Analysis
-
max time kernel
655s -
max time network
678s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-06-2024 14:39
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://room.icu
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
http://room.icu
Resource
win11-20240508-en
General
-
Target
http://room.icu
Malware Config
Extracted
stealc
doralands1
http://45.88.79.153
-
url_path
/e36377ea7ac96c9f.php
Signatures
-
Detects HijackLoader (aka IDAT Loader) 2 IoCs
resource yara_rule behavioral2/memory/4740-1305-0x0000000000400000-0x00000000004F2000-memory.dmp family_hijackloader behavioral2/memory/5352-1357-0x00007FF7348D0000-0x00007FF734A07000-memory.dmp family_hijackloader -
HijackLoader
HijackLoader is a multistage loader first seen in 2023.
-
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
description pid Process procid_target PID 5692 created 2932 5692 explorer.exe 49 -
Command and Scripting Interpreter: PowerShell 1 TTPs 4 IoCs
Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
pid Process 1436 powershell.exe 6020 powershell.exe 6068 powershell.exe 6108 powershell.exe -
Downloads MZ/PE file
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
resource yara_rule behavioral2/files/0x000100000002ab2d-1238.dat net_reactor -
Executes dropped EXE 4 IoCs
pid Process 4660 Spectra Setup.exe 5656 Spectra.exe 4740 snss1.exe 5352 snss2.exe -
Loads dropped DLL 58 IoCs
pid Process 4660 Spectra Setup.exe 4660 Spectra Setup.exe 4660 Spectra Setup.exe 4660 Spectra Setup.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 5656 Spectra.exe 1980 explorer.exe 1980 explorer.exe -
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 4740 set thread context of 4456 4740 snss1.exe 119 PID 5352 set thread context of 5440 5352 snss2.exe 123 -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files (x86)\Spectra\PresentationFramework.Aero.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Threading.Thread.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\vcruntime140_cor3.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\pl\System.Windows.Controls.Ribbon.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\PresentationCore.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.IO.Packaging.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\ko\UIAutomationProvider.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.ValueTuple.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\es\System.Windows.Input.Manipulations.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\de\System.Xaml.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\zh-Hant\PresentationUI.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.ComponentModel.DataAnnotations.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Diagnostics.FileVersionInfo.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Diagnostics.Tracing.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\zh-Hans\UIAutomationClient.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Runtime.CompilerServices.VisualC.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\UIAutomationClientSideProviders.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\PresentationNative_cor3.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Drawing.Primitives.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\it\UIAutomationClientSideProviders.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\ko\UIAutomationClient.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\ru\WindowsBase.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\zh-Hans\System.Windows.Forms.Design.resources.dll Spectra Setup.exe File opened for modification C:\Program Files (x86)\Spectra\Spectra website.url Spectra Setup.exe File created C:\Program Files (x86)\Spectra\PresentationFramework.Classic.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Runtime.Serialization.Xml.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\it\Microsoft.VisualBasic.Forms.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\ko\System.Xaml.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\pt-BR\System.Windows.Forms.Primitives.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\pt-BR\UIAutomationTypes.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\ru\System.Windows.Forms.Design.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Resources.Reader.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Runtime.Serialization.Json.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\WindowsBase.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\zh-Hant\PresentationFramework.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\Microsoft.Win32.Registry.AccessControl.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\PresentationFramework-SystemCore.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Globalization.Calendars.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\UIAutomationClient.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\ja\System.Windows.Controls.Ribbon.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.ComponentModel.Annotations.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Net.Http.Json.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\cs\ReachFramework.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\ja\System.Windows.Forms.Design.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\tr\UIAutomationClientSideProviders.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\PresentationFramework-SystemXmlLinq.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Runtime.Extensions.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Threading.Tasks.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\clrjit.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\cs\System.Windows.Forms.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\ko\WindowsFormsIntegration.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Net.Ping.