Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1030s -
max time network
1024s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23/04/2024, 23:06
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://surpriserangeloggypo.fun/api
https://productivelookewr.shop/api
https://tolerateilusidjukl.shop/api
https://shatterbreathepsw.shop/api
https://shortsvelventysjo.shop/api
https://incredibleextedwj.shop/api
https://alcojoldwograpciw.shop/api
https://liabilitynighstjsko.shop/api
https://demonstationfukewko.shop/api
Signatures
-
Executes dropped EXE 12 IoCs
pid Process 5380 䕅瘵㍮㜷癸x 2848 䕅瘵㍮㜷癸x.exe 4792 䕅瘵㍮㜷癸x.exe 4508 䕅瘵㍮㜷癸x.exe 4912 䕅瘵㍮㜷癸x.exe 2944 䕅瘵㍮㜷癸x 888 䕅瘵㍮㜷癸x 4080 䕅瘵㍮㜷癸x 672 䕅瘵㍮㜷癸x 1280 䕅瘵㍮㜷癸x 1132 䕅瘵㍮㜷癸x 2516 䕅瘵㍮㜷癸x -
Suspicious use of SetThreadContext 8 IoCs
description pid Process procid_target PID 5964 set thread context of 5380 5964 Davinci Contract.pdf.exe 152 PID 884 set thread context of 2944 884 Davinci Contract.pdf.exe 194 PID 1084 set thread context of 888 1084 Davinci Contract.pdf.exe 199 PID 6108 set thread context of 4080 6108 Davinci Contract.pdf.exe 204 PID 716 set thread context of 672 716 Davinci Contract.pdf.exe 206 PID 5656 set thread context of 1280 5656 Davinci Contract.pdf.exe 209 PID 4828 set thread context of 1132 4828 Davinci Contract.pdf.exe 218 PID 1932 set thread context of 2516 1932 Davinci Contract.pdf.exe 220 -
Program crash 1 IoCs
pid pid_target Process procid_target 4624 5380 WerFault.exe 152 -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString taskmgr.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-259785868-298165991-4178590326-1000\{68EAF7C5-173E-4D18-AC81-FCC4B6136DC3} msedge.exe -
Suspicious behavior: AddClipboardFormatListener 11 IoCs
pid Process 5964 Davinci Contract.pdf.exe 884 Davinci Contract.pdf.exe 1084 Davinci Contract.pdf.exe 6108 Davinci Contract.pdf.exe 716 Davinci Contract.pdf.exe 5656 Davinci Contract.pdf.exe 3956 WINWORD.EXE 3956 WINWORD.EXE 4336 vlc.exe 4828 Davinci Contract.pdf.exe 1932 Davinci Contract.pdf.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2352 msedge.exe 2352 msedge.exe 1980 msedge.exe 1980 msedge.exe 1096 identity_helper.exe 1096 identity_helper.exe 5040 msedge.exe 5040 msedge.exe 2776 msedge.exe 2776 msedge.exe 5756 msedge.exe 5756 msedge.exe 5756 msedge.exe 5756 msedge.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 10 IoCs
pid Process 5964 Davinci Contract.pdf.exe 5456 taskmgr.exe 884 Davinci Contract.pdf.exe 1084 Davinci Contract.pdf.exe 6108 Davinci Contract.pdf.exe 716 Davinci Contract.pdf.exe 5656 Davinci Contract.pdf.exe 4336 vlc.exe 4828 Davinci Contract.pdf.exe 1932 Davinci Contract.pdf.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
pid Process 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe -
Suspicious use of AdjustPrivilegeToken 9 IoCs
description pid Process Token: SeDebugPrivilege 5456 taskmgr.exe Token: SeSystemProfilePrivilege 5456 taskmgr.exe Token: SeCreateGlobalPrivilege 5456 taskmgr.exe Token: SeSecurityPrivilege 5456 taskmgr.exe Token: SeTakeOwnershipPrivilege 5456 taskmgr.exe Token: 33 4812 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4812 AUDIODG.EXE Token: 33 4336 vlc.exe Token: SeIncBasePriorityPrivilege 4336 vlc.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 1980 msedge.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe 5456 taskmgr.exe -
Suspicious use of SetWindowsHookEx 13 IoCs
