Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
94s -
max time network
96s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system -
submitted
25/04/2024, 13:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.hyperbeam.com/hyperbeam-next-0.23.0-x86_64.exe
Resource
win11-20240412-en
General
-
Target
https://cdn.hyperbeam.com/hyperbeam-next-0.23.0-x86_64.exe
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 9 IoCs
pid Process 868 hyperbeam-next-0.23.0-x86_64.exe 4060 Hyperbeam Next.exe 1356 Hyperbeam Next.exe 5100 Hyperbeam Next.exe 896 Hyperbeam Next.exe 2356 Hyperbeam Next.exe 4908 Hyperbeam Next.exe 240 Hyperbeam Next.exe 128 Hyperbeam Next.exe -
Loads dropped DLL 12 IoCs
pid Process 4060 Hyperbeam Next.exe 5100 Hyperbeam Next.exe 1356 Hyperbeam Next.exe 1356 Hyperbeam Next.exe 1356 Hyperbeam Next.exe 1356 Hyperbeam Next.exe 896 Hyperbeam Next.exe 1356 Hyperbeam Next.exe 2356 Hyperbeam Next.exe 4908 Hyperbeam Next.exe 240 Hyperbeam Next.exe 128 Hyperbeam Next.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\N: msiexec.exe File opened (read-only) \??\Y: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\I: msiexec.exe File opened (read-only) \??\J: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\L: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\W: msiexec.exe File opened (read-only) \??\X: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\P: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\O: msiexec.exe File opened (read-only) \??\V: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\H: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\A: msiexec.exe File opened (read-only) \??\E: msiexec.exe File opened (read-only) \??\U: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\B: msiexec.exe File opened (read-only) \??\G: msiexec.exe File opened (read-only) \??\K: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\S: msiexec.exe File opened (read-only) \??\T: msiexec.exe File opened (read-only) \??\Q: msiexec.exe File opened (read-only) \??\M: msiexec.exe File opened (read-only) \??\R: msiexec.exe File opened (read-only) \??\Z: msiexec.exe File opened (read-only) \??\L: msiexec.exe -
Drops file in Windows directory 12 IoCs
description ioc Process File created C:\Windows\SystemTemp\~DFC875D561ECA9B905.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF80C856F20D8E74BC.TMP msiexec.exe File created C:\Windows\Installer\e57ea31.msi msiexec.exe File created C:\Windows\Installer\inprogressinstallinfo.ipi msiexec.exe File created C:\Windows\SystemTemp\~DF71C8E13AA20A6DFD.TMP msiexec.exe File created C:\Windows\SystemTemp\~DF529A0DDA83DA18EE.TMP msiexec.exe File created C:\Windows\Installer\SourceHash{9DB21511-88FD-42CA-AC0B-2CB98681DC1F} msiexec.exe File opened for modification C:\Windows\Installer\MSIED6D.tmp msiexec.exe File created C:\Windows\Installer\e57ea33.msi msiexec.exe File opened for modification C:\Windows\Installer\e57ea31.msi msiexec.exe File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log msiexec.exe File opened for modification C:\Windows\Installer\ msiexec.exe -
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters vssvc.exe Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000d3c83030a7acbc3d0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000d3c830300000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900d3c83030000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dd3c83030000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000d3c8303000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 vssvc.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 8 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\ = "URL:hyperbeam-next" Hyperbeam Next.exe Key created \REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\shell\open\command Hyperbeam Next.exe Key created \REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\shell Hyperbeam Next.exe Key created \REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\shell\open Hyperbeam Next.exe Set value (str) \REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\hyperbeam-next\\Hyperbeam Next.exe\" \"%1\"" Hyperbeam Next.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-801765966-3955847401-2235691403-1000\{532AEB1F-638C-4E7E-B6C5-06E703E9B0AA} Hyperbeam Next.exe Key created \REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next Hyperbeam Next.exe Set value (str) \REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\hyperbeam-next\URL Protocol Hyperbeam Next.exe -
