57a92b08ba494a5866
-
Filesize
16KB
MD52edd27dbaad5c26f84c19fb917f5ec2b
SHA17d4caeb88d36f6a5445b5e6d940f5df529dc3858
SHA25606812201320caddc809f1dfec3a6538bbdbae1a8e7c46874368913b692f4a02c
SHA512e2641e2fbe2252cd0fc37f53b43ee8120d7fb2615b450be4b81625d2e01e5119b6db1a5d43c37ba582376bc7467cc1fef1f32eb322e3da648a49a4c6f54834c9
-
Filesize
6KB
MD57234b05e208e5dbd77023988312b16ed
SHA107d6e6d28a5d8c349cfb28fdd18b0c30df3609b2
SHA2560bde3e2e2d9011a5e132d9ff5e34aa9bee43ea17e2ac740b9f870455e10dbce2
SHA5124f7e30bf7075f014e89c32fd5176bf6d14426db2c6f0a780a772eb8f362077da014a9dc658ca39be11c92e1822b15a58a4004ddba2c839ba6a2fdcfed6c2d853
-
Filesize
1KB
MD5580f8a2357fd4889af00acad12b9c1e4
SHA1ac799f42797fa325e0402206de348470a8f0699b
SHA256887123e33e8a5b4c901212c0f9a237381b5fee4054f22814c30fcc02cfd96151
SHA51270f1048bc960ed16f84f9332a8b79fd62ab0d5be3a3fd27c866b32025e0f145c241a252d6db53df14fe4ca39d10f0482554418473e16c90320295d0c4e83bafc
-
Filesize
1KB
MD57bff2796af643e64f4bc64356838a164
SHA153cf8289c636d58e0d249d4677e8dd1365c1b9d8
SHA256f0fc4630c82de9644e66622c1c1c88c239d1839bb8b9579e2958dfa3425757f8
SHA5124a7a88d8b879e5d978496aa75d8d88f7121af42ce574498358af87d1c07fe8c6d7c6fe4248ba9a249a2a5a07be8b1842318ad0b4cd58b055191500325cbd78d7
-
Filesize
27KB
MD5e1a7e2bfea96c7e8ba8db5e334e99887
SHA100aec518fd98714236d5fea5b95079074ef0dc8f
SHA256f897b9f2a87812129106fe73b3cbf15c46b3111d703404e910f4c917ff3d4bc9
SHA512a677bdf785dd4f972eecd35fdce490e0f47fd564d8f7e8215938a7d3c8108d6573df70037ea4ee4a7728c0c9112102ae5ff6965ed700878256f00fa3c2755494
-
Filesize
7KB
MD5831d6c1a89a997ad98bddae67d3f338a
SHA1522b752c88d3a0580496f728209164e33cb44671
SHA25672a58fa68ce58097451f1123fe4b030c16068c63b38cbe1b041fca7bb87c9771
SHA512ff9e7766e34c6ffbd1d4bf62a6eb54c4f575b55232a8674b7a8f8523d21d74b1d949a106f0a7c99c978e819fd3ecee05e09b45d04b21913aecf1d2ecc29334b4
-
Filesize
175KB
MD57c510f09b15e081481c047e942a2afdd
SHA1ed883f13d332dcab36461433e8feb6df24cb199d
SHA256a439b8cceade751cfa97d622e6005108730aa871e983750e8c4146c7f626e608
SHA51252ef352f0d3c574fcafd5784f97f016299d252aefedaa2994a6f0e46c9087015bf2d877b3fefa878c860229fdcefdf8782858f27cf3c179a22b8ec7dc7b647b8
-
Filesize
1KB
MD5a8c1ea83c77fe3233785490210cbc518
SHA1d7fde4bab343c1de8b30cf540621960670265e01
SHA2566c65586519ee8ee39085c1d843140c2fed84fa516cc8318a44f5a83f1856bc22
SHA5125db0161bfe68402137db344a9916d20de4b3d2611779df202b88698aec8361ecf4eb09ea4c9e3a3ab014f12bc6e18f175aeceb1e0b148660cecc57c96e809c93
-
Filesize
262B
MD56122fe57fafac0c927cfce0d15bd6bfd
SHA1c7b438e46c8fec2d06e808b7593b8541d0d8d4a1
SHA2562f8208b90452f94897761f0a4ae55feadef7db70d39c70008c0d2d804e5db9d2
SHA512b6a49c7bdae6dbd378215adbfe7968c1bf800d953428552150a0102c23d88eb2ed9905613dd3e9ea96589c80f00c125e8b7e95f27085351a0b23078b35cd28e1
-
Filesize
5KB
MD538042c5e8a256b3ff4fed69c67b6e6cf
SHA177e90d56c12e8fd9314c34920a1e8d91059ec70f
SHA256e86b8331599de9e7232ba8d59a904a77283e53b420a9f571e8f6b662fc5df334
SHA512d7ffdb275f44ad8eb93d5994cf3bad79d01cfcbd8a269b29e322dc7f8331587711575d4d804bd46549c0552c114220d623e9be55d43b0559d7511430965c8820
-
Filesize
2KB
MD51918ed73e1ab02deeaff40dc3eb0ddf6
SHA1716fe18b5056af68cfb6a2acbd88f40a1450bc64
SHA2568211d7452b7b1d8fe56c2985b94deecd8efe4755ea31b0bf6c6601cf3027a08f
SHA512254c68c13c27630b06adf13d450a0d955f66e9823c4ec115b8d61aeb0838c23ba307c257d546e2bed81e58ede4db0c8e8d7f68ca254d9130ac1304addf0eab93
-
Filesize
2KB
MD557a2fa77400ebc5681637e9981131552
SHA16c34fc46aaadf00113e313cea01db8124ebe383c
SHA256175add4ab161eacaa5b95ade48ef7a13ba65a896ee8c7355fa69322db7e34e43
SHA512c3d1b11a885de73911f547e449f92914d42751856de1b66e8b21b741bdda1573f6b455b011ec1a238789e12a8244b0801175ed74e782617d7e8d2c912bf1f94e
-
Filesize
10KB
MD5e9d9a412386a07a7438448d0fefe978b
SHA12cb7b6782cbd49090e90f8a5de241fc27c53e050
SHA256def811bef8e8efe7df1fdfc17c3b9b0aa7337eb6f9b8cfde5e829a7671b20c65
SHA512b3674c2ceaf7f05b8db4835449083e804bd4d52e7dcbb1a6fac5f5d11b7709f2d12a17c4bba2e92a3853b3d1a14dac5c1a1373dfd683a817b3cffbe321c46135
-
Filesize
291KB
MD57a7b4317907c15e81415d228a9c1fb85
SHA12cf2552a3f48b1729b34b5bac83c141979ff2c6c
SHA25630ceba2450a7ecdd1f5cb76dd0487e0481f8703d6a3487b0f0c7dd2df8de7a09
SHA512cd9514b13149b80647f303faef5b83aa14dac14822bbdc2c5a5dc2ca303c86e9ce082304f5a79bfb9b8ef8260b3e3c2f46d5ec53ae67097084b6a5ba80f8eb0b
-
Filesize
2KB
MD5d61b453feaae5e4cc2f4d7a8b3c90cac
SHA113f89521ce4e2c988a3c0f19ccef98c3e831894a
SHA256919836d80ec6d24bb13a1bf8d0def63b02c01e495da5035676f690e900e1260a
SHA51253dca0dca82b565585b31ab16cf6ab383ba5a65f5d5fc529c692f21450662a32ad18813fc60b9876c3879c3f7bbc6a466075626936a1dee595b9313734a8881a
-
Filesize
1KB
MD5406deeef66cc48426e26d2606e40e0a4
SHA11e30743a32a83c2c8b3cfee86186f07298e858ae
SHA2569e9f702a164d3e6342d10c5b1be9211f41b99da303aeb96c4a5e6f3de332ab7f
SHA51249adff3cc6d824f0a6e0d822bb26b47d05fe2b02f66e3a1c9eafd1077c39063edff1a4108d17d694f02553a71a196a9291360c1a02102fb4eedaecb865f25940
-
Filesize
6KB
MD507a18a6e188c713415c9b8a03dc12e04
SHA12c3a8c498cd830266f9a452651821c4ea5a6c689
SHA25613536e506d54ef7caabacd5675759b54b2f19c2d3dd8f5710af920006fe8c4a5
SHA5120dafa8c9461b1c3320fda59627eafe7a64ea1b7d88f2358aca1b917e248ea627dbe42c3e38526df1ef2608f4cbb377c46ae62b2d28fb6c6f0fa495d705a5d152
-
Filesize
6KB
MD5eb2055a7131914c31d1eb0f280d9c3e3
SHA126dd9b2a7bd5df91ef9c7299cfd84a72e6205498
SHA2562828534e4f90ebf8f5167651faa302090a587be3b05905fbb07a2723c7589947
SHA5129a6b5d0ad7df20e879f11e33ab71bd74745da492ed2d5abe68cef1c2f3bbd658b9b419809e6b92dab20a1459baef01b06dbd8349dd49647aa4aa3668a49f8881
-
Filesize
1KB
MD5ada11d9b80404a47cf0f708182efa309
SHA161defb390ef4fa7675ab5596f3f7e2a5a9516fc4
SHA256e90348cc242ac5bd9885e87efe17dadfdd25454ae6e9eee028a2aa4a32523945
SHA51267c3336371945479989fedd1bca8b0bde183d27bb6d2c64bae6720ac7ee88c425049082ca95533f383a5c2774cf869e485170e3086beead3ef6f609c8c6a227c
-
Filesize
26KB
MD597d0249283f8d81eb355fae821835930
SHA112630abd4b9ac677bb17d4de98b6ab25df9c87de
SHA256c5babd568e880a260e1268886a4a93730ec617e29e578fbb0f0b848b42f5a340