pid Process 1980 msedge.exe 1980 msedge.exe 3956 WINWORD.EXE 3956 WINWORD.EXE 3956 WINWORD.EXE 3956 WINWORD.EXE 3956 WINWORD.EXE 3956 WINWORD.EXE 3956 WINWORD.EXE 4336 vlc.exe 4336 vlc.exe 4336 vlc.exe 4336 vlc.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1980 wrote to memory of 5076 1980 msedge.exe 84 PID 1980 wrote to memory of 5076 1980 msedge.exe 84 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 5080 1980 msedge.exe 85 PID 1980 wrote to memory of 2352 1980 msedge.exe 86 PID 1980 wrote to memory of 2352 1980 msedge.exe 86 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87 PID 1980 wrote to memory of 3132 1980 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://blackmagicpartners.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1980 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7c3846f8,0x7ffb7c384708,0x7ffb7c3847182⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵PID:5080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:82⤵PID:3132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:82⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:2056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:12⤵PID:5456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5788 /prefetch:82⤵PID:5784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:5792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:12⤵PID:5628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:6000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6404 /prefetch:82⤵PID:3284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3860 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:12⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:12⤵PID:5372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:12⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:12⤵PID:4232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:12⤵PID:6112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4964 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:12⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵PID:2980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:12⤵PID:5768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:12⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1752 /prefetch:12⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4872 /prefetch:82⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:12⤵PID:5672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,13850384164702961169,11646399304587375763,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵PID:5684
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2460
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4840
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5040
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5964 -
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
PID:5380 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 3723⤵
- Program crash
PID:4624
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5380 -ip 53801⤵PID:1536
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5456
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"1⤵
- Executes dropped EXE
PID:2848
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"1⤵
- Executes dropped EXE
PID:4792
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"1⤵
- Executes dropped EXE
PID:4508
-
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.exe"1⤵
- Executes dropped EXE