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C Hyperbeam Next.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 Hyperbeam Next.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e Hyperbeam Next.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec5290f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae474040000000100000010000000acb694a59c17e0d791529bb19706a6e420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 Hyperbeam Next.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef453000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e Hyperbeam Next.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 5c000000010000000400000000080000040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f19000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 Hyperbeam Next.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 0400000001000000100000003e455215095192e1b75d379fb187298a0f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b06010505070308530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c99140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b1d00000001000000100000006ee7f3b060d10e90a31ba3471b9992367f000000010000000c000000300a06082b060105050703097a000000010000000c000000300a06082b060105050703097e00000001000000080000000000042beb77d501030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c190000000100000010000000a823b4a20180beb460cab955c24d7e21200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 Hyperbeam Next.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob = 5c000000010000000400000000080000190000000100000010000000a823b4a20180beb460cab955c24d7e21030000000100000014000000b1bc968bd4f49d622aa89a81f2150152a41d829c7e00000001000000080000000000042beb77d5017a000000010000000c000000300a06082b060105050703097f000000010000000c000000300a06082b060105050703091d00000001000000100000006ee7f3b060d10e90a31ba3471b999236140000000100000014000000607b661a450d97ca89502f7d04cd34a8fffcfd4b620000000100000020000000ebd41040e4bb3ec742c9e381d31ef2a41a48b6685c96e7cef3c1df6cd4331c990b000000010000003000000047006c006f00620061006c005300690067006e00200052006f006f00740020004300410020002d002000520031000000530000000100000040000000303e301f06092b06010401a032010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000068000000306606082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050508020206082b0601050507030606082b0601050507030706082b0601050507030906082b0601050507030106082b060105050703080f00000001000000140000005a6d07b6371d966a2fb6ba92828ce5512a49513d0400000001000000100000003e455215095192e1b75d379fb187298a200000000100000079030000308203753082025da003020102020b040000000001154b5ac394300d06092a864886f70d01010505003057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f74204341301e170d3938303930313132303030305a170d3238303132383132303030305a3057310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613110300e060355040b1307526f6f74204341311b301906035504031312476c6f62616c5369676e20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100da0ee6998dcea3e34f8a7efbf18b83256bea481ff12ab0b9951104bdf063d1e26766cf1cddcf1b482bee8d898e9aaf298065abe9c72d12cbab1c4c7007a13d0a30cd158d4ff8ddd48c50151cef50eec42ef7fce952f2917de06dd535308e5e4373f241e9d56ae3b2893a5639386f063c88695b2a4dc5a754b86c89cc9bf93ccae5fd89f5123c927896d6dc746e934461d18dc746b2750e86e8198ad56d6cd5781695a2e9c80a38ebf224134f73549313853a1bbc1e34b58b058cb9778bb1db1f2091ab09536e90ce7b3774b97047912251631679aeb1ae412608c8192bd146aa48d6642ad78334ff2c2ac16c19434a0785e7d37cf62168efeaf2529f7f9390cf0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e04160414607b661a450d97ca89502f7d04cd34a8fffcfd4b300d06092a864886f70d01010505000382010100d673e77c4f76d08dbfecbaa2be34c52832b57cfc6c9c2c2bbd099e53bf6b5eaa1148b6e508a3b3ca3d614dd34609b33ec3a0e363551bf2baefad39e143b938a3e62f8a263befa05056f9c60afd38cdc40b705194979804dfc35f94d515c914419cc45d7564150dff5530ec868fff0def2cb96346f6aafcdfbc69fd2e1248649ae095f0a6ef298f01b115b50c1da5fe692c6924781eb3a71c7162eecac897ac175d8ac2f847866e2ac4563195d06789852bf96ca65d469d0caa82e49951dd70b7db563d61e46ae15cd6f6fe3dde41cc07ae6352bf5353f42be9c7fdb6f7825f85d24118db81b3041cc51fa4806f1520c9de0c880a1dd66655e2fc48c9292669e0 Hyperbeam Next.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 Hyperbeam Next.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 Hyperbeam Next.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e4030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 Hyperbeam Next.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 644245.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\hyperbeam-next-0.23.0-x86_64.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 1796 msedge.exe 1796 msedge.exe 236 msedge.exe 236 msedge.exe 5108 identity_helper.exe 5108 identity_helper.exe 1656 msedge.exe 1656 msedge.exe 4596 msedge.exe 4596 msedge.exe 848 msiexec.exe 848 msiexec.exe 4924 msedge.exe 4924 msedge.exe 5040 msedge.exe 5040 msedge.exe 5916 identity_helper.exe 5916 identity_helper.exe 3776 msedge.exe 3776 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