SHA51204e1b246c89eeb0c4c8a62922cbe86f7dbd0b3fddbabfc6bf3810794612eba7f127b97e1e28ff567f91a40f4d3fe6ee66d8f199c438a84168d6982231fb18b50
-
Filesize
3KB
MD5e076a2b98e9537e405d7018ba36cebff
SHA1afb939ebb7418fc6769d2aa1413da1e64e38c19b
SHA256062fd7d0894a3a638971f4e8b8afe0962cb03c200287dc1eb50902a6def62b38
SHA512a8bd2cee42dc97ba86c3805528cedd738e461c922964e518eee22993db4ff5aa92fcded2d14b76660e0812bbd0c46ed40ff54108208c80a62ad6098e282ee396
-
Filesize
1KB
MD5a621754d66af523c2ddf187c3f99851e
SHA1bfb1329c69bbe54b67540a17125e1cf2ffde76e2
SHA2560521d9d0ba3ca659e48d6cf49b2fb6acd5e9ddd0aa6257ec08cc83e1b9ce8ac1
SHA512c5f70040d44c702189357fe366bb7d067dc1b469726b0126c65bd0da40ee7c54ab5d9b9f37ed3918f6399c94f766341232220b93082608de10dd52be9be82154
-
Filesize
9KB
MD54aed891482aa9b2eb2952f5b41a7e922
SHA100b710bc71899862ac73e9c8e808469779e0204e
SHA25637626f159e45eb4adb10a1a453306a252369930cacc1c430fb7350894f4179c8
SHA512c6ba0dededc13d82d9cb2c3a6f19499cbd527f744060bc1757117e9affebf1705240c803f3281238e35a8535896867d813d1d02b3870d85bbd3251444f4a2bbe
-
Filesize
308KB
MD57ce544504e5f8cf31268af5a02973555
SHA131ecd6539d3f637cdfdd488f0cd7d084ee7cc604
SHA256eab9559ce23a7c5fb17cd06be347ce4d8ae04ce04196bf9c2723b7fed8aa17d9
SHA51254547526f1999dcc7cd758e9deab8609b74a3b3815533c7c152bcb6e8f08914f4876c52c0e571e0b812efe857fb08b3c1aba1bad2956c03d4c2848ba222d22bf
-
Filesize
1KB
MD57828399548c7f73820f8ae6d32fa0c7d
SHA1ffe735b1d447c57e1a5c0bcb2f284dc045fc0bdc
SHA256d99475d98e61daa776064167886657148e7bae60d8464e869c4ba89d72a9b54b
SHA5122739516caa50daa5cd2be4bc7212f15666b107e17899bb38963ff1963091090aa5fca53e740e2accb1ed197f470744750fcb5aa7ede69f0295a87c6943e4a3cc
-
Filesize
262B
MD5115234bf31b0826163a7fd341f796b56
SHA182a10922a457ce7a18b66e59dc21219a1a148573
SHA256e1aae10af30ebea117b77f7c8a584cf20ca0b862c92cb1afadb84d91dfa76c8e
SHA51238cbe15ecb6a16fe5401f1352abe40c748aa213eae1e8d405c685bb406d6bab195709ff616f859d131a9088c6755fa053e7c607b71dec05d6ec1338d5df024ab
-
Filesize
1KB
MD54f63418d5b6530b1ced4fb6f3eafa775
SHA1f88f8f6dce8ddd14db2d3bc9cfbdc5742215b0bb
SHA2567ded1fc54df3e38d844aa86e77d923e16bb9a088c6d5cbf4fddf670f4b6b4222
SHA5125173e4b89bcc8a3d1b60a7987bc04ee8ab8287fbc804aaf17e23b4b335b2b0e388ff8a35950e31cdbf1f9d8ba47034a01a7b3e75ae4f25627dfd486cdf4c9a50
-
Filesize
1KB
MD57e78e2a7fdd6071eb932793074095879
SHA1bc36661b0deadeef7a57575ee76236fe815c5c79
SHA256cdabfe25eace2168c12a959c52262d71b33edd84c71b05bef5d405227106d6a8
SHA512d81bff7ec0dd1ca0afead12a3759daf675cec69c24c865ede4fdcefe7725c137996c09dbf6184becf2ab56606c668afa188720b505393e4be3b6b48024432b6a
-
Filesize
7KB
MD56c6c2bdd072093ed88efcb793d7aaf96
SHA1baed8828e4ea0e32d798a6e6f58aa108f6f83f8c
SHA256bf68f4780c7dc1d9779a0810dd1953655390cac594fe7a0f6a65eb3323a2f7c8
SHA512207bdbe648ce536962edd5092e405b37c3e98cac29dbf66d2ec7f18ab4842b12dd521e0145885ad7b8b86044a82717d60a5c827b265e7685ac607f330d138033
-
Filesize
262B
MD5ac22575c0dbd95492320f4ba7fa34a12
SHA1e9a5b5af8ee410a0684efd4afcdc0eb7e2e8f2fe
SHA2569f3f4ad132a9bcce490e7c6c0b58da6f6146e526b4b5d08d0ecdb680bd2fd69e
SHA512991f817e2da5e8531d330378d8f8e8b146211551764c7d0e222ce0d22b0272f385f3858a7b12063b4529141f68779dcbb6b5b0535e17a2749f038ca0c52a65c9
-
Filesize
48KB
MD51adf259dc27f88190d04c09c1f28342d
SHA1cfe89980deabfe3500120c4a7ea3b8513803b45e
SHA2560409102281b42576278e96db1be499da4e46d79089d6cbf93b2dee53a1ade2b4
SHA5122860c465c3c8dfd09b13b63fe0ef2bbf08c9716eebc723044bf2b295e2c806c79ebcfdd8156cc6ac053623d8d3e1627f8d49ae32a6338a64fdc7446a9fa5ef4b
-
Filesize
1KB
MD5f4342fc75a07dfb1d072e9816e000c4b
SHA1a21269ed7153eda4cbb58d3d890d4b50b28490c1
SHA25629022ef79d70619e8fde18edf3da3f049ac10a372cc5a7b65b8ccd11013126b6
SHA5125567f4ea63113f5edf3f59ecfad34d2d194fcafb5e534ed0767f5686eeb8d7dbc2388f808b898d24c3d723c9a6c65a7e850e7a6a68b5d7821e24a2ea72e7a256
-
Filesize
2KB
MD5ce052a84aa384461696f0a2548aa59be
SHA14beb1e977dfea62f7940997260fe119f95a03c6e
SHA256ed3b26a5a6d23d4e8d81afd554c95af146b2739df784010c4b1895a3c78adb38
SHA51298acfdabb699d8faa21a9d7c8cecc2caa31e8ace138c8f7abf0d80aefdfbb2262a137315240a71441db4e0f911a020244dd278acc74d9af4d3f05a18762b77b4
-
Filesize
5KB
MD52e20e2f4c752012c5fcb5356705c37b2
SHA16cffe779b93904e61dc0f65021d1fb93447ed1c6
SHA25602b92940204a1633734b19692ee271dd1f7ca8bd313cbfccc3148f4f1e6b8b65
SHA5129006dbd9777d2d0406adbc9b6a258420dd59f672fa716d75fff3d5ccb5d970845bdad2605f1d5a92c3c51f536c14fbeb673455980411a38b309be90d459e5b74
-
Filesize
436KB
MD564d35d0961f51a84f8b2854bc465e5ee
SHA1760a90e8ba84c46886345eaaa3315aa8bf2ac525
SHA2564180277dba7da40eba47484bcfa5e76ae936a28e0aee455d19a2ba9057fa1d1c
SHA5127fe8a43a922dd5783009219c554c22c18c4d0af0c329a06d86b7a4ecbc0a5db3c0fa35ecf2a73561eef625fd0667aaf3b1aac865765499996c8e86970a1c97db
-
Filesize
3KB
MD552e5afdad4581a7f362bbe206b6c4286
SHA13661557d78cfb1e438cf3135b330eea5960f512a
SHA25607213eda07b6f4fcc457df3ccd851be4998fdf1467ac580a527b849ddca03e89
SHA512e582c6d46cdbad15611fd8b15d5d2cf0d07e649f690407a44812c0cbdea6168226fa40459288b0932e1ed719a41d724538d6bbd43a830ebeba5fe793ea7dea04
-
Filesize
7KB
MD5428cd085419946efdd67896fcbdc1c84
SHA13d8df7842c8960b6fc5d866dfa0b4bf40cd3ec68
SHA256493d83c5784e9ce9ba94243cff475b27380c02c2fe050ad43323c76a65c11df2
SHA51259e3c8e511a0b4334a497d85649b38edcde59240c9dea609fd7101bc25c6377756fb6de86a5ffd4c03b181453444a3ccbdb7d336f4827d20fef7faffdc7a2615
-
Filesize
26KB
MD5b04072e774d37dcfb312b64602111277
SHA18207ac371fb7ea5ba66fa9348276c6e60767da25
SHA256821654139fcae12793c1a92ed5cede42dbe9153e734560cbd77efe31bf576edf
SHA51256c36484d85ded0222fcafb33657dec7718f0fe6bda0f0fd15dc8390f05f5891f2acbed40d02bae250c773aca53740a29dcb35441a96b8e9abd077a0dd288bfc
-
Filesize
2KB
MD54139f9564f50d9b2488007829b072c33
SHA1ba606daebb14006b492a8bbc3c4988713ad35b7d
SHA25619c3e5d07d9736a7c0fd9ac7939693d3733446a2c3862ae51b926ad63a8481fc
SHA5124e16fdac6d9f91e2d22829b5450914c8b5d8522196271073c7cf65d0c010508877813fdea6b24bf75c59ca518a654e38a61fc5047143c75660aa0f2e24a5bd8e
-
Filesize
2KB
MD5cfd38921d462bc5245d1971874e94479
SHA17d006e913c2d7f67a07c37a9c294196e2ad64bdc
SHA25647fcff8991935db71831b23530a81a822f73e49f1d3b8be2ceb6985b807150cd