PID:4912
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x.txt1⤵PID:5252
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:884 -
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
PID:2944
-
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:1084 -
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
PID:888
-
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:6108 -
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
PID:4080
-
-
C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:716 -
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
PID:672
-
-
C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:5656 -
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
PID:1280
-
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Document for partners.docx.docx" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3956
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\[Videoeditor] Contract + Preview 11.04\Davinci Resolve 18\Davinci Resolve 18 Trailer.mp4.mp4"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4336
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f4 0x4fc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4812
-
C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:4828 -
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
PID:1132
-
-
C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"C:\Users\Admin\Desktop\Davinci Contract.pdf.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
PID:1932 -
C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"C:\Users\Admin\AppData\Local\Temp\䕅瘵㍮㜷癸x"2⤵
- Executes dropped EXE
PID:2516
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cff358b013d6f9f633bc1587f6f54ffa
SHA16cb7852e096be24695ff1bc213abde42d35bb376
SHA25639205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9
SHA5128831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259
-
Filesize
152B
MD5dc629a750e345390344524fe0ea7dcd7
SHA15f9f00a358caaef0321707c4f6f38d52bd7e0399
SHA25638b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a
SHA5122a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902
-
Filesize
69KB
MD5aac57f6f587f163486628b8860aa3637
SHA1b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA2560cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA5120622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
36KB
MD5541dbccc44626d3a427714ff8bf96ec0
SHA1a7a459e479cf7bb7d70b8a7b6c47fa7e83cccce4
SHA25647f186fb4d1790e744213506d89a1c3caea0e79231952c32ae53a451634762b4
SHA5120dd33e0908ad3ae9c31966bad65a7c199c579146230d4ef8b5a67e6e7090fe818454f616d4ebd989bd2f872cafcfaaff09798fe9bfe4303c9428878e9f35499c
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.1MB
MD51f557ae943b3a1e823b56cf9d410e7c3
SHA11340fc7fa2cf9fade7bebcc8b4dc62a1686aad54
SHA25640f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb
SHA51232d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169
-
Filesize
33KB
MD53cd0f2f60ab620c7be0c2c3dbf2cda97
SHA147fad82bfa9a32d578c0c84aed2840c55bd27bfb
SHA25629a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b
SHA512ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb
-
Filesize
75KB
MD5cf989be758e8dab43e0a5bc0798c71e0
SHA197537516ffd3621ffdd0219ede2a0771a9d1e01d
SHA256beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615
SHA512f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7
-
Filesize
1KB
MD59ce80498a36f39e5e316470ba996bc85
SHA1fc876ada77c5ea2ec2b71d0715a00893e5268e8f