pid Process 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 3780 msiexec.exe Token: SeIncreaseQuotaPrivilege 3780 msiexec.exe Token: SeSecurityPrivilege 848 msiexec.exe Token: SeCreateTokenPrivilege 3780 msiexec.exe Token: SeAssignPrimaryTokenPrivilege 3780 msiexec.exe Token: SeLockMemoryPrivilege 3780 msiexec.exe Token: SeIncreaseQuotaPrivilege 3780 msiexec.exe Token: SeMachineAccountPrivilege 3780 msiexec.exe Token: SeTcbPrivilege 3780 msiexec.exe Token: SeSecurityPrivilege 3780 msiexec.exe Token: SeTakeOwnershipPrivilege 3780 msiexec.exe Token: SeLoadDriverPrivilege 3780 msiexec.exe Token: SeSystemProfilePrivilege 3780 msiexec.exe Token: SeSystemtimePrivilege 3780 msiexec.exe Token: SeProfSingleProcessPrivilege 3780 msiexec.exe Token: SeIncBasePriorityPrivilege 3780 msiexec.exe Token: SeCreatePagefilePrivilege 3780 msiexec.exe Token: SeCreatePermanentPrivilege 3780 msiexec.exe Token: SeBackupPrivilege 3780 msiexec.exe Token: SeRestorePrivilege 3780 msiexec.exe Token: SeShutdownPrivilege 3780 msiexec.exe Token: SeDebugPrivilege 3780 msiexec.exe Token: SeAuditPrivilege 3780 msiexec.exe Token: SeSystemEnvironmentPrivilege 3780 msiexec.exe Token: SeChangeNotifyPrivilege 3780 msiexec.exe Token: SeRemoteShutdownPrivilege 3780 msiexec.exe Token: SeUndockPrivilege 3780 msiexec.exe Token: SeSyncAgentPrivilege 3780 msiexec.exe Token: SeEnableDelegationPrivilege 3780 msiexec.exe Token: SeManageVolumePrivilege 3780 msiexec.exe Token: SeImpersonatePrivilege 3780 msiexec.exe Token: SeCreateGlobalPrivilege 3780 msiexec.exe Token: SeBackupPrivilege 2496 vssvc.exe Token: SeRestorePrivilege 2496 vssvc.exe Token: SeAuditPrivilege 2496 vssvc.exe Token: SeBackupPrivilege 848 msiexec.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeTakeOwnershipPrivilege 848 msiexec.exe Token: SeBackupPrivilege 4848 srtasks.exe Token: SeRestorePrivilege 4848 srtasks.exe Token: SeSecurityPrivilege 4848 srtasks.exe Token: SeTakeOwnershipPrivilege 4848 srtasks.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeTakeOwnershipPrivilege 848 msiexec.exe Token: SeBackupPrivilege 4848 srtasks.exe Token: SeRestorePrivilege 4848 srtasks.exe Token: SeSecurityPrivilege 4848 srtasks.exe Token: SeTakeOwnershipPrivilege 4848 srtasks.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeTakeOwnershipPrivilege 848 msiexec.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeTakeOwnershipPrivilege 848 msiexec.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeTakeOwnershipPrivilege 848 msiexec.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeTakeOwnershipPrivilege 848 msiexec.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeTakeOwnershipPrivilege 848 msiexec.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeTakeOwnershipPrivilege 848 msiexec.exe Token: SeRestorePrivilege 848 msiexec.exe Token: SeTakeOwnershipPrivilege 848 msiexec.exe Token: SeRestorePrivilege 848 msiexec.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 3780 msiexec.exe 236 msedge.exe 3780 msiexec.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe -
Suspicious use of SendNotifyMessage 26 IoCs
pid Process 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 236 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 5040 msedge.exe 4060 Hyperbeam Next.exe 4060 Hyperbeam Next.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 236 wrote to memory of 3232 236 msedge.exe 78 PID 236 wrote to memory of 3232 236 msedge.exe 78 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 3836 236 msedge.exe 79 PID 236 wrote to memory of 1796 236 msedge.exe 80 PID 236 wrote to memory of 1796 236 msedge.exe 80 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 PID 236 wrote to memory of 4916 236 msedge.exe 81 -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.hyperbeam.com/hyperbeam-next-0.23.0-x86_64.exe1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:236 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe43213cb8,0x7ffe43213cc8,0x7ffe43213cd82⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:22⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵PID:4916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5816 /prefetch:82⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:12⤵PID:2472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6048 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,4735098707403430858,17649022221018465938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4596