SHA512435da252782db86bae85e48674b220923c0a4ecd033aa967e01ff82c766cd6c7a5950a3eff08d63d9fd17d2838973234cf6c2b5a20f0341fd3bb0c9d5cba3250
-
Filesize
262B
MD583a24d9989af08aaa013f53bb730b126
SHA1352703546071dfd6b41826ab88e53105a1bd79b5
SHA256cd914dbba5d0adcd7ebbfb1f12a9113b73db747bd1cde840088900dcc7bbaff1
SHA51223aa4939b0a0f7bfb32afaecdfc4e0fec988f83b1db907fe42ff35ebc064585e718a4b8bbbdfb7e942a291a0402ae7b5b499dd9f706eaa15aead996a7027c5b5
-
Filesize
39KB
MD545512b9836b7eda9eb9386ab3eee88fb
SHA166b2c6004e5cdb743799bac3ea881bcf2907730a
SHA256b236c94346dea1f6896604b173fd7f427a016cfb10c60dbcd6285cd1a187a4db
SHA512a5f0595effd1bcc3e6a38e3a6aa1d92b60ce56919dbb8deb6ffa7fe4ff267a016e51639f265332e33ffe3a9c6f0c734be58637c43344ab39a2c0bf299b8ff5a8
-
Filesize
3KB
MD5e5b1f50f5952bc828f29c782701fe2a9
SHA139a06df220379798ac8d8a68c35793f249233d7f
SHA25608ca1c3f5d3875a1ad301a661242f752d06c9fae324d236b4ef82fa0045848b4
SHA5128839f9e1e348ee8273d73617d1f3631b9c92f662844003fa62886b56ecf5025d6aa11c635e816048085384b253dd8212eee78d37c57b95602c8639d99adeab8f
-
Filesize
262B
MD51e7928ad51aa404d481783f8c3ed49c7
SHA1e8a4d572cf98dcd849011a38c6d6c789882e8446
SHA256dd277d94da955d60bcc2d7ec4e2877fb90fcf58f6f100fb7da44b9864ebef064
SHA5120cca8e816fff38ac81d2006e0c7ae2d5ee609b870d147e7aa2cc708d2df8ab6ea5da71a3c6be635145f1f461b71db1fdc134410716b35669bfd2fe18825d9b0d
-
Filesize
6KB
MD5b47558c475056b11d9bb545612362655
SHA1f24dbc021cf391e4feb12a5c838c63885d0f07b3
SHA2560d914e5e94b28fc33e4ba609374fd42302ddc4a9bac261017cad90a37b0281af
SHA5127bf555aae6d9d2c5a1e1c32feb97dd41a64cb01fcb8ca5aaca244e39b7b031c673f154fac8d8ca61e875c043140c46e82f60a1dbbb33e906e4a8ecbc63a4848c
-
Filesize
2KB
MD5acf58000e1e4e320abe5f40522e6b892
SHA1aa8cfd5791409337b120030d941aa677b55ec201
SHA256b4a9c9d1befe5f95f105ca46bc3785944d89173a17a5c8a21b9cc94093aade99
SHA51269c12b894058cc01877a0fdb79e49500506ee3d52f6d7d2144e9e6eb25db8641222dfe4efaca07098bb25c76cea22101fe71edcf9bcf45b0961ee9e44f54d5c2
-
Filesize
2KB
MD5778db4bcbdfdd917eb284b438d3a4c27
SHA1ea7fd6dc78f5149339d14790d7e100d98fba4438
SHA256974c3121692a67537b882d6a6ac11a0d7f393f49dc02fee34bf70b2a1a717882
SHA5128dc26409494132202615150b9c41d91a48a3495ba6524af203f928144b8236245522c81383ac290aea08f1d9070d39b729e4b02a233b0b36e3292cd591d1da8f
-
Filesize
6KB
MD5ff6426f88e2ba383296c9eccf57c7cda
SHA125c01e42c5c11ad1c5b4351dcbc58892f64e904c
SHA25688cf612d2df2d53437f7d08a5e7031e07dc08d8c45eb0651842c6f2c7a2e30fb
SHA512bf88569514f76b9554b3488ccbeac4e59b9e2586bfd32b14d615a1a90276474896fb1d3fd717b8ba94b06fdc790635b519eee34e7859bfef930dc63556d00359
-
Filesize
262B
MD5296e1e6721816221e7e6145390b0bc3f
SHA1af7462819760ed7d04caf325367e5e43ce843c3a
SHA2568557dafb5570caeeae3d75b2fbfe3e7bd1348b9d63aa0e7b05ec016e86af24f8
SHA5120141b90366f1caee11925ddf05d7f2d69d2c95d2cf287b059d7c5db69557ff9c1d46fc5825ab75cf620888d29fd2502db85d73ca957c49a7e5e03429b07ed3e6
-
Filesize
2KB
MD54b08c1c3baa7425eb0e3f33dc6d40303
SHA1179dd215570532734828cda2f99549c3d7bea30e
SHA25648aa7429d2f73fbd82c7a57a9ae116a54c6573393e5c8ee02bdb89fbc4a6fbab
SHA51221914c07e161b2db63f3d2f6281f33ad429dfae9f2e09130d861f584bc84bd70707784dc523c1269daf0bef73395c16656018ae1c8caeb5488ed26beecc64732
-
Filesize
4.5MB
MD54d36ed0d8eb11ff5e792a44158e844ea
SHA1e132074cdb6e484cbcc43b1c47ab9ebbd79634e2
SHA256784510c56f92bab671a6889e45691a86d06b89676c8505a4f70aacd2065db97e
SHA512e31e21d523a1156e7ef740a8f96a857ba4deee09496ff6a60b8a86b6230015565fb4b161ba28df2ad13fc4ec2714a340317c208a9d5a8252a9f343278f3b40f4
-
Filesize
2KB
MD55671a2e841a620b2625bc4d1e1ff17ef
SHA1f464e049b9fdd91f91351549cc69818926ee98cb
SHA256ea8a59f6d12d3f674270ff97ea007488e82c9e84dbb2ada4b929e4b0c4ebf6f6
SHA51288e1d79bf8f929f8e429b254db1d954a96f77749604f167a8f576a4a8c0211ca9033d0e44159236ae965b3c97b9c174ba7da11497e544b3d23139f0d0ec4fbff
-
Filesize
2KB
MD5b32c43103e30692be8a748c397e67891
SHA15f56b982c0477c0258acdd1c996e8c347a889534
SHA25686f89d07a72617fa0ce0917b5455850de2fd177c8695175339d106d2385fa4da
SHA512c7521353c46f5d3e69176e18a3e16abc278afa33faf05c2bef19822b650d5bfb5409c8d85f12a17f89c90a0eb1ebdc971ef534de3f97c6567cc7a6741afa1210
-
Filesize
3KB
MD51bd23db8bac224a581be4632ab142ddf
SHA1839d8b1c8e117992ada7103fd03900600397ae3f
SHA256242b288b15cf499ca11efea11f9bda191815ffc9e4938f72bd0644175852f662
SHA512b25a6461df2ebce6980780e5893c0848f26091027eb02b63e3160bdcce2768cf7bf9559f93758ece14d95c82542b484415f4ff27bbf746adc5444f157e506d2a
-
Filesize
110KB
MD50714c8eed4d2094f01c3cd00df434808
SHA1ae08ac6bdab89cab6802771dc7ac5ffbdba8582d
SHA2563b435b6d609e8cc4a4efadd4a085d09b2e661aac5f881beed29c22f9d51ab6e0
SHA5126fbc4dfe6b48ad912f0321ac22f1139e66d2954d5f5a4b0bb2610f4eca18726b94611ddcda7ee575bb1759ade65ee564d2b5bbffb8aebfd86c4c42e4567d651a
-
Filesize
19KB
MD58f6ea6e6bcf283a4d81eb29df8fa24d7
SHA13b513d218d8717fbc0f626169ffec97b4cee0e8c
SHA256246e8635b1ebedec091907616f549614bac71e969d7d975ae0e2618382e2666e
SHA512ab0884e6d896aa7559d1aee658fe944dc2df41344fa5b2939c12993f901baea4c0c50fca9f03f42a56d190f7762130364f6356f2b47ce97a762dc5d0501cdd85
-
Filesize
10KB
MD5d99324d83d1da36229433fc55ef1483b
SHA1569645b094d3354818dcd5df2b55a7d06f41fb63
SHA2568018a77632f1c278a27a2f31f7596d3c0758105a3526c3da1c5ca70c4337c188
SHA5122c9fddaf1053593e1b54bf41c9f683f11beac69c6aec8ad423c64b1fca6b31e486a656f5d45c020fb571e35f2f8b122a626f398f6458139147f953405d5f8c59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5423a9540928e6535c810e585c4b3e6e8
SHA186b0519915567b9ef224a36ab4ddf38f318fd5c9
SHA25634bb40c8d89859af5292174b988786e9dd22422f9b66fc986d60ed4d323b03fc
SHA512d8735cf0282c3294a182873b5d73911bf80af6ce430c78993d47878ece46fd3a4d577afbe48fde55b8e74960731f9fe4a5dee5a4ec565c366d3b75f26dfed284
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5aebf52c6cd7719f8e095d8d49faba378
SHA138356c9dd84b0c77101c8e6a72f95d33116469ca
SHA256a6bbe8a271116070b9e7ecfbc495c6f2f19f5243fa82406b0c405c7294b57075
SHA512ad4702d03c2a4845e5d06de2c0c32516b59461feec1c7afeab39ce875bcc62ff6aad2b2d7898f3555023a44712f7afed1bf2aed12e278f0f1a6f83c3eb68778f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5311f6681fdeca8933d6b075fcacf2c8d