SHA256595b4bf9fe0152e1f43dc61fecaa373cb1d6ea223bf26afbae6975d8ad791bee
SHA512054e0cd0f4d398428b70923133cd23b286cb64158687bbf6ee9de8f119df9a6d4fe0d2b94cd22652d1a99b0afb32dc1bd82a749aaa6d2868ef45d12b76b67317
-
Filesize
3KB
MD5c1595759b7166a9ae98d3cec473d3907
SHA15bcb6aa32b22335983d9b2880d782746700a0427
SHA25695ad90392013cf4cb31f2449b18f85fff0bdf07a9aa675ed7a6b6950494f0626
SHA5125b33c84c61ad79f047b003b853ff8f4571d2036c8d54f21b2d8ff59b7d28b62f2ba70dc393fb60dc474053cc15295705b5764dba04a9e654b00b670dbdaa35ca
-
Filesize
5KB
MD5977c1e6b604460c8a837a40c653e8918
SHA1c01c6339be3beed113ea1b2ec46b47d6d2fd416a
SHA2564c86f1a74d695bc5895851a0b03b573eeb6822661be329b3855f80ac3daeec52
SHA51218eb96a86f55167014b1aa669307d04df4a89c0eed336487ca91a1ba6a4cb7d69e48eed7d1067d86852f95e06fbca9e126c522fe9d1c6b4d1dcc9fbe7980e286
-
Filesize
262B
MD5ee60c8ba8d4ad17c73cda9f8ca332b31
SHA15ffd31db98a295188f838343362d7e15b4b40942
SHA25688aa74e782b76e684cff8721872b05191bd05053a98fdc1b12e17ee455bbef34
SHA512f0023a04be628a3089bcdc2b67f1227dc3d2f438969b99d8c68da745adc5497124de38644d91d78220223547f9d5ff394ef19d505f011d98b7b352185af99989
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5520e7516ebfc2f4bee7148383e68cecc
SHA17a8fc1d138a479c29f5b9f46ac1b91169808ab1d
SHA2569ddacba1337ba114272c94b9e39a2a2d9887b3ff9df4bab5e0ac8dbf9d4cf13b
SHA51272045609f3b08323101bc2a99e2a30f88b0fa295a454fa52dc69b1668606946ff77acca356978e20c176b2659c2575b97ad28f20d7a8500b9a437f0d749c4bb2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize336B
MD5c01b74022df8cba1e3c61ddc72ffb6ae
SHA18b49b3ca2909c386de0e56c3a0b4281aa642e335
SHA256fcc2ba9d6d64206c21366dd1c70c2ec55c97ea43952a8af667d2ffd6cb403379
SHA512b40aaa39b132d2da6882bdbf021014a4b4ea1ca2c39476c1dc86e4bde0d3bcd33cd2a5f195d4f07be495528b9db0fd87f7f093cdbb7fbb08679da10bc7c3fffa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD57a34df8c4610d5fa5b07ce5fa16247e8
SHA154476bc10d112a8ca47efcfb6f73444e2a7a6f86
SHA256290d2d86839b74d3006749f5b612c230d200383c0f59f0be72462a5c649d26ae
SHA512e8384d9982b3e0625645c51e03045c1ba2ad2fffd385123c715622503d611915bf2c69670a95c042bcd3062363eb8c2ddd02504959c594ec5b49f4539bf8e3f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5a263e3962cc1a485775a7cf3d889ee16
SHA1162d97bfa8125eee6b30cb23644321b149e1a9cb
SHA256f54fbea99cfa71b50b11be28fbb229e7f4b5dad8097c358d5f018b5710dc7335
SHA5128fffc9067570313ca359d7393fce0975419ef03b5c57fb0feb8f307f39259156f6bb759f3a660f8dcf35584faed666846aef3fd3819aa8fde8218c70ceac9997
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD59736c68416d36ba5c5226d8c7eeb9057
SHA19bab59368888786894c5064fe675fb024ab7e8dd
SHA25676a219f3a55ff4400277bf9109868b75f51bb7c0c5a68d1b59e755243548a9f2
SHA512806a976e60a07a02d362eb72b4d3e71a12b12be6b1047273d228c8f23c9d17e9a2012f8c4d544649b883f4e6df09b36fa9b354bd7a1b4be33bd677e63c5d9250
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5c669d19d4d68a4fe2ae11c895165e76e
SHA147a96e8ba60f6102d1112482e99cd33a68ea490b
SHA25666bcb46583ef91c11ea1e6bf5f5148f445b0e88dd2361efbef15e2115640803c
SHA51251b3d78cf59191e1b0ea6c27b4f404b4ac558518612507623fd221aff3b032b73292da36d6382448e2676119d87b288f2b41e2696bc5f0ec8d4e0ed8e3e50a83
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD553a6b6a75b79ed1e2e4e5be2409be0f8
SHA1a124fd83b126619d00a9b5f95e4a6d9a5c4bd9c5
SHA25651ff9885dd0543e95e4db41fe7d9c2d17181e757f183723683d8234f76653997