-
-
C:\Users\Admin\Downloads\hyperbeam-next-0.23.0-x86_64.exe"C:\Users\Admin\Downloads\hyperbeam-next-0.23.0-x86_64.exe"2⤵
- Executes dropped EXE
PID:868 -
C:\Windows\SYSTEM32\msiexec.exemsiexec.exe /i C:\Users\Admin\AppData\Local\Temp\hyperbeam-update.msi3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3780
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4664
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1492
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:848 -
C:\Windows\system32\srtasks.exeC:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:22⤵
- Suspicious use of AdjustPrivilegeToken
PID:4848
-
-
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious use of SendNotifyMessage
PID:4060 -
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1468 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:23⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1356
-
-
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --mojo-platform-channel-handle=1888 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:83⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5100
-
-
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --app-path="C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2212 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:13⤵
- Executes dropped EXE
- Loads dropped DLL
PID:896
-
-
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --mojo-platform-channel-handle=3368 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:83⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2356
-
-
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --mojo-platform-channel-handle=2768 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:83⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
PID:4908
-
-
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --app-path="C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3644 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:13⤵
- Executes dropped EXE
- Loads dropped DLL
PID:240
-
-
C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe"C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\Hyperbeam Next.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\hyperbeam-next" --app-path="C:\Users\Admin\AppData\Local\Programs\hyperbeam-next\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3780 --field-trial-handle=1692,i,12838325952486257092,6879380903466977635,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:13⤵
- Executes dropped EXE
- Loads dropped DLL
PID:128
-
-
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:2496
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004F8 0x00000000000004FC1⤵PID:1032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5040 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe43213cb8,0x7ffe43213cc8,0x7ffe43213cd82⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:22⤵PID:1728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:82⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:12⤵PID:5316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:12⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵PID:5516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:5588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵PID:5772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:12⤵PID:5356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:6004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:6024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:6040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:12⤵PID:6048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,3079517242586522685,12589699756239959397,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵PID:6056
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2036
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5164
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12KB
MD5e818f455442ff4197434e6e9c5fcc001
SHA1ee2323906c332eefb68ae2de2232c2629444126f
SHA2567c936702a581710cb8bef5bdec1f24789588f91cea65109d47b6f80fdf791a60
SHA5129f05e844191a014f3dc38ccf4968d1ba6e186e81c8e54616a846f6c5e2ee649a2709282c9c78c4333b25039e92c4c9a1eea18c3e0afb5cd33c515542117be343
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\03B6193231D6872FDA0CFE8EF2B47341_E9D4B4114707FC30CBF47828A387B70D
Filesize727B
MD5d0752a4be553237d2caf973dc76ade5d
SHA1b0dad7b2c7442136aac12d1634ddec4ac432c4b1