SHA1f3690bfb7bdd1736ce669ea113506962f650e1e3
SHA256c34dba38e4b3ac9cef5d76ff48ddf9cf21398258a7aab1b543265278658455f8
SHA512957338446d1e47146ff5edd7f69bb91db2dc8c12b5f1522656579e91405a7e6dcfac30ced2803b165eae99ba608dd6756dec32493446dfdcccba4280a936c0dd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD594147bdbfad3afbcea3ea299a7518c43
SHA1818f60a532e605b00a9404cf986be733c28a4a98
SHA256ed93bbf2c739656ffa52739b67bf25804464615a525cc9919bea9e37c365d5ca
SHA5129934d47bc6c782a06e8bd902189384da00e8d38260cf2b3a7d41bd506a7d009bb48dc522d9673b64d284b66e0675f6e8d1be278350c05a636604d975c213faea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5f101977b3c28c1a22db85c54d235272f
SHA1d017690a5c3e0195ca7ed975ff47da052b9b556a
SHA256f2d1cc0b0c3820dee2bbe6c11be3f50db4200e04311d0606ed9e51b4f966df97
SHA512c9494171e4e7eae29f1158f633a6ce2848503027ffe81c0e9c30166dd4ad472bef109589647879c97620a5b8e4f2f0091ca6fca4620566d07f50755773bc5aff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD51a8b30136da19753812f2c94d899a34e
SHA1ef7ebb1f7932cc27305c611f9e315125e7e2be59
SHA2569a2c8251ea26d3f81df2a212859ca1c687e498be856323400612319842589e1e
SHA51260304204d1a4ad5cf80b22999be511ecfc0fc35658ae778aae414e19dfeed8611655b6b422c9402bbb8049d3eae52194825bc34a4d5612fc51b264531d643394
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize10KB
MD5867f0ce337840b8a6e182cd9b58d9088
SHA1f03d67af89c60169bdc929b89ff97b505cfa6b63
SHA256344f95c220f0fbf4be91297fb428e380e9e3e0dd860b28585ca10b7c157e6d02
SHA512658ab75ebeabfe9ec312759d46ff1fa60f77dbcbc031b66d104ef7697fe312bc19ed95a632d68278dce378ad3463518417ccc6fcf20ae9c74710bf9ce1d9c984
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize7KB
MD5d04f4b21c51da8b877d4a0816cd091f9
SHA18866037dd9369e564cbe16c2d78e964ae62a0e77
SHA256c661ad2a12150277f1d2e169017cc201bfc9607614ffcea422d5e75ef56a31d3
SHA5123b69b0b2ddbfc58c0a8e4826cd42ba29311825e562393b53ff4fc462761cc8437ca61c3730f120d5c6db6e18206635d102570c0e0695c2e5060bb9eab53b6cca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_prebid.a-mo.net_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
23KB
MD5459bd40d91b087ebf2b87beba21d700d
SHA1fb7120ebdd309b8204ed76150cdbd86dc5ca053d
SHA2565d24daf7e29d9b40d5ebb796eaccf59a9ff83c83b6ad47437d09daf8b5871625
SHA512ecb4365fa49c907a92889e5a2926ff0427f3878a3f16e15641cab0b1e927403da274d32fcdd4838f66ffa23ee2b2680593dabda85e36607e25acdfb81db16a2f
-
Filesize
20KB
MD59504e1d342772afc57216d13d2e368bd
SHA1c26b8232364c790b1925fee00cd8c09c1a70b711
SHA2569c8607f48ab94044fb296f687433097571b921a320cce51110b29f330e58a63d
SHA512a8393c797dc07bb251b4021bdf9cc7abc9e1acb6834cc4029a034159c70425e13878bade616d2601c76cff88ee0527db66d2dbd0375c8028905a87e1960d5e55
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
17KB
MD5764ffdd39bb2509a02922b3be0086d76
SHA17bdea9beeca9b697e4a552ae1f70a8cc95a15a88
SHA256481b610f7d22be2571a50aace5131213b6f507bbb545bf6366b7e5d8f2d75d65
SHA512843e67f26ff666c2db590331515b096bd66a4099694e53f078a621482e7d7f5f998593cb958cbe8c6a8d6312f6fd3252396edfaaf195da57bf32226cbfffbcdd
-
Filesize
16KB
MD5b7242cb13d4d865edac90b83fe422da1
SHA1cfbe6d8d5919b5deabbe0890a5a1ad0b466d6d7a
SHA256c15b04b7bc744a2451ebe0b1c0294a1c8fef482cf1156285a40d578fb980887c
SHA512ccec6b9b53b56c69f519977d6399d381ccc315d1ef5cda2b866bbbc56a92892cbe79a24a61a77848de15544fe518d62625fa4e50d6031479584d6e7a543544df
-
Filesize
23KB
MD53f2ce845495ee277fd6db4cbfce10e62
SHA14392d1056662f7d8f00de550712416ca6a8f629e
SHA256b63e682a1778518128dd32d716c57c4413e92bc4efe4e46fb0a4fca541136c11
SHA512502364121059ddf6d19b652390e21249dc9c449fa66deb6b1111166e175cbedb55d81b7103a7f1110f687061da7de5665e8bc2950dd4dcf8a4fe443d0f37d12a
-
Filesize
2KB
MD54bee49e92c62bcbbe4bf57ea27379164
SHA165e771977bd3b311ab2238f26bc504b259b64fa8
SHA2566095f84bf9d990de22bf8fb1b09dcf1ec65d7db3758d8a080206314b04506c8a
SHA512560d8922a7defbdeae9637dc92329274c8bfc958c5e25c375f610bbe061de687176e70bbfdc6261fa7328d7c14b0322714086c8d1b90881ff4cb62d0fb7231c2
-
Filesize
5KB
MD55c79025dff419db750f4f213804edefc
SHA14f8783fa32e5f65d7a33a0ab4597c3f0bd13971f
SHA256597e7027934665aa49a5dc35f7e56888296d74f132e424fc010dd73d8bc19d51
SHA512a71d5a58d5a300fc52af6d556f8f74fca3be713d769bfae1bf5bb95c67cf24bfca25d49da125ab31d7eea102653a75ec8892db5a49719fe56f0dceb71012c966
-
Filesize
6KB
MD54e27cbc7d50a428dd39e711f30a0e35c
SHA121343a3aeb9f16e5c677bc4829fea5d6e8e77514
SHA25682603682070a1c854a8a3bd411aa44a29f73f0ecf223d39aae376d1fb2f841bb
SHA5122654646c775635925550807f6715754a6485764b6b29383e0ddc85a78a61538af9ea1235861a938cbb64cb9505e87b57d7958da999ffd945d6858f81cb8f7221
-
Filesize
12KB
MD55cbc00123de50d218512e28858bbe391
SHA1d1d4c93764b52bd332f5d86ffd6187d4f714fa5d
SHA2568d29fed63d86ab6363fa586990c48c8d31411cb93ed65a4c39a30808cca5de16
SHA512245efc825e780221900fc930f95d6de912d6f8641b9eaceab576f58685d2a3f15a94d40e3ba189941e2776643f75c0b5b50bb364ca2974f110656532842f122b
-
Filesize
21KB
MD54559b5edb9a3b28fdbc8328a1ea6eb09
SHA1efdfba3988cc56fa55746ea088284bb1605a5fcd
SHA2568dbcb5e7a7c9985c05312a9a4da94732c38e4fa2cc0e51c9c99cec47966478a4
SHA51234388f9eca796b6473506122976730f6200dd14818d4fa5b01aab190c837fbd34185cbcebb704d6dcb4d0506f37f0638b9f40cc5ca6751d199e8124bc979e038
-
Filesize
21KB
MD5bd965e55ffea910cc0346864b023ce76
SHA1fffd57e52057df7b699adf291d0c46a6c7333096
SHA256c39f090dffd7c59dc2804a6f103db1a192ee55d0c65dbe59bece402f58edc11d
SHA5129d3d0c888577d93c947824da928f087436d86cea8de629c50504002bb81dd2a8f789e0f8f055649e975f769cc0b3d766ea4f5f49454c328b089f44f9da7044fe
-
Filesize
21KB
MD5970402b702f2345c162864036972565b
SHA161bd4a7a7976b216f4402813a873cd6668d15ff3
SHA256f03363a6efcc7d4a610a8ac86be098a51b1c206a15df686169cb47273730cac6
SHA51211029aaf345b5a6ac063c42326a5d5cfac97e9e341bd11a73c9805e6e29d2d7ad335916ecfd9bf1cc9e321459d9fc57519c3133de12f2632dfc39db4140b4ccb
-
Filesize
23KB
MD5a6a97151acf0985d854a57e09c8ee8e3
SHA15de58a646db93d0db8a6777d5663af1ba35bf063
SHA256c8c42498bc158f556794bf1d8f252b2754b73635e897bef3ce241079c672ad46