SHA5128523d37aac0ef9b6ce6fa0436f7ade351d5d16db20ffbfe409175317d0f349e92f3f390efb1047369e99282c41fea6b8bc10b3bc44643717c54839e44881a5fd
-
Filesize
1KB
MD580dcad2ec8d4c7e1ba901326cf66d7d0
SHA1e84da026246312229c79ef90af57214ab4aa3d11
SHA256cf3a799baf0a2279bc17ddb153eff929e67a63b688a2b252bfe460ea0256a341
SHA512b08fa244d2f2bd998b8bbf5f5904d233f7223bf674065a1aa106764f3ef99f44942f27ec3802391c9d7fa93428ffa03fd68302a8a6df89c17d24b4fd4d9ed4b4
-
Filesize
1KB
MD56f43e06d90dca42e176c60124da68935
SHA180c4ec73c006eb91498255759848f6891f3cf3f1
SHA256e19a1b450b3296fc749e7c27c4096d8bcda008371080630096e353f5ddae87ef
SHA51235030039d14e2816cbc544241e1b52699947a91297340d40168f23469219dbc56345a58d3b2831b9b66111ef136597a1065a27b11677fe72afe97d63262edd6a
-
Filesize
1KB
MD57368479857c658977c27bd3853b21a8f
SHA114f0213d5d452cae612f69c013a2a0ca604c9104
SHA256b7a26b56eac4b67d12acebbdaf511510252aef2ad91cbbd765cd2354ea946ba2
SHA512eac31d43e6db285f1c66a293f789c069b6b7162eb8299b59b7aeb500533e97ca6e4cc42d9bb2a380516aab9d900f98d16636c8cf8a8bb2a767f7c53c27080932
-
Filesize
7KB
MD5fed96a66c04df46b8c85fc9a80dfb8a6
SHA1d3b7a76e8787bea72e53ea17d4f8011082679860
SHA25689b8ae3c85795b59a9cf8ca822440e687c57c89618895bf8925a4d00a26d52d3
SHA5125a5d5710a2bab4d7dd9a3267cd5342fac7fc223f349dac28f0b220a904180572325c2c300305c8e319219b04b72ebf4e0250fcbe3bcd0901821f653dab2acaad
-
Filesize
6KB
MD544d0ae6d9a8ad21eeb3ec088250987ae
SHA17680676d07ebce735dd55819c177b2ed8d12b8ab
SHA256fee70da0b40f0d8cc80ab692e9d143dac685e1fe0692ef1017edd420e8fbd2b8
SHA512c2699514812ca7bce37965a5b99e54eff572caf3e2c2d796a47460eb50aec1e430f0cf585a9362e7bcad85ea7d2fe144fea507775b16c754a78cf82e2abb5fff
-
Filesize
6KB
MD59b943aabcf073c5068b4324016d7fbd7
SHA1a15c5825049f999a59d60c0a4f2a40ce4aef2ae7
SHA25656f202e4d4de8c7f9dd76ec53b70d029ae3eca0c37168a61f3e19c0b9ba1998a
SHA512125a53231cfe699f8b249122803aaab93e087514da378b50f2826ec246d72e93f511ede64448b537780f14ddf074621ebc6e9ffab0db9ea7328f3cbb2e05be81
-
Filesize
7KB
MD511eb920863a069173f2ed29df0ac11fa
SHA10b091cf1c190819ed199087fdc7ee864425da597
SHA2567ed47a96678e8da6cf5cab30f4cfd2067008f404b27b8c78826ce832852f3360
SHA5121cfbfc13ea7e17b615109ccc68b05764b65824130248f81ed6d923a648e03643551fa1c11ce2d16033b630a2684a9ffa9968f5e20e726c92e513aebdcf2e39da
-
Filesize
7KB
MD531af62040d09ed52499dac69a33369e2
SHA1c19e244366db1a2a3aeb7999d732e3ab8fc14792
SHA256647664a51f43813ba41446a17956461c774a367baa2935331fc3ddddd8b6a0a9
SHA51204bb474d3d762408a617c6294234ce1717db576aabf589c162e8ffe3d17e7ef76d5fbdd236b76f9e76a5d6ee88e7e19e02ee1254a4acac906d31c98158e993d8
-
Filesize
7KB
MD52d7cf284db948d5c6df7825c0d3b55e4
SHA1b0a8b287c7ff2aa9c7a90cff2703d0c6c8d54847
SHA25686c1dea0f05847e5c9b4a719be3a3efdcaadfcdf1ee414a8019a8f7236400214
SHA51226d04f5ab2420f00f9632c469851d296a0cbbd62faa40115c44909c0a65cbb73b195e166c2d1e2774a131209873b89adf19b83ca0da753cecf3e63ea85e70397
-
Filesize
6KB
MD57e8756f7607956b629f4f5aed9fc0149
SHA1c864914424a8eef881afb4603daf785a629420cb
SHA256dfcfcfb313cc8d2b3b8815ccc5d8350974e77e1565d81f6dba6369b54f86466d
SHA512da38ee78811ee75cb04d2e39cbcf6ab8061d4a6eaa67c9262c50ba99b37f18333bff0b58e3ee00264c3426675fad600584f75738f1cb1d7e275b4e51c8ae844b
-
Filesize
7KB
MD516f5b8b173358850d9d69a97c046fd25
SHA1f550dd1af180b292750c71651cec42434bbb8b1e
SHA256264790b1c62d7544d8546c0dfdb935b8ec2dbd23eed460d952847e1e57360ca9
SHA512175185b63ea6ab94182f85deacc5d74307379c1510a9ea0d576c91dc150a7907a9e06290ec310b8456476cef2303b3c49f2c0bf7a7e3687c953a7eb534c97d65
