Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
25/05/2024, 01:10
Static task
static1
Behavioral task
behavioral1
Sample
Elsify Universal by FrostChanger.de.exe
Resource
win11-20240508-en
General
-
Target
Elsify Universal by FrostChanger.de.exe
-
Size
18.9MB
-
MD5
e3b560df6cea8b05217e6bd7c5746aa3
-
SHA1
fe7d61e1042f2a5b0e3d44421a06909eb03eb557
-
SHA256
888c6795013781aedce5d8de7225fcd9950dc9d22dd7dd0f347945e70a9a8d2e
-
SHA512
f5f779449e026208d85dda083abc4e2f67333ed475ab7fb96d5d6fa5881eb0b57b7e14120969e8ab38b3491e55b0e7ae04f23d6661d63d6ac2f08c1c43c63084
-
SSDEEP
196608:PwRSn6zKcX4nkYBSIvpd/MpDUnRC0aYWGg+VKc+LoJnPD008WJaST+/8WwRSn6hB:HPSw/Mb0aQHMcR008WOYidtMPD9J
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 3 discord.com 19 discord.com 36 discord.com 38 discord.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{242B6EC7-A7F0-4E80-8C37-3E1DD020F6D0} msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3624 msedge.exe 3624 msedge.exe 4804 msedge.exe 4804 msedge.exe 4484 msedge.exe 4484 msedge.exe 2184 msedge.exe 2184 msedge.exe 2572 identity_helper.exe 2572 identity_helper.exe 3936 msedge.exe 3936 msedge.exe 3936 msedge.exe 3936 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
pid Process 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 2028 Elsify Universal by FrostChanger.de.exe Token: 33 1040 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1040 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
pid Process 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe 4804 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2028 wrote to memory of 4804 2028 Elsify Universal by FrostChanger.de.exe 81 PID 2028 wrote to memory of 4804 2028 Elsify Universal by FrostChanger.de.exe 81 PID 4804 wrote to memory of 4252 4804 msedge.exe 82 PID 4804 wrote to memory of 4252 4804 msedge.exe 82 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 4188 4804 msedge.exe 83 PID 4804 wrote to memory of 3624 4804 msedge.exe 84 PID 4804 wrote to memory of 3624 4804 msedge.exe 84 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85 PID 4804 wrote to memory of 3676 4804 msedge.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe"C:\Users\Admin\AppData\Local\Temp\Elsify Universal by FrostChanger.de.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/api/oauth2/authorize?client_id=1226873004508708906&redirect_uri=http%3A%2F%2Flocalhost%3A5001%2F&response_type=code&scope=identify%20guilds.join2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4804 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9c973cb8,0x7ffd9c973cc8,0x7ffd9c973cd83⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:23⤵PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:83⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:13⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:13⤵PID:740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5048 /prefetch:83⤵PID:4080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4004 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5780 