Analysis
-
max time kernel
1816s -
max time network
2610s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/04/2024, 02:51
General
-
Target
Nezur.exe
-
Size
4.6MB
-
MD5
483bc175a855a89d93cb00577bbb7920
-
SHA1
55b1ca916684328da9b004083189bf92ccd29138
-
SHA256
42317a2bf653554d75fee360889868dca0d1fa4cd8db24dac5e616e4ea6208c3
-
SHA512
3b186a5f644711634a331d7bf771cb7247a889fe65c3fc138de20cbb45f2f83bf060e6257444812d681015b8fddf1af03282a941ebd3019c5673a79cc1cc4ea7
-
SSDEEP
98304:URkvYI8Xa9jB6TKw/h4z+sLDuOl/+ooXE9jwzb6G:USvUa9jwk+sew/+ooXE4
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Nezur.exe -
Stops running service(s) 3 TTPs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Nezur.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Nezur.exe -
resource yara_rule behavioral1/memory/4912-0-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-2-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-3-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-4-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-5-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-6-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-7-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-8-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-91-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-215-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-250-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-274-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-275-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-391-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-434-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-594-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-627-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-768-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-811-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-844-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-864-0x00007FF713560000-0x00007FF714116000-memory.dmp themida behavioral1/memory/4912-957-0x00007FF713560000-0x00007FF714116000-memory.dmp themida -
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Nezur.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 4912 Nezur.exe -
Launches sc.exe 1 IoCs
Sc.exe is a Windows utlilty to control services on the system.
pid Process 2044 sc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Kills process with taskkill 5 IoCs
pid Process 3184 taskkill.exe 4204 taskkill.exe 1156 taskkill.exe 2260 taskkill.exe 1996 taskkill.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-647252928-2816094679-1307623958-1000\{4C2577E4-BA39-457B-B1F5-53F89A33E1AC} msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe 4912 Nezur.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
pid Process 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 3184 taskkill.exe Token: SeDebugPrivilege 4204 taskkill.exe Token: SeDebugPrivilege 1156 taskkill.exe Token: SeDebugPrivilege 2260 taskkill.exe Token: SeDebugPrivilege 1996 taskkill.exe Token: 33 2980 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2980 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 28 IoCs
pid Process 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4912 wrote to memory of 1752 4912 Nezur.exe 82 PID 4912 wrote to memory of 1752 4912 Nezur.exe 82 PID 1752 wrote to memory of 2292 1752 cmd.exe 83 PID 1752 wrote to memory of 2292 1752 cmd.exe 83 PID 1752 wrote to memory of 1636 1752 cmd.exe 84 PID 1752 wrote to memory of 1636 1752 cmd.exe 84 PID 1752 wrote to memory of 1928 1752 cmd.exe 85 PID 1752 wrote to memory of 1928 1752 cmd.exe 85 PID 4912 wrote to memory of 4736 4912 Nezur.exe 86 PID 4912 wrote to memory of 4736 4912 Nezur.exe 86 PID 4736 wrote to memory of 3184 4736 cmd.exe 87 PID 4736 wrote to memory of 3184 4736 cmd.exe 87 PID 4912 wrote to memory of 2900 4912 Nezur.exe 89 PID 4912 wrote to