-
Filesize
7KB
MD5d0d8c526f41e4440bc6a4bca532ab65f
SHA15fd11daa75808c595295e840d464cb27d22af271
SHA25643889ce42984aa1606d1a3a2c8df2a6780aa1e44374954b76e0c493dfddb5104
SHA5127a2cbe0b176841d881c6f62791c58557df6f8ed926fa594c1faa2b2e1117f3aec5ea855c2a9b62d0b33266b81cc4c09fea1c409a79c9b5ee864065fe0d82af61
-
Filesize
7KB
MD589ec68abc6a22fa342fc7d2f83501e16
SHA1abf35401f9b1fe404a2b04a48a7219bc45918e9f
SHA256d461e2ee54e7c9b257681b712a51e3101533b2b4b3b07c1e8c9c8d7759509b66
SHA5123d3d884fcbf6f16b3e45853d76f6eb7fd585f872809289df1f678fd8beda99cfeb8fe073993417dd979a0171bf1a8b7562408227ea6d86b003a049aa45bb0d86
-
Filesize
7KB
MD528a7ad9d784d0cb987ebdcb9155e38c8
SHA114bc6e8b7988f5077cdb6d54e66186021f6710a3
SHA25698cf7b8b0ff066f8606ac4b9acb69ba40f987a402f71688143d5960901629d01
SHA512ebc04a9c901adf5f00678af83b93c08ce81008a8d7f1f433964e24d94e8803c6733937028570acda8be5cd9303faa4c53e6675e641d30f9e9d53e60788ce57f9
-
Filesize
7KB
MD5a91f1e0949a68cf13b43fa9e3b122d50
SHA1695de39bcf0cc819ec4b20987dac1f4aa2e2af44
SHA256b9df84f77a897c319ac6ebfdd79e95f129cadc25ca8ee52e8b0711b7cbecae6f
SHA512de0615c1fe9007feb89551d398c31fb2b0a4139cbdf442680717e99440dc0ab7fb8cf1f81138be27226f0349f9695caf00659bcaffb6b30d007cd0f465eb04ce
-
Filesize
7KB
MD5d44910d9e4824ae0408796219ae014c4
SHA1c981187e6a45e4f601233a09b0204956841cc6fb
SHA2561db82a1f3945da4a8f5b4e6982282e7dbb8f0bc30708b06a86be5a4e2c454caa
SHA512e8f49426471f1381fd326ee735d1ec45920adfbaa8c9e879ab6a99b746dc0cf53c3680776e1666105521548772fd33462440d19295711afccca3b906864dff7a
-
Filesize
7KB
MD5580eb2eeea8460cb399c2d918880da6d
SHA16c98e6bb1bfd739812e1bb550ba02c3406955dd6
SHA2566fd26c02dd7df0efe9b42340b8a90206ea2beea66e294d69278e806882cad7fe
SHA512e6c182cbd18a3a12ff855470fc360163771d1bc823ee81ed621aaf24f099383c5088363b2faa388af10a14447c16f6f54e7fd1f9df5ccfcae9ade376d93aeed5
-
Filesize
1KB
MD5415a2ab45724f8403e9808bdea37b9a6
SHA1b9b6e279252e3e7a142e5ffcd564fe2ae18c2df2
SHA256b690322fe09db16420a6d7e169299c61533f65758d513f62a72e6bd0edff14e7
SHA512069f0827df9679e6e947b077d5cd2f2241a992eef58c44a924fc4dc47e580eb6689d58b84b70b38aa2c111373a6eaeb42dac11f410d2925091f95a2524fb07df
-
Filesize
1KB
MD5fbb6c184db7fb7f87509058638aa2951
SHA17b805bf8b49073e2ea1629f11d130060a267f093
SHA256e748707979fe0d846599c2e112683c096cdf16a382dfd6db4fe5913b07f33838
SHA51225fbb3e484999dd1a2dfcb3498361b225a5bb5cf5e886854e800bac95197bc489d4127a67ad5c9316a7ec4220a5173c661c23dc5b4adb2c473d5e6dfeb16dc5c
-
Filesize
1KB
MD56a97c7a884f5379b61100ee08b39a459
SHA163fd049e8fbe85b5ade6967b4b57818bdc76554b
SHA25645c90055c71700c26ff4784a1ad81a5abf6b49993cff6ca2aa99edbef61393c4
SHA51260d3a4d0f9457c218103c3f40c202c61916319d5029c4d977a06f2cd2835d55ccef76a1b4ed39fec9bbc759f49cc6c3d1bd727cd8da23094df63424cb6173e86
-
Filesize
1KB
MD5328a380facfb72e4010e047dfd4f95df
SHA1fc27aa729b9f9150b26f9355c89885463bacad92
SHA2563aa11d3a7cb5c8d59915f97959214bc99d398bb96f53e7b29e78b6742242e9e6
SHA51261de1d3ae5315e7cf1fab33f982bd60989bc85d50f60743d9f11f3e5ac325859c9685f5690e8dd4207b176eda8f0b30e7ddf6f21ab43a17bbfccfa62f053ef53
-
Filesize
1KB
MD575caf2f8d83cf490125ca64f70dc7505
SHA118a6b46bf7282ff03a79b1d80aa58d18fb6b323c
SHA256709a8207ab023bca7b3bbc8d083ac648857595294a0ed4852d44530fe717fd44
SHA512b7d5a7a9271b319392d5fb1c8373f01ce3f921b21424861f8e0428217306afd5feebe4e422fce00f7ad7a8d1369b9955dc3d9b832cbd36e951ff939d2ba972bb
-
Filesize
1KB
MD514897dbf0d174d2a7caf2f4e4a019248
SHA10d66ab959800647167a5149d5f43b52e310d68cb