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:13⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:13⤵PID:4176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:13⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:13⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:13⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:13⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:13⤵PID:4484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:13⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:13⤵PID:2708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:13⤵PID:4912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:13⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:13⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:13⤵PID:2756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:13⤵PID:2796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:13⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:13⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:13⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3812 /prefetch:13⤵PID:3256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:13⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:13⤵PID:1296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:13⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:13⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:13⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:13⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:13⤵PID:2212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7512 /prefetch:13⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:13⤵PID:820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7560 /prefetch:13⤵PID:4156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1728,8761660761009932803,12535933569041307175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5480 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:3936
-
-
-
C:\Windows\SYSTEM32\cmd.exe"cmd.exe" /C start https://bstlar.com/A/leanswapperkey2⤵PID:1296
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bstlar.com/A/leanswapperkey3⤵PID:1484
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd9c973cb8,0x7ffd9c973cc8,0x7ffd9c973cd84⤵PID:4176
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:932
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4960
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004E41⤵
- Suspicious use of AdjustPrivilegeToken
PID:1040
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3692
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:4888
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c1c7e2f451eb3836d23007799bc21d5f
SHA111a25f6055210aa7f99d77346b0d4f1dc123ce79
SHA256429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800
SHA5122ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34
-
Filesize
152B
MD56876cbd342d4d6b236f44f52c50f780f
SHA1a215cf6a499bfb67a3266d211844ec4c82128d83
SHA256ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e
SHA512dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039
-
Filesize
51KB
MD5f61f0d4d0f968d5bba39a84c76277e1a
SHA1aa3693ea140eca418b4b2a30f6a68f6f43b4beb2
SHA25657147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc
SHA5126c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD501859503545dff348bba4537e154d987
SHA104338aceb516bd97ec803c1a9077f9933fc4f061
SHA256741530e6f649144333b2bd8dfea48cc74fb97d2726367fb80a33de05677f1257
SHA512e7dc8e024cfac45070371f168d00be8740378a70cf9566054961a055da4ea21fab07b6e745729e90f33477d3a25e6f4a06a524c36949c8d30c13eedf410e415f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize864B
MD5dfebc62d3319aa0bfe35b0f6d066740e
SHA1a3bbf4d43eb80469d7cac4ceb6dd4a3547eb460a