SHA2565a217710e5643445dbad3f56d1b48687c9e65fdfc9dd0de6c6d62e6986d34f90
SHA512025014cf9b2f5fb8973344d8792de58c072a293849bd3b7be09324c106fa3e2fa717889da8ea5b579ab30b73ff337baf41ab616beb9ec2e2bdf3dd94a89b78b4
-
Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize471B
MD5efc2eba5cc610f87c4e8cc2ef9f92962
SHA11eaab9628b7f40d03c952b6a7c01e52b084322d8
SHA256213ab5fd8aa3e8ce44af269cf8830e774f34865b845e4d1fb959a7909ecd4c87
SHA51225490954f1fb51de5e7008a28d5a3b9bcbed3c233c517fa20f48a34c84596714398251b8d3ae8ab700b97928b9aa220db51836c9918524cbe9858cdbd457f150
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_B60E2B15CE7688A988CAACF7F569B2DE
Filesize727B
MD58a140154cc91642713e36125614245da
SHA138c1dace3c2b2c3e86b58acfe570e99989a01b83
SHA25651bfea9584851d2a7c087151d98e1cda5102f795851650d65dbabbe53ccf1079
SHA51272e03cb8819b094732768fe88bccf9e52526ea108447708360b3aeae3d1c72fcec1da22d15245784f4032fe2a6024107da9e11e1f01d78da4e5584767d607b3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\03B6193231D6872FDA0CFE8EF2B47341_E9D4B4114707FC30CBF47828A387B70D
Filesize412B
MD535e1493f1d8314f10accb0329db3f418
SHA1161f96adc2f968001b5e4c915464e706554a5f5b
SHA256275d86a606119d60d55dc10778107abd366767668281d56a98ca7cbe5c53cc10
SHA512ec3b3868f4dbe23d817c71436ad230af1ded7c44c5812d416b2488b0fc586cb567fa44b152e5bb24dee17cca9f3ed059578fc176fb3f80d156e84cf2798ef675
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize400B
MD50a8cedbd14ddea8316c73afb22be7575
SHA127ab54b5a8a9cdb4b89baac9880b206b870e0f5f
SHA256f84e9adeb6ebaa6b551598c4180ae71a991fab2dccb5d77a4ef08d7bb3390b9c
SHA51280bfa30b4b0bb49c72eada0adcdc312952a7654ae541bdec15be136a8d583f2f19e8236809b6ff290c0926c96e1bd25f3cba81472e85d61d73a94e1dbcd47bb9
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_B60E2B15CE7688A988CAACF7F569B2DE
Filesize412B
MD56bd33d4053a68abfd86475386b408afc
SHA16ec4403e261cbf8fbefd69f0c19b213df4c17737
SHA2564eb5e5efbd9b7884f7317455c5f9352fa1c486bfe17112f6aed536e895f0b3e9
SHA5125d4336af649b441dc125704e56227d9cab0bc66763c8cbcda512811d9bafef8e9ad9ae16d976c4b1999245d0d7c5e0a9d5ef65f1168009e5a21b45b81eb35746
-
Filesize
152B
MD554caf18c2cda579e0dad6a9fc5179562
SHA1357d25de14903392900d034e37f5918b522e17c9
SHA25628d77529de92eb605d8afee0e133a7d08e13d4386e5e38d63e2da34623eaad6b
SHA51288da5a33df9d82408afb8344ec7dbaf7686435fdb55eccfb85d5560f39861e84cef5d71949d5efe7a191778e6be755a8448f3fc3d7043007037f9f5227e10210
-
Filesize
152B
MD5696ffba7b83ecf008523e96918f200d9
SHA1970d90e22c8b3674fc33cdd1913c51ef28514255
SHA256dc6dacd725d7385b2e4db1f488d93f2840d2289efdaaf3737849304d1ab9ba34
SHA512f8528683b70b58376f3eba3338fa6b462c9e9248c72524573005cff6397a0556bdcc2fdc2ebb020ba8218bc8174ba552002f223a245dfe3d3688826d24d63237
-
Filesize
152B
MD5c559881d10df131d96a0fbfd3b648c0f
SHA12239bef56f22dde31c92bcc68481e111b4371e57
SHA25678ea9e5638d8ed0f4a19dce80e15d8a9fb296f6d9c14bcc653f05fbd290f9031
SHA512b5997fa4c6fdb6bd5cfb5f12c55e6384abdfc5b85252ab82ce6d4a84e19e9dac78c33c135522a7b806b51357e9d1038fc49096ab1ccf44e5813f8f96c4a9abef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize792B
MD5dfeba6f7effb3889beafc847e2570465
SHA18ccff2add0e9e5b5d253155ac55e9162b2733c35
SHA256c8553fa416876b5329f5563dc0dab562adf8d083310d0c866d27a6f50ef0c27a
SHA512c92175210f1efa189ec50e1ee76102e5c6e90d36c76f83cfa5fa0e299a38d3396289a7c9dc747e3059ac496921cadacf353a51f0980cdc08afcea709307006f4
-
Filesize
185B
MD5e08e7aa7a19056a722b6de7ea6f0c27f
SHA16326de4ff5aa2036a32df5c10313bb313567554f
SHA256c57234e953c801068e2f5492b281916432664a547469c21a583b36f95ef2275a
SHA512d4bc384d1899a6f38b0f4481ab074690be8c5b5163b156a322975f62b26edb6e82396f4d368399ca42cf0a220b87e429e9c4d41aa65a36e5f220f0d21af94098
-
Filesize
8KB
MD546e60e5efcd2968ab0239254aa36b6c7
SHA15c2152344476c9f4aeede157b05c28015a47e365
SHA25663f39351678a62c9f40c5bbc0ef577ba29b296e5bb473d7b0a8cbf605c3c210a
SHA5123cd9340667764cbb15053397e0248ff5329ca7eb80ac163e9d2cea3c6027cfd10d11c66778f1d4018deada93908fd8469d7786858be6677732a651761abe9cdc
-
Filesize
5KB
MD54af48b0f0b45930027ee6b0a32447d00
SHA168ccd02457526d0c562c7c2287618fac0f544519
SHA256c561fc93a135e66df612d7cd1cccb7f67567dfd2537c7c34874478b2158a6e93
SHA512fffcecf9c9015e66da7872b4e4220b5f1d2b7cf2b9e8fa95d14d9ff0f3c34bbb11b497786474689f828301c7e7ad24a9b67bf0999cbea6f92ec02add4d2bdf45
-
Filesize
6KB
MD55cee63f40ea5f2d8bbb607182f4a37b3
SHA17970d3ac70d4e7ca65da4335548a48b7906ccff4
SHA2560a43a014580b9237884da4c48e31208f953a4c2c2169bf1252a773ef996ba381
SHA512113d528448a63d14041e92582fea5ba2cf137623a74d503e8c53d39fe60f9df3d9769c7549398b4fbaf1e0bb9074e83ac53fb4eb7d72de58e6cf22e7b8f157d2
-
Filesize
5KB
MD5ac99054a88a20bbabaf1d9483cce5bbd