SHA2566d59969171fcbc783990aea0b744b25ff530d948c63da715bfac5410a97e0ee5
SHA5129aad13f41c862a74b9b9fba04dfd58b9d0d615ed38df813e00fca4120946b1adca2a233b8c37b0668dde9e0759ad6e218c80f4d1a1f802670348a2b34892fe35
-
Filesize
1KB
MD59c8b951961dea620c7eb1984ddd92474
SHA1942e745c8b2bec20772541a40250f7e13252f75f
SHA256bba25963614684932233968707d86d32f30c22ff88d0b107beed0b0da923be90
SHA5126fcc95a8ef737a45fe12c85b2799ebd41d75121b0f0099e88dcffd4b0c7b9504c18ce565f5c23bb0a25075e5b6dddb73049531550e91cf03675946698774dac1
-
Filesize
1KB
MD5c01e6f42e9519aefe80632309fbf2aac
SHA197837021c92909fd31717cf8631a00d73af013b0
SHA256708d60238ddbc9ef495010b6116800d20afdf88abb4183d2e3fbc7546c61b614
SHA5124fffbf34389bc751f0cca2ff3927294921b3aa658118d02ab687cfd0c32ec77a27c6a6012879c5cf3bfba7434c5c92e2eb8d09e49a6783c2f7faf0318c7aed00
-
Filesize
1KB
MD5366c2a587e977b7c12871bed894c0012
SHA1dbeac894e85ecd1fb395dcae1ce541db2210a2de
SHA25681ede5c780f95f9c7efd839099a2f2d87b83cda62acba79dbb015291ed0b7ab3
SHA51292a033c8cc4f6c3b04c90055f4f8eea635db2f4a8b6c09e780eb32b294c821ada2ab12837d043835a91d1bf840dc2615e5a941fdc43a30536844f0cc3a174b8d
-
Filesize
1KB
MD53df6f149eff9cb3d701bc05d2aa78bd6
SHA1880133f55a488d7989e81092934f5dd072353bf0
SHA2561fee19f75a4d1b17646d2811371bdf1ca26487c3a5a22c73d776aeeb48e7df7b
SHA5122b4dc1438739093964a5c8364ec622f7eb8a1137c131fbd0f9e13793cd1446e005106cc690c1370691c5a47342fc0655dc79bf06200a3b9641367c46a61b8426
-
Filesize
370B
MD54a17187352cf9f39cf5323945b8c2df4
SHA1a1e6a675ae9fc063e4f8d8827ae148aa729cb347
SHA2565ec60191ea5b9d526a43ae1ab56a625d914e967f73cb112a1b25d01f35da598c
SHA512c1e02226c1e479c1e2a0694f41bc279793f205761fddeec6d3832944e49bc17743495629dbcd2c1d2c09c408d62d1f7365223029717033998ae4a266320f1d16
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d003e8b9-b263-4bae-a429-c70ad014ba11.tmp
Filesize1KB
MD542988c236b1224a3a38f89029ab1acda
SHA1e3f42c43ed90b967fd574b20fd2d5a3da016958e
SHA2566111adf0494e6a80f7230258f62d76b46384bc8d5bca7614655a2563e83fd420
SHA51210129b9bc8c53f74717e6ab4452916d97470aef3bde7494a324d530988582f55d4422e8bb183be7832db80c14ac737e60c778d0aae2eaa469a904eb935970d02
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD504e377dcac1e3ccd9d2e3159105607c8
SHA1edf0a24252f6f81a7f94316dadd34e1589239fd8
SHA2563549e574d8b515ae2017fcb34b7807355b0d7857e8e3f22c253aa57022e59764
SHA5129c1a7fe7254ef28fe6eea829c021beba2406f7db7b8da6982f79d539581f199f54f12110ff9f2784050a1d81283888fa719d1593119c4ecf018c10baec9f75ec
-
Filesize
12KB
MD524321f9f0ce764b2cd8c8e236506f9a3
SHA18d6c56f0b4824de5a4f9db6316dc3bdacd904529
SHA2562c2011da076ce7861e4383d63aabd162211a6b3efcc64eb689202a0c6113df1b
SHA5125b8773d2a0eb88a89c0c04838e992d2861f1de2d347a1bd902b5c6640219ea6aa96184b43e4d59f883962984dce469972b6665b240c1e67296766876062d248e
-
Filesize
12KB
MD5b2bbc5d7ec00c50542f452c645f6f578
SHA1f47ffb6c0bcce194e056eb069f772c851d2c11d9
SHA25672f1772d4619359c5032699d7b6ee1644252467c0790904b7d2d175ea03f11dd
SHA512d7678f40f4d18636c54dd6ad20c813bb668d25b589fdc10dfc7adb689a88280a2ba218e27961b955eaaf606d4e945ae1582ca743b835a5bc4c32afa8ad615e76
-
Filesize
11KB
MD5bccecae141bcac5a2fc97b8ea8f84a96
SHA1b6c8974f22ebe2900d80d76c895f83e22b806597
SHA2564866468cae6dea77f3072425f68052a3631a6ba05bc88830f7399add2b9fbb39
SHA5126f5c7f7ca9ac18c1494e18a915feeaf6845e878666eadefce9f67ee4141b9510da7072202b214a1a2a714d791e975e541b249536f6147bb194ff22c20abba6b0
-
Filesize
12KB
MD5bee4450c41f725b70e0129b033691134