memory of 2900 4912 Nezur.exe 89 PID 2900 wrote to memory of 2240 2900 msedge.exe 90 PID 2900 wrote to memory of 2240 2900 msedge.exe 90 PID 4912 wrote to memory of 2728 4912 Nezur.exe 91 PID 4912 wrote to memory of 2728 4912 Nezur.exe 91 PID 4912 wrote to memory of 2428 4912 Nezur.exe 92 PID 4912 wrote to memory of 2428 4912 Nezur.exe 92 PID 2428 wrote to memory of 4100 2428 msedge.exe 93 PID 2428 wrote to memory of 4100 2428 msedge.exe 93 PID 2728 wrote to memory of 4204 2728 cmd.exe 94 PID 2728 wrote to memory of 4204 2728 cmd.exe 94 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95 PID 2900 wrote to memory of 2316 2900 msedge.exe 95
Processes
-
C:\Users\Admin\AppData\Local\Temp\Nezur.exe"C:\Users\Admin\AppData\Local\Temp\Nezur.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4912 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Nezur.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
PID:1752 -
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Nezur.exe" MD53⤵PID:2292
-
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵PID:1636
-
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵PID:1928
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:4736 -
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerUI.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:3184
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://key.nezur.io/2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc437f3cb8,0x7ffc437f3cc8,0x7ffc437f3cd83⤵PID:2240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:23⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:33⤵PID:1324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:83⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:13⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:13⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:13⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:13⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:13⤵PID:4836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:13⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:83⤵PID:1732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:13⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:13⤵PID:3384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:13⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:13⤵PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:13⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:13⤵PID:1436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:13⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:13⤵PID:1376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6012 /prefetch:83⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6140 /prefetch:83⤵
- Modifies registry class
PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:13⤵PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1600 /prefetch:13⤵PID:5596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:13⤵PID:5664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:13⤵PID:6040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:13⤵PID:6120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8208 /prefetch:83⤵PID:1252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:13⤵PID:6004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8116 /prefetch:13⤵PID:6136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1700,6472270268545285884,17616614700202118569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:13⤵PID:5512
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&12⤵
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Windows\system32\taskkill.exetaskkill /f /im HTTPDebuggerSvc.exe3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4204
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://1cheats.com/store/product/41-nezur-key-bypass-lifetime-license/2⤵