SHA11534b7a159010af0d63a9e02fafdb0f529c05b5c
SHA256b25138625ac18d2cc3c4cf2b2083616769a6543f007a3fdf6571a01c32c62f24
SHA512917e1e5c3413f9ff6bd6a503ca97c249c6962e7b44028b3f979c721092918f8e3fa2ea705de385013600fa18d934bbed529628d36d02d9567039b6c009caae9e
-
Filesize
5KB
MD5257448f05dcf6458b8d299b55f21c786
SHA13d2c4e63f99f445eb68a262647a6617a87b03584
SHA256cc114a5dfd8141ad89dfc6814e777851857e6d76edd44bf1e05c2d9fc98d4402
SHA5129c3b51dc6bb4738e338f5b203e2ae66346089a244a3f0e3decc07bda4d97bd9d4c265c091054a115ea48de99d435cca2cdb4d487434ce2787af2a2640a845d94
-
Filesize
11KB
MD56e7d9c3041fea8da279acef61e96f963
SHA1e2bd556b4907b23ce9c3c9cb4515a4d831b3c5c5
SHA25690e4f6ccc01194fc6ab8a83d15acd445d655577247776b695af97606bc9734e1
SHA5122e9157f65cda591efe0f20d3178072e06edd0c07180b609984094baec76a46db48808b4606730dc38ba42ff58d7ddbb1adf05a389e4d5a699d09ac01a6496430
-
Filesize
11KB
MD5fb847cc5c717784155f26fdb3260a173
SHA1ad3a204199fce467ff9d1cbe8dfbaf0198cef14a
SHA25602b9a89c218e48c5eb7357076ce00ac0e5e716649c309c70ebcbf7087b9e7ba1
SHA5128686775b8692e58e0f0c642b82c18ed57ba72faf1251b06f46081adb70bc40c30cfd154cdde7287d6590b565be1355e809a71c06f058105ccd5e7b705215f450
-
Filesize
11KB
MD583f01e9d67c1fb764d9dd99a95bfbe8f
SHA10bb2cef981468872805af64e9c9071410dabacce
SHA256089a4652d3cefefa26fa6c71e1f9fb8d21b914c98a74121d6b8dca7c6513ed4c
SHA5124d30b7d86e918bb9096dc6b45c9649c139c10cbc349aadc7e023221ff6b6dff1544f4c87535dd75ad21a8119174711efe38a5af6c7c6a78525b0e9eaa0c32534
-
Filesize
5KB
MD58015e3ba9cdc6e20cef3b730759db097
SHA189ce61ccf0fe14ed5ea0269384e39932f6edd1bb
SHA256d56c5bc5e239bc2dd12038b57d88d42d6564ab232f158aa5e934c97b611b6ecf
SHA51223ab092093cfb752b6f97240f7bc82d0f6cff5e1be833fe310efa98f57965d1d4a28998fb06ca3893ae2d4b3572a20110a9f5e51516c7758ff43853d0a5bb320
-
Filesize
3KB
MD552ef6e6f850ed193eef2cb648ac1c49e
SHA1c6e2d1ab3395f52039a14724c4ba9f3a8dd633d7
SHA256a2dfdd51192696a9a1da4e1b9185fda8dcdd1533e498f932d94d95d21a7f54bf
SHA5120690b7f6a64508ea215502fff0fb5e79fe398248ff9f9b78c02dc24c2a7a8c43fdb63bfb7c30e0a0d0341e2b9b1fe78564ec2d47314bc31c2f1f07de47cfc6af
-
Filesize
3KB
MD50d866a4c59e0cfe4226b0b7717a399ce
SHA18ca5a6275f91e9b04151b46470fcf36954ad38ea
SHA2561161a95d503ce58bd6e74a58617267644b051c7aa1e290b281d0b03ef3b6cda3
SHA512d9fbe52d92a02d00eae87f8f5bbd407b814840bee814663b37ca4854951cba3ba7eaff0fc934a0ad97d5765b7383c849273bc867018d24cf2dff44ba3ebd6029
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
Filesize
11KB
MD5e4209517531229a7b9cf7e411d17113c
SHA116e44e5d4c2807f7b223188e540638e5dcffcca8
SHA2563bec290be4d29aeb9b9479195831d43aae3d8f39ded07176a2b08bb0aae2b3bf
SHA51286b4f7586f716b9070313a260b6e1a3259b61403bf3c97d0e9af790a415e0ef2200a049b9894d5e6fa0e85f6baa68714baa8daca49af58fd242425b4849deb3a
-
Filesize
11KB
MD54bf71622dcc7cec29e6326637d6779be
SHA12e3866dc7e3324c643a881126025e2d0c709186b
SHA2568a38a9fb2ba4c036e447c82fdd69598ec8b2c3d38cb236a3290f95582daaecdd
SHA512e61805145d774bdcbf32d64630b69b8f9c8fe7b4323f12178fab67d3ccd22fe07c37830e718094ee0daea75089e6475f6b2d9b39d8ef75a3b43196b7c600e839
-
Filesize
11KB
MD5af1e8e309acbdaa7b315563533429e15
SHA172d7b60d3f78753e63607403a1608aa73c27d893
SHA256369bfbc7e9b606fd765d371a51b1f5bb705a90312757223f5314a7aa61d00fca
SHA5126996846119ab99726a4a4751c6f60bbe71a9a4ee55188c4120486c753bd5da4355274fb1a83651b15d65738f6e631cceb45576d6989651e5b7bffb455f2d5850
-
Filesize
11KB
MD51eaff08fc0ad3b69e73bd0e98e6048c8
SHA12fe590f76401ac108048ede9308a0ac175838298
SHA256ec1b0d8a6e7bc4cb408ddc0385608ee29ac78583a04520fa23a367ccb6f54e50
SHA5125d0ae53810574da2d29352dc1796b632406214eadbf1ebb349cda7614d12781426ee1e0869bd13fc0ca92992b780248e6f6c69a65339305b86e8b03d7a904ea0
-
Filesize
11KB
MD5bedc8908809a79d80a58bb06ff13f2ac
SHA1f5ea1f64cf8c911751053f3ae10e77b7c98d3db6
SHA256b15936a4c377cc84b4c3eb2d647f32ffac6ff678faf8a2e065ae930cb22455fa
SHA512e61d521886c2148bc48758f6fff6aa37311259fcb974455db8a209d59dc89701093a611670cba322fc4f8aaab1e8e2c1953638e474851fff67b0642f1d5d2b1a
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
150.4MB
MD513065ae8efed20a7241407626f482523
SHA17f833a6d32b99af2649b242027692cd66d613c9a
SHA256650580d7bcfdb1059017b3132f6bf96104e6b297f01021d580e6a6a2a3248553
SHA512182b631777ec5da1d91a288aec254fd76fd21851268f90d8d495eadf2cbf74db545580011a2d47662a2a616b665cbb94176d34616f8bf7232787ece929c4d2ae
-
Filesize
126KB
MD5d31f3439e2a3f7bee4ddd26f46a2b83f
SHA1c5a26f86eb119ae364c5bf707bebed7e871fc214
SHA2569f79f46ca911543ead096a5ee28a34bf1fbe56ec9ba956032a6a2892b254857e
SHA512aa27c97bf5581eb3f5e88f112df8bfb6a5283ce44eb13fbc41855008f84fb5b111dfe0616c310c3642b7f8ac99623d7c217aecc353f54f4d8f7042840099abc5
-
Filesize
175KB