SHA13a4db9b789eec1406e4067553d0515fcc49ac7bb
SHA25699b4b8624f69d463cf784f6097a439a27ff158d8b20315786e26208ea80ae945
SHA5123fa857d71649b22c3fea40b55b8b1001acb5a924069275729f73939cd2be9aa482cc7bee77b60ca40b7619ffae6296f902ad0a9c7790259cfb01596a711ce3da
-
Filesize
12KB
MD5ab64d010ab322430e018331f11938a2d
SHA144b09288e1f101789b68db075e7db898ba4d6e40
SHA2569b2ccec9ceb0973998b624cbd8019d2160888fc5bfa51335489ba252f83f66c6
SHA512b885a2db9798f4ddeefe181edeb452a7b9e4b037d41d0d276f026a55bff422702f0b8503bb625d74d0d22b1304d1a619fdb330dc8fe6a8a3faa45c2fa5d92914
-
Filesize
12KB
MD5011bfb38028d4d30f9c2923a83681407
SHA1b243bc9c2f17a61dd0ee9ca5e10d64f703b360d5
SHA256b9534fc7c9273c81231cfc8849522eeff0e34d5682b42e1a75a74ea3b3b9afd5
SHA512fb5e7a394e8c8579b26047e22d5cab09d87173f18762642fc1e11c6f0d04eb4cc467d411e3107bf3b50caa1589b3b34cef2c2114a0b93e84165af320a97ccc5d
-
Filesize
12KB
MD556be5efbd66fd2d515c85b5b5a6e7d4e
SHA18946f39f9206fc939ce73e5f408d69d9dbc8d2b7
SHA256aed2c895bf5106ce33f3386f90ca64dfb1fffb545a53941d181039e7b4784850
SHA512ffe87fcc502c4ae05583d9d2d30160c467d965aca673125063096053c002c6d4166fbc488c0876a8d551087dcc026806df890444b18720373786d58d7e020c34
-
Filesize
12KB
MD53fc3f9c62648b08f674f6af8fa455b16
SHA1d8668123a20f6c0b457786c3da8b21c48d911d12
SHA25605048ec728eccfc325ab431e3b445415feae5c49efae4aba18776ff72935780e
SHA512734d74d3f135321a3f21db30a7c81cef9897707f28586cec7189a67253fd6f806241dc775cb3f4faf9d130ac1af94b7e0e64687f0fd3a8b190ef5eb097783339
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD5fecf7ae21c6acbfb205af37c1a618e09
SHA153168be368b69b75090bc82dcc08f0bc010c636c
SHA256200f3a35e48fd3ff3168205f4bb67f0b43de03746c059c514f20a057f9639441
SHA5124e8f8c9c7ccb6f8281438b04e478a6e68f6b094bd0019f7769d02af4d860ece4fe676d14d45125ed2cf1885aeaf4f1ca49f8d15c56af3502cedc352d644eaa1d
-
Filesize
245KB
MD5f883b260a8d67082ea895c14bf56dd56
SHA17954565c1f243d46ad3b1e2f1baf3281451fc14b
SHA256ef4835db41a485b56c2ef0ff7094bc2350460573a686182bc45fd6613480e353
SHA512d95924a499f32d9b4d9a7d298502181f9e9048c21dbe0496fa3c3279b263d6f7d594b859111a99b1a53bd248ee69b867d7b1768c42e1e40934e0b990f0ce051e
-
Filesize
38KB
MD53992f464696b0eeff236aef93b1fdbd5
SHA18dddabaea6b342efc4f5b244420a0af055ae691e
SHA2560d1a8457014f2eb2563a91d1509dba38f6c418fedf5f241d8579d15a93e40e14
SHA51227a63b43dc50faf4d9b06e10daa15e83dfb3f3be1bd3af83ea6990bd8ae6d3a6a7fc2f928822db972aaf1305970f4587d768d68cd7e1124bc8f710c1d3ee19a6
-
Filesize
261B
MD5400895b083f950f7fe7b72a4bc624a46
SHA1bd4fde6d0c75be33f309dab4e965f4d5ab6219a0
SHA256bf224d33d257cb7e269693b2e0fc85a2c21a9af31c7c6508ed612f6007c55278
SHA5125e0100ff463604c52d3067936eafeddc6f56711235a11c224230f7e4fa812b8603fc43c61afccee26468575d6761ade17770c9ee287573ee5c2abb6bbe2c988e
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize4KB
MD57aff00e9e6b76e7658bbb1562d5ba986
SHA140e451a2090e0f71aba895fcaff8b9e277beed78
SHA256bfd5239d9d16f861fc48140a38a82d9de45c9eadb3c6c9d421a8875065a6c1b7
SHA512914e0ea162fe3675b97ce9df782f90575ab8df2e8c9e501caf574afbaba95f1f05796da4d86399ca33d1a856ae1f2c8fba8fcd13da0d61bad1d4f4f0d0ef0c4c
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize3KB
MD5313dc738ad4df189259f3b54d43aee75
SHA1113067b483ef592cfd4a27662c27d42f3d5bd34d
SHA2567083bf0af770db74487efc2dddaf9151559d8d8e67cc582e0d913553b92f9007
SHA51277d104196e5edaa3313d5712cb096d889e7d53ac46718f54245376c914e4dee29918fe90fc56fea1ee25e798785e464e4fbe6f1acab1a12f9ca5d4008ecc0b30