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc437f3cb8,0x7ffc437f3cc8,0x7ffc437f3cd83⤵PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,11877858010357225138,11804525735150931402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 /prefetch:33⤵PID:388
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&12⤵PID:1020
-
C:\Windows\system32\sc.exesc stop HTTPDebuggerPro3⤵
- Launches sc.exe
PID:2044
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&12⤵PID:2472
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1156
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&12⤵PID:3740
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:2260
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&12⤵PID:3984
-
C:\Windows\system32\taskkill.exetaskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:1996
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1732
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2608
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:772
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D4 0x00000000000004C81⤵
- Suspicious use of AdjustPrivilegeToken
PID:2980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ce319bd3ed3c89069337a6292042bbe0
SHA17e058bce90e1940293044abffe993adf67d8d888
SHA25634070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3
SHA512d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7
-
Filesize
152B
MD512b71c4e45a845b5f29a54abb695e302
SHA18699ca2c717839c385f13fb26d111e57a9e61d6f
SHA256c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0
SHA51209f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241
-
Filesize
27KB
MD5d6f862353c2433098d82725f90a0e280
SHA155ab2e7e58fd35c99aec7fb52849d866eaefc438
SHA256719a5b617534fb3a811c51a999f943911439fb43225e3a38a79dfb9c0ffbac38
SHA5120de7c8478de4d63e2d49e834c5ddc7e6190dfa851b46914f32adc392c1b9e22e6222c01950738985b44612b65a8cdfa6ddd99e77c49e1d6b9257c63af974b178
-
Filesize
63KB
MD58ff42b760d33ac3eab8db029f3813afc
SHA13739c9639f09f5126b22ae442dffd01ca1ee0886
SHA25602c861339110f8e917bc592deafaba09ea20d5061658a31ce8a182e25e4b6bc5
SHA512eabb7e2f8398706354f7ae82e6a8f5294baa605009adc890aca4f40817c4921a2168e915afc0830840a9918de36c6e4ab1ba136e6ab41bb7db744ad1c0a26501
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
76KB
MD55faa2facf1a28f6bd1c10e568f17074b
SHA104f20db7e5ddef7c8a2b583772c2137106eb12d5
SHA256240bcb4c76b69ccfad67b80c9e372681ca6bab5c584528c042bc917362b7c89a
SHA5121b91ad50f67d08aea447fe81bfd6468ff412759d0e88b130811162ef1c64a1d8e763c1984c674c56171a7578625978edcb74377441641b00e55dbcc790dbcc31
-
Filesize
94KB
MD534e8999c465fe11d2bcedcf94addd39a
SHA13af8608cebdb68c4ac4cdba6d927467f39b6be11
SHA2569bf6e502cf5825d79a72759e4b3e59ee54839ee7c8a194218dc5d7471cb97d37
SHA5128420c2fbcfec65ca905219913dd37ee446849106c12cdead13e800a9c884fbd732e8078ead4dae65a94a4b3e50834aec2a862c4c76dc14608555d4bd733f1a16
-
Filesize
29KB
MD5f85e85276ba5f87111add53684ec3fcb
SHA1ecaf9aa3c5dd50eca0b83f1fb9effad801336441
SHA2564b0beec41cb9785652a4a3172a4badbdaa200b5e0b17a7bcc81af25afd9b2432
SHA5121915a2d4218ee2dbb73c490b1acac722a35f7864b7d488a791c96a16889cd86eee965174b59498295b3491a9783facce5660d719133e9c5fb3b96df47dde7a53
-
Filesize
16KB
MD548c80c7c28b5b00a8b4ff94a22b72fe3
SHA1d57303c2ad2fd5cedc5cb20f264a6965a7819cee
SHA2566e9be773031b3234fb9c2d6cf3d9740db1208f4351beca325ec34f76fd38f356
SHA512c7381e462c72900fdbb82b5c365080efa009287273eb5109ef25c8d0a5df33dd07664fd1aed6eb0d132fa6a3cb6a3ff6b784bffeeca9a2313b1e6eb6e32ab658
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5d599303236bb9676e205a459b32424a0
SHA1d512acabc4ecc391ac0fbdf1a822b0f7b604daec
SHA25692bf230dc415d01cd8322b40c7b304bfafdc4f035f2330f27e5c98c6a9217104
SHA51211f5a2860ad4b194f1e753df8e248020e39db2b2241c3b02d2ccff6fca2c6eae07ae22b27de58967b92732d44b4d80eedaf68dc1533685196530cb93de9217af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5a48ecfb9cce39ca19ec4498263a1320f
SHA10d1bca9ceea15b074f262e4e3486420738949042