SHA2566ad28391a68ce39fd0e38a108d052e19e635c0637242c038a2e5db6b29aeb6c5
SHA512425ede2e2c758418e083871fc81751f916f91888f1a961c18585c7d2a0da58d21e3b659710f41fbd0e92e20a308e5a7e086d68b350b3dd52a1e2df470005cadf
-
Filesize
2KB
MD5e24aaf2c84a9d48b157781d53e0d134c
SHA1ddd46eab17595c2fc26f9e5f9501d67e563c7ee6
SHA2561205ecb731c0a07ce62ae464d70528decedef908389d38fcd628923fa4614c08
SHA512c9c1ed39e7231b10728d6c15f183ec911078d8db27d1ee2a6be3f6c1844c1ed1d34e9a8c9c2966c5a75dcf50fea1e1a007a05169d4e8324ca08cb06687f70f63
-
Filesize
5KB
MD5933e80c9fedef09164625c50c4048e58
SHA12ad99bd27ff5aa5c43e2301d321b443445a8bd5f
SHA2564ee7a2f2a08da7f84095cdb35918eb118a72d780e1372820633722fbb42f47ce
SHA5128fb3e6241da12f5b504152a4857b4b7f484c58d034fcd7201b868ff5800b8e7f405afee56d7c839dd5d3466c9095449f6f4c296bb456d975cc0ea93abc002e1b
-
Filesize
6KB
MD51d16a955c7faf43167005cb77dafb347
SHA184919d8a9743f530c3e7273da5d39e7d394a916c
SHA25656b99ba1ad20dcbb57536be57c3a18f187b879af949ded78689bb476c255e6d1
SHA512e767e86439de9adc629878ae10b8ee374b54c41ccf9d420517fdf30b2878ae7efcfb4b026a24a8a9932cf20dd8a5c18cdc120261c04679de2b7caa8945b927cf
-
Filesize
6KB
MD53d51cf82de87717296d31a050f11ede5
SHA1d64f1e45ea19a5caeb07a2eb138a3a10927a9a0f
SHA256beab5a16842c5a56fd4c87d3b8f70f4310439606e304cfa04f8a6c8ada337522
SHA51238d514eadd71a331d671d119c08eeecca688862229beb7367130dc8a389eec83dc3d1c1c5f0f34590c31f874e43d1aeb4d2fee368105322ef3298df6db50b450
-
Filesize
7KB
MD52955b1347c9640d80d99835a05809935
SHA1ee99f263740bdc44a2c5f63364b3f9b940ee457b
SHA256747f5b5602aa91342f27e017a62911bc466a009c39771ba1c0477b2731cd71c3
SHA5121846927658c5762f43a3e15648f2daf21794193d0d7f4ce19740012d5e47e3c7f95245b169a75eae15d5bd9078d5828f7ccc6bbb28255c0e4fa5eee80d559491
-
Filesize
6KB
MD57020dddffd0a7fd606ca7f674052325a
SHA1ee62654371f8f38e17176b7eb838c8c167ad94f9
SHA256fb6a496765f4f491cb06f9c0a4d8aae4713a8c3a675756cd37152cd75571ab6a
SHA5120d3cd510471ad478d4bfd75f16efcffcd33e5f3f31aeacb09c54d47c183e4852cdc365d38b32f46f89a9a04dd28cbe84cbaee3ef693cfea32fa1e1157665dd79
-
Filesize
12KB
MD5eb1cbf3b2cf54af9b0cb7188ec253515
SHA159d4dabe36307ecda4f6b6c2959e0748112b92b6
SHA2561e231f2b2006347f966768987e5ffa382c3a7689d5e1340af5c61ed624dc522c
SHA512330015e2108f243ce9a1c2c72e85f46dea532415d2b010a2eb9a2b31f819aa5fadfc4fea89dcf203725c28988c1c964cb91a9634962f1fa578c522941f8117bc
-
Filesize
8KB
MD5c48b25d57ccc3db08db4f36d38341c23
SHA1b6cbc5fa24459665959e2f54e0c8dff74ef8d481
SHA256feb516b392673e3e9645f32795e47d0f50a7000bba373077f2674f2aaeb98878
SHA512d9f2cd46a929961bdd881fb1178dd62c7a0ca98226b222c98f5a53f30f24f116eec8ca0688e208f640ed234ebc2311df66d0c120b4ff86467bd0e1964e497b1b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e52e632e-e1d6-46f7-8f85-427859a95df9\index-dir\the-real-index
Filesize624B
MD5a950c0ce8dc7e3ede15e6bb7cf6fd454
SHA18c223d7ccdc9f4c34e2c448cfaec075cbb1f2540
SHA256131385fb1cbe822c6fc772b7f6762398c79b8abc9393c2bc96ab2e0ec1df2713
SHA5121c4766acf5169379dbd0b7d391a765773f0c434924d5db8c8505b37ab073fb3c86dec2853147c1f4f3b5ac3671f3b62479d78158e577b9379bef622fc63336a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e52e632e-e1d6-46f7-8f85-427859a95df9\index-dir\the-real-index~RFe59697e.TMP
Filesize48B
MD537c3dc6dc1a9900dbb750c4af8a69bf9
SHA17ee302a3f97d7ac2c91646432db21b427e0208e1
SHA256e5ffdafb86d1bcb7f719324aa0d579d18726274a18b4c9c8cd1303e353e322d5