SHA512a24a3091a6d2287ac2a2c05714a5f8c7d131416e9fbdd3179a29e8c874374b97d9ab5dfd93c86504cb478a30c8b7b2cf9ad9305cf66ea63d8e2bac89891d2118
-
Filesize
23KB
MD539152b5274ed307c6a94d8cbd7772476
SHA114ab0eb869de02e53cc2dfd5c7180bfeffe166a9
SHA256be861e0f8673546f0238e9c30e8824edbe8eceb626ce24bfefd42fbc3afba855
SHA5120aebafc7d39ff835f0914ae427a284f9d83d498571aa295776c43b922b690b2ca03bfe5c30bbc32406857c95d83820ace84d95bb33af84632668984c2feea1cb
-
Filesize
20KB
MD5dfb66beb7f84b0c5af5fcc16246d24ec
SHA13e2fafb189cc1147593341ea965933a6e79f3408
SHA256254a185a563168ff1fcf6cc7f9a71207c8f2a01907bcf4a50a4fcb2ba58b118a
SHA512bb9f0366a55fd27d92155e9435e7baffaba80b0f22af138b24468eb50f7e08c98cec954817acc654191ac5a55c9a9b65b0697a7f5a920c68e270960b627b0539
-
Filesize
20KB
MD55d44a13cf9718c04c1f750bff16cb1a3
SHA14ed7d7181426654614b43620fdfa2170dc585655
SHA25607188c8be32e808be587663e031504e53f86ea1c1bae4df0881109dfd1026e31
SHA512f0d847936e747930a943d44ca6e83848fdff2c03894d031b821afd2dad9a7d19dba43225f88a8266ab020ec37cb2fc41cc675d1b0e5f387c356549a8a7691ea4
-
Filesize
6KB
MD51d381aa1929a93fd76c7f5c407d11b62
SHA10a544a492430320af90c34a8aded5dddfa57ba3f
SHA2568b93ecddbc0435399c908f087704913eefd6f6ee97bb34da1f9e80fa16449f65
SHA512e558fcaa56caecaf91b81e9596a54f1e837ee4cb44fd74bfee8cb1329e60c7322b3e314c63a7e6be7947cf54fe20ee1b0d11a2c83965d23055de357709ba926d
-
Filesize
21KB
MD500aade93ba7b91e0dd33b4ab0830525e
SHA15b5484b1f85b7ea7e20419761b535e208c8a1c6b
SHA2567433b5ccbe681495136e62640fb539b81fd5d2c157e705c087037656aaa65841
SHA51263fc97f5a23559075cfc5157a69fba168f39adc21be87ec4e00f553e453454f5abff354b2fd27bd063d4a58a4bdc59be1df0f59c7a2852c191107b387347e5c8
-
Filesize
20KB
MD588e73e296d17df81cc67c2e3d89c5b02
SHA125646cbf3654920557c6a86c61a5921be850da1e
SHA256203bc7d46b2dff4e94c197c812dc3a048f41c3300528714b8497ba9a8b52be6b
SHA5127ab24a598b3a11455f460cff0db208a973c44794d28b257ab337377002ff5accbb32ae1a9dea90f85038ff4f5504ddb78ed745aa9e6d097fc47550d7afbdce14
-
Filesize
5KB
MD53b17e6668fe7af540a4887b582e0ba02
SHA176107b13fbc10a56a5c90a280cd4007864baeaf4
SHA256a0372aa4901d31364f2e82f318f5a54fac3378e6f52cc14053b257ab4e0f35cd
SHA512928c0881c0f73f91b3318d2a3fbd58ebcbd5b4af77312b113520aa6c5e58792c5d812263b967f445d540d44ff7e83559196abaa273a0a64ffdded4abec0c274c
-
Filesize
20KB
MD568f4c059385fb2d926ebb30e139854ac
SHA1c75b1aa6673b2f2d3488431c7c2fdc66153e5061
SHA256869e7ced5ba4817545aeb78b2a02a0cc504b4a886c3c4cce49dbb8fad98d26bb
SHA512ad1d9e80a9ad3c033721580d90b4a54b37294a7192f02bf03251d949538a8bb591f9a2fb109f42b83c9abdbe3fac66d433e16755dcad9ba70f12a2d646750b67
-
Filesize
21KB
MD5930a3b8a7d3d8f48fa20802211f06ce4
SHA113185f7f5e68e0e9b8d382f5a634b8fc9ee1c73b
SHA25686b744c665a0f9cb4f4e940b6457dc2758784c3fffd40dcabb17a4da5f5e2cb5
SHA512df7b5abb61067b27c5d6e3322bca29f7dca890c14ffe5be9668b2833e70ab4c23e0ce52f83355e0f180b8959baeaa55ee8b65526f0a12678ca829bb869b11978
-
Filesize
25KB
MD57c5ab77fa4fab973a2b5ab65870677e9
SHA1efb5eeb54ce9ca02a55f4ccc32d3ebca3896670a
SHA256c189d0656995f5b60eb542496307aa6c02eb3f19dd4c954d9eb1d90485c12f57
SHA5125c8f96e8233929d2891ddd51d58fbcceafead081b8cce44569f3c6084da13889068d0136bf70b670d3b18b647e286965cba52470d5aef380c11e7752dfac446c
-
Filesize
20KB
MD539be202689e240a54c3aa56fb7abfc60
SHA1e92b5857a0bb50d58eace812960b3a8561416a85
SHA256be9d97bb92c99096cf92b41906c83ae066ab8a25ecaec21cb703760bf00c591c
SHA51269faa9ca17a203de5942d1d757311e7a691db680b1b14e0d77e162dc4f82085a76561d83b05d3b555165de07f8d54444e48911483b7d59835737890b1daceb60
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD54efcd59ebb1b70865676805e63c2452d
SHA1cfe3b2c546c323c4189a83329a2b494bfd592f77
SHA256d53564c3786f6308ea21c543b43b256de521b3d146ce5f02401f98eecced9130
SHA5121ef4f7a4094b86ee8ff76b4e51e2b86c808f9177a54075128479e12dcb075c941d69397dc9660f21ce57cd31557662c44952c849076c8624f7f5fc1e07f205f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe64cdff.TMP
Filesize48B
MD51ea2ea4ad45e106aec43b48cb4825814
SHA1472d0d8c591f6efbfaf254ea34d48f89a42c977a
SHA2564936c81a287e6b130acfb40449cd08dd67cacc241abfbee3ea9409777b2b646e
SHA5121cc0cf8c6cd2eda1fb46776f19711b5c325d694ea4b2a17019b4033d1e3a0171b49cf4408132538859e010684ba73e70b849e8245b04c67c75aa5901a5a2e973
-
Filesize
2KB
MD529e15bb3c6fbc68b1de41c5156828dcb
SHA17f011b3f5aa65e8a8e8accaa1c0dde8b17c26c07
SHA2565e769c18573d4a624765d54a78512e571538e207d7b1d1c3ea0ae7d8013cd2ee
SHA5124ce4965ef2370004bfd98a8cd7737cfdb036213d85d0d067f31598ae9d6b30e576e086765f798d7540fe61748853949dcccdc5932f55a4d21fb69f780f3b62cf
-
Filesize
6KB
MD5d8e57d3146ce1e4fd1864d09f12df466
SHA1eb3939b7348ce59d00218f22c499447dfc3ab328
SHA2562f1bedd6aed85a6fbb997948b19f856b5c7346a7cb276d0dc80066f1018c96c6
SHA51233b65059451e6bb7d65eef55a20e1587ca0ab8b7630a141ec4e6eb040f1ed9f78cea0fadd5007bb27aef31555f5c324028b8c9734d640cd3fcbab47b7b1b6498
-
Filesize
7KB
MD599a24a652c8a678fad99809b6137a27b
SHA15436d2ecc6df176847388afd5396d78271e5ff42
SHA256daf457b17e40ca147863a16cac1c4d3af9379d2239990e14c93ce8dc2ec55590
SHA512dd2b6915bda1530ea1f28d35820140571b3ee3d11f8d6460a6ded5c0740ab33f4b30313c4ec91c2aa2bf001726058d7b53ebcac79ce09a640fbd6006d4f70f4e
-
Filesize
8KB
MD54b7d790c0538d655ead86b5f4c18bd79
SHA15b1df62a1fc73ca7ee642edd760a8d7f17b22956
SHA256cf5a4face68a2479593c562700063731ba71df1deb3e1dfaf0c8922291d6c079
SHA51257afabced1673a749052ddc675622b51b0ebc0b53471d8d4c9c20e61636cac2054837365a661229e32e066d67122e9344018c2245fd8e0dd3d8250c778a75790
-
Filesize
4KB
MD515a63e60ebc0cdd04697af6022b3dfef
SHA1253f0076f6ca6498a170be5509a9c5e16468b39b
SHA2562153ddc6eee56acdc6e21b747e74e954c09358f92499045156c3681a2b1b204e
SHA512827259abc644e7632a16ac1a2cbf6a3afd3b6c319ceca9c7c32d05e0468b00dca7a26e163bee700f8e06aedbdc017c3794b933413958474d8f8ce32b50177988
-
Filesize
4KB
MD59eb6118b96d48c635055a9dfb416747d
SHA186b1da8ecb543fb2c4683515b23b75fc47a5fab1
SHA25650e9bfa51428a38b4bea0146506ad155d334bead59e3bcf37a55ed622a506705
SHA5123bfe5b7c0dac40b8b727d1626274cbb4327f6fd2096331d5010ea6f32446201e606e1a7f7ef82e9de727981fd2029dd5da8fd7d691a86bba7086cf97e0759c72
-
Filesize
4KB