SHA2561873822e861410b5f29b6852d39123dc2dcf32ae9933007c85ebb219defc2b86
SHA5123ffebef35974575cb28fa4ccaad2c092d8aa12969f5210aef4a9dc28e74e31c10ba3c44183896f9f916d9294fbfc2d9222b9529ca9f8db93981a7499ccc4325f
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
3KB
MD50a81952208055af46d950c7b43aff525
SHA138336d4388b2d19c99c04f4baae9a61a82acb825
SHA256869263b997d406e7d09276437d636223b49e2df057b7e1156e694db16637f4d0
SHA512911d5166c50a24cb9ab3828027baec7c75985cb4cc446d91e80476676a1dac71333ee6c9bc2407dbe10a77be6743c57ec20a2ec4696d850682ba0fe2719074a3
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
4KB
MD5268ed5b953364f64d1022026141e289c
SHA1df304269182242a2ded336d6d7394b01adf81d8b
SHA25637a4bc4866a2b1e4bbc308689a1c93978909b07487d75ea2e16e5c26b08851bd
SHA5125402b0a7a13c35dbc31b2f0197defd79e57b789abb8516a4e2708b2665537c148bbce16d5a4db2664a013951d1351ec9b9907738b1a17dba6ee49489a65caa35
-
Filesize
7KB
MD5ff83a65b457477dd5160165be8870453
SHA1b5758e6d0415cf26edd7e0c336df975049a5f66b
SHA256d922118d5e8e426e3553a16cb7c3c2d73f760480c1a00984c738450a6d80c2c2
SHA512960ae3c31ab2344ed8f5b84a7d56ae176b0ffa6acf8f0984dc8579ddb09ab2a2ec2382ff77b5a765f8dd960783b90fcb6c34a9ffad681b555ccb5553264a4a79
-
Filesize
8KB
MD542c9303c1fa220a8e6a961c5f55e04dc
SHA15de0340f6f3c9d513d7a7f95cac4df43a81246fe
SHA256c059e057952eb80b757fff1efd59d959af8257c5c9340b02e7c675ad1513495d
SHA512a10d42400b2e3c014647334b362180919f384ff017cdfb028751106e51b0a269539555cf3ff9cbb59a29502c204c0a16d31f180a5d798cac4165d55c60dfcd07
-
Filesize
8KB
MD5d5118755eb2c3b7fd8065b13cc70c18f
SHA1873479454e7d3ff2eabc3c4b0d325528159d75e5
SHA2567443af3df0b2a5bf1231298fdd4e2ac987d0b8a0ea7ac1c8a74ac6aaf3d665e5
SHA5123ca14ff0e5b492977ec097d7758d3e50155ab84cf9046056e41243e15fd18f56a8f7015adc0543eeb7144fcec3be16014365110de368629cf1210c0bf88640eb
-
Filesize
5KB
MD505d34b6b2f582c0d2781ccc0625d5b12
SHA1f19ba7530443da1b1fd57f02e6a606ab28bccce5
SHA25648a84d2de1bf813ada93cddd5dbec3fc0de4804a47f7ad862e3e473e7b2209ee
SHA512e594f27f5c351ee83779cd0ca3cfebb55c0dae1ef7efeb8845927d05567322eefbef562ecafeb472e3ac99d9edac5b55b775634f1e54a7d6a5213c8dbae24cb5
-
Filesize
8KB
MD50990017ce7f2fbc17ee9ceb9817ad8b3
SHA16608b19efd21add0bbd106eecc504e4e527b2c02
SHA256a5de4874c9561ebaadca09d686cd623cf338730bd5f5a2698edf73529903ad58
SHA5126d875ce47d0a877ba634d6dc9136fc058c2c7b14aab016111fc6e10480bae97dbdd8f9a86633082a616b9190b126292fcc8cb080bcd437bfea0aaf2f96c68c62
-
Filesize
9KB
MD56fae8d3460ef111f97298434695326e2
SHA1f9bdaed09f53da2424c28ce7ce9a8f30453022a4
SHA256a8e788215c100481b0d38eef2ca89682ca54f966567193df14fa206b3fbd58f2
SHA5127337004a9c70fd34a8faa22bec6167303a070335752ef6b833b18f13b6fe5f8bb65cc0d6b5290fb3dd86ac2a5ab48d346072d6115e9fb2e6931964e79434cb31
-
Filesize
9KB
MD5a8c565e17cd4286584dc6132268b5a63
SHA1af746674365b2cae0bf796da661ad7be68526383
SHA256d07ab787a5d43095a230ac39e88e9206396bcc85a8ea932bc6fb7738665f9833
SHA512004395fb624652acf046babb938a6254dbeea106d04ef20037651f23f2bca0aad209e6a3de256b6d335d0d017b92056fe0f55fb5554988ae8c36bdb6e580814d
-
Filesize
6KB
MD5c8fbda88265356e43e7e5c3ba2dc331c
SHA1a2c0fc75469ec7543ca146eab49b72884e44414e
SHA256195863a2416959a99c1bd909a34c42f39233e93c843fed9b3b837d90ebdd5fc2
SHA5129bc71d84723d8ac6f7096bf34f984b5e1f9804c0a30d448e5555eda47dbbdca6520a12bbf810c504bcaaa0d27365c536ce134c92d9a859fb0bbb19f9336c5025
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0
Filesize2KB
MD5febccef2c5124f3383fc00baa2d2543f
SHA12de1942bbcc4dd28f9aa32b8472c603c86314915
SHA25638376c18b8f2a94d161263d98a6b938c73188664c0de239ec2639aa894d30443
SHA512ad45c37bd1f8906c868fb6984bfe41caa1ede108fd170a02cdc3a3177be7277f106209143080589708cd9d4c27d1b433086b640006635f21c0b954d61a1372d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD59986618ff14e07dc3102ecacae6d1392
SHA1de26cc9eb371c5fc561927c859161d6352b28696
SHA256464ad8294401dd7738e5c66e6ddef2f7cf9af47fb6417a4f946f9af2c4e52f05