SHA512724a5ecfe4dfa68c6ce76b21a599bdcbd7d715e943161e3251ded6559af6d971e8bad40c69ff0139778b4aefe0cf55b93392fdb794bcf3ef60a70d4a866b1e4d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1e903d3-c49b-4b28-9597-c19dbf214636\index-dir\the-real-index
Filesize2KB
MD512ae01ed11a82d75aca3c0e38b6544f1
SHA14f77aba82fd9fa68a14dc6284810b84036157f2e
SHA2565a917e1432629bd4338e8eb7ab60c4900018c3cf48830257353f96244e99aba0
SHA5124ca2126cf1eba788f8bc1828107fdd43c1d6a05287882be6e61f19766292c1ada04480e46701aa55b60b74a4ac96323c24dd76039ab51b3224ac8f7e9689daeb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f1e903d3-c49b-4b28-9597-c19dbf214636\index-dir\the-real-index~RFe596874.TMP
Filesize48B
MD5b2b8d161cb58f27194edc87d0872a791
SHA1c61edae82a52787a90886d46f7362ec3c3d6fccc
SHA25670fc797ce80be11380f288460bed07136aee2470f792d33b7552eea25c588db9
SHA5124cfb51b7ed804e73ccb1dd96574090af74736b40f88297400fe8913b45552b3090aed71488109e38a51c37d5b71b93915c422afa3d26abc87d9c6b98ea3e9ec4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize89B
MD5329aeacfd4685718ba6b1841c4a9c3e1
SHA15a9662a86abe535bca76026b9526bb35f56fc984
SHA2567671fbd1e9e29075addfc096d044180282d39c4849167e1663d4d336940b62db
SHA512e607aa72d702eb5d0a6a6ba36f0d8f32d48fb914cd0df6efc99c3ac526bc18951982f642d7aed5f2aabd51fb5ea16f06065843f9c716cdec954cd5f0d48fac43
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD56970a9d2b307e8a349fd507b4c96e063
SHA186da1c31fd3af64bd0a913f04966c12f04e7ed81
SHA256eb6c9c0812d1ea7d17b101c29a692a68fabf7b376544209af732f54bdf807723
SHA5127d0e2c7f46e3a96900f47888929f3c8f4fbbe63534d17200bd0763440d45f2c50085ebc40fb4852724c92932a81c2849e09c7cd92a53e64d2f22303e9853bb62
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize155B
MD5596ea6f4e25e9655ba0c3d8dfcf6e982
SHA1603e3c65946f94597ee557a28c504da256d8af70
SHA256f261a7d88e9232a722ff2c61f794da33370389d1a65012e962cb704b672545ff
SHA512d9cab805cc12ee612475f634b67ac80df73cebb2e3db46f93b79392771677702d3c948d703d79beae10782e8e0afb71cfa1f5dc7a28f36ecc837e9c6496b58c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize82B
MD573305382072ef802e7d298479eb6e967
SHA1a24e7bc67eb97c3fd2313e370bff443342c87481
SHA25600f1ccc643ee471956b9f9475915de7e5a346d018b6fa7cbe5f767f3ebfa177d
SHA512c52f730e2a05c6027a57cc65a0c2d0792797326cc7130841b7e830c4196257643ea673768d73aa3579f3bf50f38b7c35392616d49abb75a261886ef97c76258e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize153B
MD57b3a37d6329a780d8302a11db2d5666a
SHA12454fdad78ba8b04ca0663950f5946cf7e03ef3c
SHA25653ee01c86aeb5551023ac692f8198f04083e3aae125de18f0fb8e0318efe47cf
SHA5124eae4da614a99929c0bdddf5a5a01d772d0e4c1c844a5342dc4e3af1c71a033c3f9795b4879d0ed9987894bf3306d81eb5603d346e06814f75e6766009609a91
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5d726a669e7d6d0dcac310cfcea017fa9
SHA14c5117ccbcf0d9e912449c7e653b2634b721cdbd
SHA256efda17995f7e8cddc86f16a0534b672b76fc1fadd8b0cc315422d40241a84d90
SHA5125e8db786d53b8923670bb01afa3bd20cba3845ab6bd0340b8ec52352a98c535c567ed7e9d1d90ca4d8290a9f5300c9344220bf75df1e409902c20958ef8d9b16
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe595ccc.TMP
Filesize48B
MD58ad49e2c5c95574e167d3d0c2741dfe9
SHA1ee4c7be1d1fdafb3b0c881112d77d51116dd53c1
SHA25683f61fceb1ca8fb7fee3cf31549e43df2c319ef74d87551f42d717454ca821ce
SHA512dc7c3b9fa0113fc5e0ebfeae52d39568860f586528a56ea8c93bc378d0e197d48394403ee4e567856bedb6eed27526f266bbaa9ba56aecf70625392257cceb46
-
Filesize
370B
MD508dc95453a6a9b6f625670ba7017c725