MD52a29e7643888726c0b3bfb3e4890b40a
SHA1c7dc4e1d2293ecb928bf64c2ea9857fce55d362c
SHA2569ea78210406994fd4c87ff8d20b34709d3eeae41ce493c1cf79ba0b1d0919b1c
SHA512c17f2466ecbf66df9234e395054f6223a119db9f14ecdbbf2a87891304854ee35b0664bbab095859830c00877ed498af777caea31738a67ff0cce59159689490
-
Filesize
6KB
MD5cd2a522c1fb8c749a4f9c890be52934a
SHA1f0a01f5643c56a1f4a22254187e4a716b7c6ed19
SHA2561f61bee60e1a1dd26812bf1d9f5e9daf0ccc8028aa104a7f04c771a3ff73a4c6
SHA51295bb4a0b216f91aec67294a4a360fc9c1862bca10ce5079bee5a8bc3a18fabe7b1aaad4a579a43e18de5354b708f72c4403811444485dbe67c6d103b257a65ff
-
Filesize
9KB
MD50e8f5b7d8282ac1885e5b7eaaefdd42d
SHA12fe4e6b8b3df79b419675db79b86781394f33735
SHA25625e97273c22f3d8192728f102ff555025110c001b7c88c620d270891196325a6
SHA512dcc112e092821d6cdec57bc2e5efcc8d7949bb9045f390d0329946aac1b9ad1cb74f01956d9ff1e27bd27b7e8450a25571c215cf51e51f554cb04edd498e79f8
-
Filesize
873B
MD5587e7fa259eb199f1341f2568cc7aa20
SHA14e0d0ee23a1f804e6c337f74aefbf38f1f0f5bbc
SHA256d750076f9194630db1a2fd4bea29758e2377c8b3774be1816ba2e34e386a6e13
SHA512de2f86b48b665f65d030daf19678f56c152164f4051e219dfe29eb77bb7633f22466f13f6fe1be195d6f596133b407c71f5c6b28d0c8608db1c55ec6ff1e4f52
-
Filesize
7KB
MD5995169be24313d09caff5e8e80c1a1ad
SHA10ca3b118ccc0f128a8583653c940177898887d60
SHA256ab3c8c7f6e3b87ba93dbcfc4cadaf0a65b7d369cd493be98d5dd5e9f179e460e
SHA512a487023f0659fc7e6813021ac85a370c8d35901381068c82344010b1c760c8ca3e4d24b239776da9dc6bbe18cf5f0610ad964bcd218c5fb34a5dab1a3abfedaf
-
Filesize
9KB
MD522ef63684fcc8d958d37d3214e229c1d
SHA1fa590dcdf7f0307d8930da19cacd6a79a2c4f924
SHA25697ee1c5380a8aa16b3bbe465d01bfb747e2742728d60b5fd563290a65b3b5db8
SHA51292ef2115bcfdf460d3996cfd94fbea6ced3d8cceeba36a10feb7a6989b1077b57286f69ce2e6af008cd83ba6f6302496034771965fde1ccf8a43383a83de5668
-
Filesize
9KB
MD5ffaf05a0cb7184965e7b2db4b3926d7f
SHA1d63e660b09e10dd460788e354f7997c7884f8142
SHA25634479b2df4d4526e2927cedecc66a6bee0205e04341837828d312a6635c5d56c
SHA512f2f9f2ad5607ed8adf2fa832de51ebd6dfd53f1c4e4c835fe901862a9154ea2e6d754580ae45d5954f91a4716c356fc15a40356453d0371e0138b680dfbf48e3
-
Filesize
10KB
MD553990ddce9596246e904a4bb532d101c
SHA18ef08551c5fffac8d8a50fa0106ee6de7df38be4
SHA25649f3390ce376111a3e74062d631ee2388a9518848fd4718e841bbc2418adb78f
SHA51297a5446de5639a49615ae07225548aa5f3da1aebef11b5aa59c0de101f86b715374427d0a2762bfd726b3b7af059a5e026a0e0c13da359b75904614fffd46bce
-
Filesize
705B
MD54ab6285e29a8989dbae54a0ba2d69d27
SHA16c76742cf6f3251072d3939de948cca5ceed0b1f
SHA25650ae8dee62e47bd8872f90f4347b00cbf018dc5eb35200ddcaa31a777e9cb948
SHA51235defc89cc41e4dfda4fc63b9461b10b27198208809a12c657ce6bb6929614f55d197a18f7f19efde26900e0f55509879fe769be5a01ecc73df5992d287723f2
-
Filesize
5KB
MD5d6108d8fc79c283155ce6f525545c8a1
SHA154e4fec87bd1da9b9516b91da263b8c9348cb8f7
SHA2566f8339ce33e02b01be4cdaf751aeb9f7f10f5485bf891e94d6439c6e3ea6191c
SHA512fdc887e2a2809136741afafd05b468762ecaf3a717acda19b86ac3290779d4db59e0c3e0c1b7166fadc796244807675d596b3d2c42501c655b43fd87d9ea053f
-
Filesize
9KB
MD5ef9c28d8ccf051f454a8737cd62ac3c0
SHA159d2dbc0559604a4b168ea2399e1d6d633d72021
SHA256781862909275ffadb081a2708cb4b0b1d23705dddc1a80d1a630edc6397d8274
SHA512f4cdeda6126ded7c37e96c3ad435ea3cfaa917fde2641581541626e97140b286751b0e78221596e7ff3d1d54aa7632b1954ad2950029673ed5c8ee46b550face
-
Filesize
7KB
MD5dd117852a19244aa07e62835c40b8253
SHA1b6993660340f84bb6e53c002469b908f69afe55e
SHA2569679a0b9021db14c17c5528f7a3f76d1312c61f08acb4e022b08863885ad84fe
SHA512730743d27202c7ce3a1e0c6a518f53237f82c14a8a0b3d7a78fb9cc5d80d78692361f71eec800f99279a44cf2df5c0ccf5680b0d445f2e57455dae8617ffa469
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c2de2daa-da52-4595-b7c9-6bad76551fbc.tmp
Filesize18KB
MD53552d1907dcba14afdd03e319ecea54e
SHA17f06880a8087d9eedb3467ba2b36ff8042351ec7
SHA2560a79c506ddeacd99b710219c312e37ab672238c54aebe3c75afe51a3f27f42bf
SHA512d7520f866207933e49a605211af108967ace22d0014e85e5ebb0d031bf5f3bcd79027c5f9f4f67a5e8b08b0a3d1ec82942b3bb57214cad58994b2987df9c7cc6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\eb33ea45-8aab-4b22-85ec-815649d4a8c0.tmp
Filesize22KB
MD5c6a3c57dbe6cdbdaf2118cf4be9243c7
SHA18746d86c87050aa3ff5f7cc3320390d03a831fa0
SHA2564e596b203e54ad5a45b54497216d1bce59921677b4de8312cf309df10c53ee8f
SHA51273965fd4b2dad23344991a63f193862017e17729028ca9ec44f8b60abd579af2e88393d0505b7d829c14cdfbbd2ac432e671bc75f230b081e6373dc2e87bbff7
-
Filesize
11KB
MD5a565cc9195ebf707c4a0e0141c02d27d
SHA1106b9b0b0c64d7ee480b2c4a3352bbbaab0b0ced
SHA25639994a1f86325c66023cd6ace353abeaa6b76e74ed948ef661bd3a7185156427
SHA51277c0fd1f575840e82a6c75858c319da24952dc3cbbd2e092803eb3b02fffa1a7d6121c7f8e00aa6d942383b9beed67ae72b7358fc3818e1ddb02be52b967962c
-
Filesize
11KB
MD5e6ae847dd6a08baf3a2f9b344956a80d
SHA121afaa81dbd9e5290ec94565868233c187e8920d
SHA256b6798c1615d0c44edad4f4b4aa079cb14e7094e2ab88498bfcf4ee166cf2195d
SHA5125e308cef4bd20b2c74b2990317009904aa30832a6abe83070c3fa0508853c9d9535cb204ed9920e683a09b61d1e8ee7a5b631298f01729f7dd47ec051b868baa
-
Filesize
11KB
MD53aec796fe59f8795a509e75d3775711f
SHA153d9a080267006076efdcc64d7b4df3822171578
SHA256cd423f34c294fbd88d7df57f7badd476c7d8c7b1f5018fdd2ca1e7a5c5b479a1
SHA5127ed69382bf20220287f61580bf2b71cc3cda0171f06fdfe340d69190b1134ff9f279b130438805ce595b112259dd60497c4344d69dcca6c67876012869e7f17d
-
Filesize
11KB
MD5a9da5db2a8af062082e66a356abd9c3f
SHA16e8b97da0f33b374119cf3ca8a2856c4c52c9958
SHA25679b088d15e3fb8acb5fa868172583606e09a59460a32c1608f46cd0bd527fee3
SHA51208db2eab7bb00a9c5607fd5633f29ebecd0224f978f152f9cb71d090400b21341212e1675931bc91d62ebfaeceed8a58698dec255d2fb4a74323bed50a297a03
-
Filesize
11KB
MD5d447a5f7135c3a28a3313d2e1e4f95b4
SHA11ea42e53fb06952567199ff46be1f164f14c1dfa
SHA2560774c21912591f4830bcec24b1eef244827877d8294ebc3e7399ffe209e72afa
SHA512f21fe047750ef1854f3713b56302a485182ad38461f5a8d1f0a7822cef6d44ab1a48d8602bc3261904c5bd86afb7c0f3ac696ab0c96ac9de0e7ef0a46ec171f4
-
Filesize
11KB
MD510e2370127a9c35268b9afa26226e2f8
SHA16729526df09ce44c49200b7a37e02c55cd60f3da