SHA512cf0ff200e87c75b56025f7f74801d931025a3b548b2c3974f6d281bbb0708dbdeacf733e3e40d1ba49ce414de643ec805d2298feb47031de44a52ae3cc5a412b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58d4df.TMP
Filesize48B
MD53a19c42f2916bddef34134079c709a26
SHA1b795d0b4cff3bc5318479a8ba419eccb4dc86643
SHA2560360421696195314bb5981c640fe8ca0a54ff75653bdb1146dead3f89a27e9f9
SHA5120cf9abb8c9788fab8a18b2218335c7dcdd1da118bc8c0715c66f85645d45254da61b0c12cf2db7344f4450a380fc98433bf2f3c310a1ac931fbcd3ce27571990
-
Filesize
706B
MD57fa292d3a415eefd07b8d48dee0efdb7
SHA13d25e3e774d52c81a305df367b8005321ee6e6df
SHA256aa7832fb57251db1a21e06d03a00b56745c899909548fa1ac8a1e01065996b45
SHA5125b46be65404e6e93b925c895020be2612c9dda3bdc0a2d5214261d9537087c1a7c0b4b274268f3a598675ecc07478fe578779cec5a69c890963213e02ddfe99a
-
Filesize
1KB
MD5baf9b5094d566ef908392ae9c9a4d770
SHA1cb145c206c34db54287f1448553e8a9e6eba4cfa
SHA2564cf877cec9eddcdcb6b5d83b4d12ccc5e552040c7c7dcc2e28fe11535a394c38
SHA512ea99f4e11d6fa0ec48876c1f164d0150d61c206cdc313196cb4968c23ff9689345c026aeba0d72af383e45c68eb6be24d389ba2c8bee44f7ec92e79c9dbe2aff
-
Filesize
1KB
MD53a6bd1c9e72e9e05cdfc92cb1fe2982a
SHA101d2da0d62e40c9bdf4ae7c75ba4d829e8ec2e88
SHA2565df54ba87046798a6339e8d5196b4fa126fecf5e40b53ff5c5b0ca152a9ad955
SHA512e9e42a3fb20b29365f0cbbae499abc17201590523a706762f87a2b8f8285a531e3f7f06cdaadd6598ec24dc4c4b0a9e8dc1c8a5a098586d125eec7bcd5a27a64
-
Filesize
1KB
MD5ff781dee733bd573e0dadb73888acd1f
SHA1e33c8de41cff61d25faf526b5c95b6f7746f454d
SHA2563a1b3b28c2f7191da497a05b92122a348b234cb0441c5e6deac04a65411f0b1d
SHA5129b129e8e3d4ebe06716dd44d0ca8c06595b1d0f5b737c108a3153d79aba275b5469e27e504ed6a7ab372c5e0d8c89d0c3652c7e15a78c4950a6ca0f7fd856952
-
Filesize
1KB
MD52f24a43d2857d80933b4e62b334849a9
SHA1219d7324693538bc65db52ab355bbe42afb7c666
SHA256dd83f55d6654b36975978bd9cdf1db7bfdc1d061f1e7fa028278547487f54ab8
SHA5121641f3ed2eceedd323151ec018fa4024f850336b6173556ab838052b81cb2d14c8642b67a64c62cfcd52a5c03990af08a49b3b759c03b1da33fbcab0ee681fdd
-
Filesize
2KB
MD59a3336337a4becf0995149dc9bb45823
SHA15ded58c4d47ba86a63e2879c2aeada84d6a2d83d
SHA25699d2db259cd9085517b664a6411261e812e22ab3afb47907546efae45070944c
SHA512f5956910c8c96ee7fd8443adb9862e26fecf3011efc58fdb24d2058f52de2eb8b888021a1c5807987c3651a255e39183d393c2795c4e73ead535ae2ff3970ac0
-
Filesize
2KB
MD5ad606fe9f555ec9ebf89b387d37c4f88
SHA145d1ad266edcfe7b22692099186b55318e3d0381
SHA25604c9a839207f0fb0737566479e55a1f119f493aaa43fc48767be3b51dfdeb1d0
SHA512c80e8293e29541e892e0b684e48da83dbd26c0e591303b8783426fae3bbc14f904b4380cce9178477f0ccc70da27b5fbb5835c9c729bee7f09630c5166e1ef38
-
Filesize
204B
MD544d2431b3c56cc0860fbc2cf82a8f99a
SHA13c93922db05dc933134c8b30cc6fa5047fefb343
SHA2563a4b6e221be51a24a6e72249e9b4810f3854b2bd8e41f83af2c0bd319fd5d28d
SHA5124bf09808d7c4eca3f2ebaa082272b64fe30c160887ef79f8ca4c6566c9303c9a0246e0cd7761050b7a88c64127589677dd36a5be6e00183085f10bd38082637a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5576b3fc7f16b7a8b77dafab242e23b8b
SHA1146219ab9fd0fb9a0aa78ee6365b00fe1fd42a20
SHA256dd1946b9466bc1c0650937b5ba6f6a83e1c36c130032e60382d09423cd3f5bd5
SHA512e1e96cb0270e5d98398c514e3c41b0c3dfb93287c506ff1c1f976ab00fac824bcd09c3c58f043744a0ff615898a9fd50ecf2bf9059222d556c1a0498c6eb0f30
-
Filesize
8KB
MD59fdbfee94bd358f8968743e5a7db31e2
SHA12d0d2bdff9f45bbcaedb3d87bb5f663868d9091d
SHA2565fe4a4e3d9ae6a8df782b88bf04df11846d5d35b89e8f32160c3ac304cb2a989
SHA512e008eb2a3b59fe0ef27d18840d042d886d6fcccbc14ca3f82b9de6f583018eab9748712491a5b1a1336b75386af744fda502d049291920ceba33f513965ee4d8
-
Filesize
11KB
MD5d8b5f54d29fdc63e4b8b9fe52ac52e5d
SHA1c46755289f2a8f4ee5b8f8c4c1dd0703429c77af
SHA256953efef1e33834d2224ae18356f319641069c66738f6421e8a6cbbd8caecaadf
SHA51292052edce2f5cf898fcdee0015e9411668fdba56678f7a351137a630b2a09bdd64952ead60bd5712e18be7f0a92594676da535096d84595462c0e9ac62aed040
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84