MD55604b67e3f03ab2741f910a250c91137
SHA1a4bb15ac7914c22575f1051a29c448f215fe027f
SHA2561408387e87cb5308530def6ce57bdc4e0abbbaa9e70f687fd6c3a02a56a0536c
SHA5125e6f875068792e862b1fc8bb7b340ac0f1f4c51e53e50be81a5af8575ca3591f4e7eb9239890178b17c5a8ff4ebb23719190d7db0bd8a9aa6dcb4308ffa9a34d
-
Filesize
4.7MB
MD5acd6b0203f280db8039d8d5a282d5f54
SHA119876e45b62dbfb7b819224a453ee315cde6c39d
SHA25663c0753fc114761caf06aed16c470d4813a2ec278d468edcc972d0e35e01cf9b
SHA51240a60059a28aaea49496428245ccb6f2a7b5a020d263f89cabe1aec517c46dc886d872ce9bccdf605ece144414a469d7b74edbf5529eab926469f462b4a57d3b
-
Filesize
2.7MB
MD51ce2f0b2078c2d9bd2f5ae284355f39b
SHA112313b090b1b7f01c808b53a35267d054ebdf743
SHA25620346e4c06c537bc04d7f88e283435e5b5a757b4aba2b76858ba5e4bbba387f9
SHA5125668b07fdfc43c3c4017d2ae591772f46f0ea81273236b619bbca809e979e40ddc2872f3c1ebb61bc48d6281559963002062d8435414e118f948d75fcdff746b
-
Filesize
10.0MB
MD576bef9b8bb32e1e54fe1054c97b84a10
SHA105dfea2a3afeda799ab01bb7fbce628cacd596f4
SHA25697b978a19edd4746e9a44d9a44bb4bc519e127a203c247837ec0922f573449e3
SHA5127330df8129e7a0b7b3655498b2593321595ec29445ea193c8f473c593590f5701eb7125ff6e5cde970c54765f9565fa51c2c54af6e2127f582ab45efa7a3a0f6
-
Filesize
491KB
MD502def381b8a017f3afd068fa2534d526
SHA11313d078f630afc3f22d128fd6a674d25f93d396
SHA256fde661ec7b9a2f6ff0aa62d34f39cd8d76573cb6740bf8edc8fe59f32f983c89
SHA512dfc486e18bb6a22bd942a7f0182e1d5fe320810b16a99eaeb5708db5ffd6dc0b12ae9c528a6efdd137a724ab018d54bf9a8dc5d9b67b7be6bef8f853c3bb1e03
-
Filesize
7.2MB
MD58df4c8d7c4876fd3f78ffbbefed8bdcb
SHA10d65e3e9d8d0b8a80a8fe481b5130faf924643dd
SHA256b9e515aef3e4f29ebd133c8024bbd83503534750bf26635327f11be5b00395a9
SHA512fac0996a61354322115476e2ffd79ffef85dbdcf33f477e06b7f865b3ceb94f6e1c6a08d8ba7141dd75725696081fa338b0ea656eefb15c41aca4cc85292436c
-
Filesize
313KB
MD53f6f4b2c2f24e3893882cdaa1ccfe1a3
SHA1b021cca30e774e0b91ee21b5beb030fea646098f
SHA256bb165eaa51456b52fcbdf7639ee727280e335a1f6b4cfb91afc45222895b564f
SHA512bd80ddaa87f41cde20527ff34817d98605f11b30a291e129478712ebebe47956dbd49a317d3eeb223adf736c34750b59b68ad9d646c661474ad69866d5a53c5c
-
Filesize
5.1MB
MD5f5ab76d2b17459b5288b6269b0925890
SHA175be4046f33919340014a88815f415beb454a641
SHA2564f29587bcd952de1dbc0b98df0aa506bd9fcf447e6a7258c5eb7e9eb780e6d6c
SHA5126ec6a08418743adb5e20218b73169be4f45f5458592219497c3718e620e37871876788937418f1341e0023c1137f9cac715e6bb941f4690febdda993b072feab
-
Filesize
211KB
MD5e5dc9a5815bf5262bf967d030946e225
SHA174d034dd08586d0e33800ed8f40facd2596de456
SHA256df2a5c07518f76f50443bf30dcfa3ea0cd6c512e7518f6e7709e2d8f46a29c64
SHA5122812b79d18be202c24a6197e3aa0f5bcea363d83bb11129f7a15fb409d897b0f540c612959426a64ff7da3d84810732b0d8fcf6e4d7b7c84ea8aabc1ebbc9086
-
Filesize
471KB
MD56503b392ac5c25ff020189fa38fbaecb
SHA150fb4f7b765ac2b0da07f3759752dbc9d6d9867b
SHA256add78f3f85f0b173cbe917871821f74c5afe0a6562462762b181180d16df4470
SHA5129c12fff1686845a2c0b43d35a8572f97e950f232f1ce5690fd1212f48c171edbcc5d725754f10a66599b0823ac0c995c7212e263b7e02ea0ed9f2d2b937fa760
-
Filesize
4.9MB
MD543a4e5190ab46e1cc556addc0974839a
SHA1986785e536cbf6bca4a1bd248d1458b5074f29b9
SHA2567ae1ff8eb4fa6916e110cc0bcad3326b5160e096e662d215a0dfc264db222b30
SHA5127ca55fb2ec0508c17ce4b23c23c3caba7440eef65da93a216a064c107a02c025d3be703b6b84e8b45f42062a4af319768d2126d15425d80427ba69d181501306
-
Filesize
70.8MB
MD58399ee32d530f4b03813835315aa134e
SHA1e5737b899ad81cef33df49e8ec031923c6dac453
SHA2562c297b9e458fd0cfd15d19050c510461719af268d01feccee586b80d2a1be2e4
SHA512cd7ddd089b434b29b6d8fcb9be36fc08755c1df5a87fb7d1169d9c1e0174340a486dfffcadfb2d2ad091233408cf288233ddfdfabd6ed9f182d6df9671fd0329
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
2KB
MD50c158a1b73cf1effa012250131176536
SHA18219e5eb9ca0a1f9421b7f724baa43bc25dff65f
SHA2568adb76866b3de719fa37f35fbab1f03c3407e13e6ccd347818a4bda57f23c6fb
SHA51225109159f12bf343ecb48003ac0c71c6df472e3aad2722d0864c4148836af91f9bfe921bc2c75a829897ad0af0e01da8d3356d4a62ebf2d6727fe3fc76c3af51
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hyperbeam Next.lnk~RFe57f3e5.TMP
Filesize2KB
MD5f6db43d4ba00e4f364360e1a1eef5003
SHA1c1924aa41ed67914f74d8b00d48147dc5a927a5d
SHA256559fa8b2e96eb86fd5811937096ef06f4e77553e6eb38fb233cc5c875b1c8aeb
SHA5120f528a79e3604680b919f2b4ccaba8a9b40b6801c8e58bff9169e709139b6923149b09642d6b875b1dab32123b0f2e370bb20ef20921b3459940ffe0bef390bc
-
Filesize
48B
MD5cfae1a7c573f972dd0d3a7f6be347cf6
SHA1f186366d924c78dafb79604234caf0f0ba9ce45e
SHA25611ad5a7c26d16a19658333afbfef5ff202a7a449eb80f7c8f30862cb8a921329