SHA2563dcf3ad9e454643212b0444035e38b8ecefa33cdb7c70ab5d4ff9a503d35c2c5
SHA5121b058b5fa90e23ef9ba9420e642382f43552b3cad431d4cff5ec71a8f60d602a071b96859bca8ebc2910f5986f9b439939b746f7d01048c8bbb88df6ef647778
-
Filesize
11KB
MD5306025002c00ea4a355ed0a1e546630d
SHA1d562e52cbcb6d86f024f4a1bed0c5dd5e0581817
SHA2562cfc8ea7abf1080599ccb261d481bcd1856cf5661a9547a17d22322c8017930a
SHA5129fb1a3eba1dd14d6a0ab63a9495b4f94936ac0fb8c05edc9fa2e2cd1a8d25e8e7c4d20814995e95e111ad97baa923b6eb27443da6d42a8b56ed741166466370c
-
Filesize
11KB
MD5f84c2f0231597704533cba1c8ecf168e
SHA16dbc277cc95a46890337fbc5649f25a0d9955a7a
SHA2561ec6ca46d7ad888aad4f9d616a7f9e9e94c963c7a24ca465f7270f79b990556f
SHA512937189a042718802731e5e441d3c6a4a215504513303b2b408fe1b6c1fb08ac5e14920db80eb49588c075c5740fe3e7831c1227b5cb23fd6b3d791dfe6a5d531
-
Filesize
11KB
MD56f85babcfd0b04f91b7bac7f246757de
SHA123702371218b5f9cdd678a661eb4c30f9c07a64e
SHA256e373985f7e08bc485db29a82b6739690a2d397fc6c5b4972d6fdd67310d46cfc
SHA512382bf498361105a3dbe6c805e2ab55f4bcce65dbc5a47be4bcb6111a2ba15d8d41ba028bb8767c4154d59dfd42c3f542814e8ccf270c2a1a32ff0cf37f4fb42f
-
Filesize
11KB
MD51b6922d088ea33a1530f7bf9f5fd313b
SHA147c852b4f3be187a23abd908d6e72ea98a157db8
SHA256f1d719fc606f20c271325e50353cead331d56e5b05e0d0ab4c9de497b70e6d7d
SHA51231806dbd88179ca7789daf066816f1b6b2cca0a95529aa17cbd8d731fc24f7c22b378e48c08907a5ecfd4d31f07be9bd6f04b0903440328034212f02a1bf65f4
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize11KB
MD5bfa79d7a546b5ac60f5a8562b2c86799
SHA1f3509bbf7224a4e35e92c453cf13d8c522a0219c
SHA256f23d82f15277079aab16232383cf5829c9f53bc997e98e9bd3b5599cfa80df83
SHA51232d99ab686be4e39ab1206e048f8fa566948adeff1b2f97e74bc27e85eece45047736e1779aea97fc1d142dcfb7472f3f12650532b86a2d3fe547c7334307366
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize11KB
MD5ae9795843ff54860f7ebb5569f434e83
SHA13bdcba3b4e7ea0f191c90d4211395d5a6e3c8cab
SHA256b46781bfff93fe6a51f19337b2c0f68c940a8a1497f56ffbc5e66688073abfbd
SHA5126a6c20f0f39710bb93868d61d7222e5082ceb06c07f1fe685a41e96fd52a6b8d8e568d4cd134b2824e416e8b819b7c94ffae2c7b68c7ec25f411c48943cc2357
-
Filesize
548KB
MD59a44537dfcf8ceac515c4aa92f30f4af
SHA19a26c3ff3251f69950ce09e3692ce14b5dd536b1
SHA2563246be7f25f8f4cd9ade8f0a8faf12847df126eecf65d7e8012f35ab45e73a40
SHA51294da6f1aaae6c25e47e31ac246a8703ec8f7b2893a44ae10f7600cc79ba673bca60d7fb41b2ebac8a4b5497ab98a0a195a32d93f4fc140ba7c9cd25811943500
-
Filesize
345KB
MD530caa962e1ee863f2fcbed2b8e38f207
SHA13ea3d0fdbdf6339756983152df6e3a28d5873a11
SHA256c5004c691b576c3f3899d628176ade9d8c87b7bf6d44d96945b4d1df1254a132
SHA51261ce53a94d0a4695368d33f9e3a1435800b9fd828e7e0c14144a0e45ac3ae7c4b4c04ecf9c5a5b794c2049759dc34df6e23ac39741c98bbd8cf18bda9d1c2a21
-
C:\Users\Admin\AppData\Local\Temp\7zO8C8198BD\Chaos Ransomware Builder v4 Cleaned.exe:Zone.Identifier
Filesize55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
Filesize
245KB
MD53e68d3affb1d07b291b402b1f8733b52
SHA1c5d817e20dcd38ef8e8902c05d8a13777b88bc03
SHA256cca66104abc7b29b365f2f5f55579348f0b5645deafbd962fc802d18c520e676
SHA512d80225bb9b61ae98d662ff3e95775e3bc3900d3820c669956a090ed076154be6a261b327cb872742aeb1d87dcc4b4fe16147b4b26394397b6bb86f3c446fccb6
-
Filesize
960B
MD51824d1d7363534425f8052226819df06
SHA1aea1d3f6ae660bd254621c45d840d30be4b2c562
SHA2561c4bec313b4d0a470b39ba39a5cdc844d5c5662d93ed06ac1237c88903329f34
SHA512799b7e830b82de4ff81172d24ec1008ee24d94f12c9313a9561f291bd1ee4aa1e40b67c3185c97acaa09fc8330ad624069125f1503d0dc0987c76ad1b2118cb1
-
Filesize
399KB
MD53a1261cc0bee2591e29842495e3f6aeb
SHA113187dcb0b83a6ed856317e5bee716940e811724
SHA25666436a1a34bb16464111ac1042189d99de00390235c4109ba04e3f3a2d83d467
SHA512bed901f1345725c6d627021b44451d28fc967838bf7f74388f649f4e52e67e7724ff7807da754d4a54f0da4bd40c33ba6272dd76d130c302c2706f44f58fb77d
-
Filesize
18KB
MD5f945c147a9fc387841cad1dfbf4e8d5d
SHA1c80176950df2d75d3808b068a59515b675b751b5
SHA256270624099bef280a7b918870d5f91b96e2343b7e99248d63f71060c85848fc5f
SHA5125bb2287409fd9f234bd14c0326817143ffd9cd0a81b08bffa5d51c67e742f2fd1eaf3e4cabb44f70f57fdcdac4e0b7a6ed08438b4a09d74f857263ac9fc6b942
-
Filesize
939KB
MD5d692ca8c540889a90430b1dd9134264f
SHA12c03285c2b9e86205e94917ad2d46048addfa4eb
SHA256bb08adbef3d031d9fca1a627f3261b9e3f99fbed42d1ff205723b2297b0d1d07
SHA512d9565d39bcdc30a692ca5f6973395c36c0dbfa0ad21415e28b6b929433b9dcb5391a88f06048db2fa0fa41abec6bac2e6eb85186fc4032375db80bf40899b330
-
Filesize
1.4MB
MD5cd10f317d54a8ba35e5ce85ba3b60220
SHA1f1c33ddb09b0b30fb99917d2d9b8b0346fc20373
SHA256ee05132599596b99f595b0ecf7783e7e119d5d03519b12fe9f3dbf5deef6fab4
SHA512e9e56ce0b9a61283c18acaedbe22cf068a3b078e0836e3c0c2ed75d1a3e9199d834bf107321418c587cd235570b2ff48f0f04763d1ade475fb1a97255b2c479f
-
Filesize
8.3MB
MD5f985bc11f5c253376832368d716887df
SHA19928845daece19eec3574663a5002b1f1ad2f1ff
SHA2567834c16dedb88808908230d77f8ccf9bc33d91e423c73fb433791b4a91ab1fec
SHA512ec5cad6935161ede888c242fd123cfd88e25485cd9f924df2688e646b70a7c55180768583dfcd6d3cb467ca9736685088ac19856dab8026ecba02d5388f4c3d9
-
Filesize
32B
MD5bbf5d2f19ba3939692408b5a55b082d5
SHA160da06b28920b0ef1f668fdeeb82e908c757e54a
SHA256318a1ed380d09ad14c444d398a37e82d610451f089c6e9d4fa8aa7fa72205471
SHA512d3154dd9168fd19016ed40711455adbcc03d1276a42399fe7daf4ece0ab9914fcfe22b9a6c558d49ac74f348d109c715263b4459ef15b71673fc4714543c0c37
-
Filesize
730B
MD53266bd308834ee8d251433b44ee0a48d
SHA1c271fbb539824ff577752d2f82b1b498a9ac91b7
SHA256a773cf585925921309cc117e59ee87c56ae7e9f7e7532b4fb153e4ac72dac76e
SHA512edcba4498e553b4e6d9eb28b7c29e880b04ab531435c50685d638769ac5ae74c6e3de8c02ecdcb385d05f347b27f2e1e6bab72ff45a16642013b28b44fe85321
-
Filesize
2.5MB
MD5bb8bdc561394c4ecfd2158d228da62b5
SHA134b46f4978ce08acf9c2218c22e8f2bf0d24a745
SHA256ae283b45d858cb916f27b724db05049aceb424e049cd8c8a9b145547299f03c6
SHA5128d02b3957c3efa279dccbd7aa521c372b03fd2afc2699f29bc178caaec8414baf0405987b5673b8d8e29c94bf962b08b36424ad08d0399b02b4319f5e7c5467e
-
Filesize
89B
MD56cc2f0f07cde8f433f9cdcc0d6fa534e