SHA14e28d45de60077808ed107127d356fb633c6ee39
SHA2561cf295e5fb3969fc71603edfc489efda5bcbc9b833d92422cc64a7e13016a84d
SHA51247e558e24502b0ed5cbc379c7f914fe9006c2bff48b8567dd745c97d02d49e8525d7fc487a410b095d1c572dfff1defcd4a17efbcc55f3c4de9f4394d0bc1f4e
-
Filesize
370B
MD55047260abbadd4938841bfc854acc923
SHA169f2a697c9bf3365c80b4f27b77966b69205457d
SHA256b794bbcb47e064cac5f9d9f597d9400df4d6f7cee125e9acdeaa79d96b7e979e
SHA5121b69788c2c08096f2baa57e68ed69732f893dd90ff21f92bffcb4730aed1e92d14ec56c11ddb352c4c6cadcaaa64696b86f0206e9719944fa567438e404225d6
-
Filesize
1KB
MD50df7f8222bf9708aa7c0c39d61a48261
SHA1f27a41ba540f9b661756551bf6bc712a5aaeded0
SHA2566131ab1f455a2fd44ab0c554b2b02a965dec01a429abaeaa8b8ba6696105df3a
SHA512b153413572b6243e06d5e6a6d695a30406650052771c6de552ff2f8cec8c9984f6add538efc4995b13679ad2dd4900415eef3c05d4761ddd386d68039b789cfb
-
Filesize
3KB
MD53f65c8ab7d241182cc34dd8026de23f6
SHA1a8a5d0591da854cd5d8e79eb1a30e244df1277bf
SHA2563fa43b4cc75fe606660c7f1f3b189cb3b551b3754b5a5f686bdb1f5801487898
SHA512528b37669343f4b5c8815668277fced2fe9885c81fea90526ace5248189a049b9323cf55ef21d82744f7d2e8af92fb76d14895bac18b0f0c311750e39425d215
-
Filesize
1KB
MD5e709f91d63252a9a7ac5fdcae597d76a
SHA19c181fdca346ee57de6e7005e9d79293ae94cffb
SHA256164c2f51b993590497f938083772575092e0ef40459e8955e348bede6440f62a
SHA512884d8683edab0bca00e2624095549bc1eacdc4ee54e22d83a91d2ef8b18fe2a6dbefa211a07d392d9657c76461f1cd08db653b01173fa844ad59f6f1be4c70c0
-
Filesize
1KB
MD5f9d2f83289f1c768e1488b5945facaa7
SHA10c2b26bcb6ec37963cfd8258adef3ac060a64ea2
SHA256c88741f375fc4aa88aa99cc9d85817dd7a2491efdf6cc0f3497cd77504c4ae58
SHA51255f5b771c083fce5e11533646536b6997fd6ce8d01613206ed826e037f79aa06fb7a4270bfbfd1e96f0632d973cdf2dd015026c3c3b994f13c20ce9ac66b1f42
-
Filesize
370B
MD5acfeb290a1583a318f103e12136d5d9e
SHA16086f3d2444e55952cf63a0bfd5d495aaad609ce
SHA2568cdd5e0f81fb42e8a01792232a1be5670be1db5e4cd635e71e1a793737ef6c82
SHA5123779f11134fd2bd567135358029d647b535cc4791e34c57484befc1b380a751d49d3b94b31e8961c6d1d03d7c36d90f8a9786dd1a39750323f31f3db9e143b78
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5ed2ca036be52dab97243844f2fc40e0c
SHA17be8cf159d0f5911aade86865a17d198cd71dae0
SHA2560a1c15969fe0ab34d230bc89d47801a46b69379c2fa0d1569b57a495d5a55cc4
SHA512452d667bd2c0daed7939c2a3288cad2864bde1782304b22231506c62591a062fb0a560a6c7c04f40c394f45df2b5ec1da656f4e1c2f0d7b6b78b2f651195225b
-
Filesize
11KB
MD54c97fb2fcef68c081071e8925ce852c6
SHA1edd9d22b7622a22e88fa6a62fd3a4865448f8061
SHA2566757d74cc1887cc1fed2c410886977f90a8a99eb509d8e55c43fb523bf331c70
SHA512ebe29b4cfd41f2b6a0565365565d7a86f5b3ad161fb2c1fca09e0d629abe31c5a188b2fae3c8cf195881b805976cd9d584ee3b21f777d4470558eaa60cbac823
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD51a4ed7e6abbd0bdbe515c5a9a5095ac9
SHA1eaadefea3a05f15a48b2f72aecbac4b9ab3307d9
SHA256ecee9301816e58ef438be402826dbc9a5231c5467b182622b75364a004483871
SHA512bd9f8e258eabbb2b94fbb4cb08385f9021d1d2e773f9e5ef0ed4c5c59ed8e3404f495a42de20c19040e41d3e531ae7db732832beb5b26d4480cb6f0b0939ac66
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD516a6374c3f724172104848737d339936
SHA1ea59921280ae14ceb6c20dfe46e5e10b5b7e282d
SHA256a4d76c7a45e68cd7ddb9eddca8141a9c02c2d5ed92327724c5f8b3d19068a9e8
SHA5127ea8fecd6a609b420ab2551a6a476d0e06fd05265705fe8c4976ad40527184626609e193d328e73f92a1ae71a7325a152c5b29ec051d4af720172dfb97801e35