SHA51289537e049f91e7ea757931d74138af895f728da4394472f7c32a1c53833fb6cd34d21a0a6e6061d70a1a4bf5fd47939bcc39fe80e554639113c1e38d7a6b9f54
-
Filesize
144B
MD53c0e3e33c57df642d95282d9e32f217e
SHA1756e6b4ec93f34f80e0df18d2c0e2616e75193bd
SHA25651535dbb22f3aeaa382df3aa9f8544c9da46f2f0e5fe535328fcf4643d069ca8
SHA51225eb9fca22b94d69e6b49ce0bfcad42e42ce4f0646fca829a3610c3c8defc1777bb99334ea0cbe79267fcb1e9b77aae6aef9f81de035fb9a098d1cbdc596d032
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
908B
MD55361a2ac430427e393851c8080034b72
SHA1d0b9215faa891600ddcd7e575d9c01b4f61509b9
SHA256fa1a321be35ae7e91f06751b2eaa27892929d1b12a44750ca5f8734d5f7fcdc9
SHA5120bf26c6665f41e9d8f7b3dffcc33d40d3a1cdda457045302b5641bbb3a6f4d5196e54367351b204dacc181dd967343951d7e281904abab6419614b0217e90a24
-
Filesize
59B
MD52800881c775077e1c4b6e06bf4676de4
SHA12873631068c8b3b9495638c865915be822442c8b
SHA256226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974
SHA512e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b
-
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\CacheStorage\eaa184395ac3517f162fc872a7db53364ade2d5a\741b25a9-3289-4627-ab62-6c08be05a2db\index-dir\the-real-index
Filesize336B
MD58a03f9a8ab1423ee9adf2a992e4589dc
SHA1b8567ce4111fe21eae3d0f598179ed2eb1f13eef
SHA256aee11d52fd2ff8d9a079e87edefe8951cd995214bbd351ccd85ff1554ef0b954
SHA512a6e9f67e148bcd3d74f0e8ab8d465c78a26389b4df537348b08be2fe25ec430d3ce8057390710833b55f1a02ef2fc7edcbb17f0d8037a0914dd4d41c34f15507
-
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\CacheStorage\eaa184395ac3517f162fc872a7db53364ade2d5a\741b25a9-3289-4627-ab62-6c08be05a2db\index-dir\the-real-index~RFe586378.TMP
Filesize48B
MD5a72f027c3974b3a3434793ce1de02ef3
SHA120f30af0e578bea8dd1004c51eb9ccb10cf8a8bb
SHA256148533686d748278cb1bd6ddc7b19c55eeca86c0003db70f9340c94ab03cb05c
SHA5120bb57efdbad8626bb283b8a8abd30a61599d43653719c61a37a5afd6c155dcd5120a4feebc4bc16f5be706a968869077c2856bff55c9a0089ba20fc25360b92e
-
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\CacheStorage\eaa184395ac3517f162fc872a7db53364ade2d5a\index.txt
Filesize169B
MD591c4f304d40e5d2c7106f995ce56b58d
SHA174de3094311789e959bb06e43d8619ac5dfbff62
SHA2565b273eba6ffdb6fa0eb2dd83360c6b3eaf6506a28493414a66a1c0413f479ab5
SHA5126bc4be6c7b2e4eae4ba10052d806acd55620bcec737cca5c31ed1e303dfd563f2bb43cb15d8616ae135da532ee1005ea559088932021f8dd30235c62224582c9
-
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\CacheStorage\eaa184395ac3517f162fc872a7db53364ade2d5a\index.txt~RFe5863a7.TMP
Filesize173B
MD532125cd277f16edb586ace9310474605
SHA1a27c92ba900e38df2451413c6f241e24ec487ce1
SHA25663f08e0fe056adb662c5921f5aec440238f04f882dd274ea793d738da85bd836
SHA51226e783a2914c32b5bd2e8a7e04f63cd8886316609e0462c2f70e3035d541166307ca432ffb68a35bf6b03cd3b988967bd4ba64a168830576dbceebbc931f4734
-
Filesize
96B
MD58c38e75b2359cc2bfb60ad4b1b9a7808
SHA17167dbf108a12905a3bb294607830cdac3a059d6
SHA256c918bb44fb483d51fe284051d2823b0243d615307e7922e9a3956b2921498ab5
SHA512a85aea8605e996c2f7433f10efd83ff33aded1363e053f10d959315f9bd8692f0f9f5ca5a853ad5ce54b75edbf861ab932f992091269519933245eee4a547d6d
-
C:\Users\Admin\AppData\Roaming\hyperbeam-next\Service Worker\ScriptCache\index-dir\the-real-index~RFe585cb1.TMP
Filesize48B
MD5b8993f822514df5e54c7eabd9f35d077
SHA177e72db4357438c870aec0de65c7a1e068b10e12
SHA256c3ef838d357442828644cdf93339ea4221792d4e0f55280298d2ee74169b31b7
SHA512506d88a8bf2d865969386935aca791dc0e4ae598904fb6e65d975b610d3ef2523c05e9524b7fc4297d36fcad50c80b839ef1b0af13e5a9e4c44a47ec2b15946b
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
71.0MB
MD5f20fd1faee66e13732732694bf587084
SHA1626e20026bc30fc7dc76fb815ccbedae688a1f4f
SHA256b48f27d6c2ee033dd1f96f3e68c94fc87782422377664bbd1c7c2dcf181e9db6
SHA512b3dad4b3f8676651ed263a473b9baab104498a5004c412d3340e1ffc0b66405dea7a9ec7c9dc5a28e655a8467c490445b844a884a7eb12623d1aa2d308b6a6fb
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
12.8MB
MD5b95d8ae32925bf555acbe31a8be5a177
SHA1d6f4a4812e8e28389dac8d65546bd38294d5598a
SHA256f6fd980e0add1b82e93671964f9feab6a510c187092ee458444dca350badb23d
SHA512d60909da5f638454179941d5cf04fe10dcb61e2e8c14eaa5c519a7be8fd21a9f62c7f678724beb0d06894e31a3f326b3a062ecb58b77bce9063a6186ecfbae8e
-
\??\Volume{3030c8d3-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{2865a97b-8483-4a3a-ba64-9b0cddd04454}_OnDiskSnapshotProp
Filesize6KB
MD517888c12f4b55cf4b8066d62a59c5e3d
SHA1d1128cd6c4b0f1f6952e554a667420781fbebd1b
SHA2566b86562b2bc2797a7c22adf1345f88fe9e3cfaa7593ad5cdc3b03febdb59b0a7
SHA51296d59113155779e3702c6a6ae92961a8dec35a57ac25f2d605b53db44c3635e0469c0633f36f7e80d37648aa59caf847b0ab6c0e5615f114cf5ca3e5aeac5cf4