SHA13ef3e795be6343c5c117154fcc093b16fb2ac08b
SHA2561e7bdf1d590492693b939138cbbf80d9c78d8c572fa012a0b33c71d7ebb605fa
SHA512a2c22413f5a70aec222b96852b70b5e2850ce305857ac534fb97799191b6fa34dfb43f4c7b0ac3e793a2db5b4ca70d2afa98318710b511022bb8946a06026065
-
Filesize
770KB
MD5af850a5433c3ff2e33bc4222e14800e2
SHA174baf15228a800287d13771882bb4eefab75010b
SHA256e19399997dc084d27126835a42b2e478a37223a6b2f649fe88490112bb6318ce
SHA512f3ddaa6de21bf615894f638a2ab49d60a914ce30682596f3a2c5b8337ece1657c649c527cd99ce2b7db1dd3522caa4ab43afb228e1657f6fa32eabe2188b3b25
-
Filesize
94KB
MD572dc57d6b0b7a541bbc8f4bed42ba48a
SHA18f1269f8351cc6db6f624d5f4bbd2881ad65a15a
SHA256075e253101ba416a8a3b572e08ca5c371a8cd27cf473be319e7cc88982523a00
SHA512e198e144ec1043ca1206f65af5c2b46bc8ef4a957c51b89b3d5f74f72f7b1d4d7e2ba765e6e28cead62a4dfe5cce571961366e821504ebab687eea50b7c3c26d
-
Filesize
499KB
MD50e170e693a13fcf60a3cd246a24e8822
SHA161829794e5d968c3c1c106953002c2851e1a992c
SHA2566a5f84c751142ecf5bfca2bfcdd00f472fe03eda81125f4561fd7abe4e82ef86
SHA512de97f1e6d1b1675dbced1c35f4916e74fbe7e28f049a3c6854a6ed1c74cd834a1a83e4642450f46f9a7da85ac70c4ebbcd42db55f3ef530c76cc76c714c4bd2a
-
Filesize
4.6MB
MD5258e030e1961923617df3d6ee6dc1e5c
SHA1fea5a96214480383fa1aa5ff674ad3febd45aee3
SHA2563eeebdf2a76db3ad7fe70fd72ff2badf495767f0e75d8fb2c3210fb8b541a2a6
SHA5129269f481a52df490539f65cb71dbb5c582ee7d446c5b5af38146c210b2870bde6a12bfa9df0f3ea9376e14bacd3c5d3b9b42dfdd1904e9bff835c117d97a88c1
-
Filesize
5.6MB
MD59d7304940c94412bf8b673d3eac550a9
SHA1f8ee2b630e10ea85219b5468a026e4f9fba1e6b1
SHA256962deac26d2afa9ddf08795353a743b2799bfb7d05974737b0a9f7314ab546b1
SHA512adcc520c2903c1b3afd496072a9fe80da7a309959c2a9f7538aabe69ead651076bd4b575d2af86991830aaa61ace25dc31e1141ece4fc31ec7f9e7dcebb8efb2
-
Filesize
32B
MD5d0ff045223f7a464b8e99045311adbcf
SHA14a54d4dcc976fba5f621b0fb228f2a1b3d78e5fe
SHA256456d61d9bccba69af0073dd2f83ea3d85189570e8d5f4a61da417e985e397353
SHA512579f055753e634e5ea66c844689ea9a5d993f495cb6b70e1fa3aad9a1edfdcf615f8a21c9f635a1224cab1edefbec485dcbc2745135c67b74081e398fe023b69
-
Filesize
276KB
MD502976926dbd2950c19ce250688b210b4
SHA170edee2b167e2c4d21f0816d353d06a562aeea53
SHA25603a9116627f80d4c1ae1c42d341ec5714b0b5c90f6d9defecc1213b5f885c437
SHA5121d098c89b9849b77e67ea480a588ca4af72bd4301733704f5592311d9d897e195017cc34ab965420bd29aa9b771ab6428de036931e31156cab6d6d736c11c554
-
Filesize
3.0MB
MD5d247b39a197a958b486dd4ac704deb47
SHA12ae1f69d10440bb210b415a020f652952b3290d9
SHA2562e04a32b231d7a4b127c2d822ef3e90576fb83eb92f9258f33e8ca472cd8182b
SHA5129001c5c083ffec225b9cfb3657b636c9c79d1b05b36c9ef18b6d66d87741ccb048d12e12e326893680955e8f01f7fa446b68277d2ea22bf4c82e19ea76e32fee
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD58d293df9b4ab12106269900079ad666a
SHA1faaa85a315ef155a82e30b9ab1677e27a9f25bb9
SHA25698c07fd88301339695b14d248ec3ef0768fe3fac391265d3be03cb8decd9592b
SHA512a7f5ebfd2cc0403fd8b52214038d896a236d459800426fccd732f158ac0faf1360dac1ae25da987056067aa14da042371d27d9ec5ce986748d66bb7e96bd7d10
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize12KB
MD5bb4c972c38dc632fa350eb68d384160e
SHA106805c6c5a64fa81fcc28d35cea0fd3755565d48
SHA256bcd34dea888364b196c0590f6f02b00d5e59617053b66783c80655d41cf00013
SHA512f87145d8842f4e3e2520a19a443c034c032d31f30361b4d75e43078c32aeab6c96fd80163bc91b54ba74f1da3f8d12959d161e8220796f16cc812a896e87dae3
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD5d70547eea82cdf15215ae94dc5197704
SHA10d5db110703f216126f03b80af7e341140d3b3f1
SHA25616a735c2f5d821004779321c64c0c594eb87606f3c48c2e0ba0cd5159c8e7077
SHA512b0171e0c454ff7b70ed9383765eef71f4c5e15c92e97d163522c0acb8a2bdfda4e2ff73d4c0c6c611b962a1e9a07cdd0a2d5e593206c8bdf3c62f4a6dba9dc15
-
Filesize
1.5MB
MD5dd44afa954cd08c159df539c58104fb4
SHA14559a6c54b81cfbd3bc1da333ab63118e8a97c03
SHA2564cbc5aebe2c346381fa26ae5148166d2fb1ce8d16ef54b6fe1087f131c3b0c3a
SHA5128ea0fa4c4db15d2bff315d0e04e0ed0dbd51fcbbe048667d81cae29c1ccd3eac2a861dd66d83575d7368c56b3c49906cf36b4518a575af679bf87fa4ab582244
-
Filesize
197B
MD54c5c90ca524501c56c3e6f89505b8309
SHA1baa0773e2277eebcfa899259a92156bc399ed1ac
SHA2562a6ff3e92a2a73bab4aa14c724980eac7697fe2c3febbda74c254d2f2226b36d
SHA512f0186db84b116bdcdee9b46ad8fb9979eab1bb5bd89a2de6f2093d46a1364499cc9d4b7a747265e6721484bd6d895c09c817c72b718dc239cca0cef59c1055d6
-
Filesize
32KB
MD544ffc81f5c110ab00b14c66413f5237e
SHA17d141b44000e1e26c6fbaa84ad00139a221ee98a
SHA2567f7addca8f9b49138c9c5b3c7e9d4378c82cd426badcbd357d36a5bbff9a9ecf
SHA512d3a4d452a5b89803c4eeb4a8260fafbfe5c66ca45788e1397f58038c85790acee5f04044f4ca72b8a68ae030e53f8868afe2e2f5b8f120ee3765c94f57e24b4f
-
Filesize
226KB
MD56a160e5713b7c4a269ef35eac73e1412
SHA136b833c40d83652d450888ff2b602321b9de877c
SHA2560909910f70a8bad23ba9232fc2d5110fc5841fd2c6600c5a38b1c72aada42b51
SHA51297eb791552ef0262d903b1f40ebf61731603cb00f57829214c71d4df8c01a1d2f1352f877f9ad0dec08c21afcb7cd3740b9cbc3eb1f1474ca70c3ab6bb30fcf2
-
Filesize
865KB
MD54b5bf1ef2c7a99a55072bf9103613e64
SHA113f8db6b30cd5236bf4b966472875cea6fe3cf4d
SHA256ac17bef9f99f69d501eda51e76c7cb6542345c74cc382552abcb91c78997b72a
SHA51202879fe18b3e0fe0d3d74810955cb71430af3bbf372c3ee0f3ca1742419352340cfd2bf2803f08e58c60bfd335b72bae2e8e055761cbaa66ee9caf55fef911e1
-
C:\Users\Admin\Pictures\png-transparent-bitdefender-android-antivirus-software-mobile-security-mobile-security-text-trademark-logo-thumbnail-removebg-preview.ico
Filesize11KB
MD585eb90ac6848492cdbff61323228a819
SHA117e8a5c40650ad469ab48c1fd85e7af642902005
SHA256afd9e95c4d8b7e97f1b449c4a1777f84b9df9ca157d3dae9c9d414c3f64e635f
SHA512f74ffe2fda82a585e94e3bf1f688712dec6d056cb19ea78ec7f2c69684ef8779d3f587dd909882bdb1faacc5a1435245ae411db2121a59c393798a371049122f
-
Filesize
711.3MB
MD55880b3cbd70c8bebaaf6784ef4417331
SHA18e8673dc8cc22221bde20a517d5da70e00df4958
SHA2562643c793ee12456c037dd2955135c8f3e60a9b15450d23cb06d68aee18698698
SHA512b0221ef37e427c0f3ffba9007f1727dca0857090e077a966daa8211c539e1fa5bdbcddb3d779a2ff70c0ae188cbc2b06d8b5a28913e26cd727af83dbd5a858d7