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Text.Encoding.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Net.Quic.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\fr\ReachFramework.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\zh-Hans\WindowsFormsIntegration.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\it\PresentationCore.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\pl\WindowsBase.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\ru\System.Xaml.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Diagnostics.Tools.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\es\PresentationCore.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\de\PresentationUI.resources.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Linq.Parallel.dll Spectra Setup.exe File created C:\Program Files (x86)\Spectra\System.Net.NetworkInformation.dll Spectra Setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 explorer.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString explorer.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3433428765-2473475212-4279855560-1000_Classes\Local Settings msedge.exe -
NTFS ADS 2 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 865614.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Spectra Setup.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 54 IoCs
pid Process 4148 msedge.exe 4148 msedge.exe 3616 msedge.exe 3616 msedge.exe 1552 msedge.exe 1552 msedge.exe 3060 identity_helper.exe 3060 identity_helper.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 4372 msedge.exe 1720 msedge.exe 1720 msedge.exe 6068 powershell.exe 6068 powershell.exe 6020 powershell.exe 6020 powershell.exe 6020 powershell.exe 6068 powershell.exe 6108 powershell.exe 6108 powershell.exe 1436 powershell.exe 1436 powershell.exe 6108 powershell.exe 4740 snss1.exe 1436 powershell.exe 4740 snss1.exe 4740 snss1.exe 4456 cmd.exe 4456 cmd.exe 4456 cmd.exe 4456 cmd.exe 1980 explorer.exe 1980 explorer.exe 5352 snss2.exe 5352 snss2.exe 5352 snss2.exe 5352 snss2.exe 5352 snss2.exe 5352 snss2.exe 5352 snss2.exe 5352 snss2.exe 5352 snss2.exe 5440 cmd.exe 5440 cmd.exe 5440 cmd.exe 5440 cmd.exe 5692 explorer.exe 5692 explorer.exe 5884 dialer.exe 5884 dialer.exe 5884 dialer.exe 5884 dialer.exe -
Suspicious behavior: MapViewOfSection 4 IoCs
pid Process 4740 snss1.exe 4456 cmd.exe 5352 snss2.exe 5440 cmd.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 6068 powershell.exe Token: SeDebugPrivilege 6020 powershell.exe Token: SeDebugPrivilege 6108 powershell.exe Token: SeDebugPrivilege 1436 powershell.exe -
Suspicious use of FindShellTrayWindow 48 IoCs
pid Process 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 5352 snss2.exe -
Suspicious use of SendNotifyMessage 13 IoCs
pid Process 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 5352 snss2.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4660 Spectra Setup.exe 5656 Spectra.exe 4740 snss1.exe 5352 snss2.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3616 wrote to memory of 1620 3616 msedge.exe 81 PID 3616 wrote to memory of 1620 3616 msedge.exe 81 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 2480 3616 msedge.exe 82 PID 3616 wrote to memory of 4148 3616 msedge.exe 83 PID 3616 wrote to memory of 4148 3616 msedge.exe 83 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84 PID 3616 wrote to memory of 4700 3616 msedge.exe 84
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵PID:2932
-
C:\Windows\SysWOW64\dialer.exe"C:\Windows\system32\dialer.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://room.icu1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8afbd3cb8,0x7ff8afbd3cc8,0x7ff8afbd3cd82⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:22⤵PID:2480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵PID:572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:12⤵PID:1296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:4920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:1020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3040 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6040 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:12⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5668 /prefetch:82⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1928,5595275050338246683,14255229589314569739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1720
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5048
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3476
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1184
-
C:\Users\Admin\Downloads\Spectra Setup.exe"C:\Users\Admin\Downloads\Spectra Setup.exe"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4660 -
C:\Program Files (x86)\Spectra\Spectra.exe"C:\Program Files (x86)\Spectra\Spectra.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5656 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6020
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6068
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6108
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" /command Add-MpPreference -ExclusionPath 'C:\Users\Admin'; Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Roaming'3⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1436
-
-
C:\Users\Admin\AppData\Local\Temp\e05a896f-766b-46b5-85a1-8150bc5fc22c\snss1.exe"C:\Users\Admin\AppData\Local\Temp\e05a896f-766b-46b5-85a1-8150bc5fc22c\snss1.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4740 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4456 -
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe5⤵
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:1980
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\e05a896f-766b-46b5-85a1-8150bc5fc22c\snss2.exe"C:\Users\Admin\AppData\Local\Temp\e05a896f-766b-46b5-85a1-8150bc5fc22c\snss2.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5352 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\SysWOW64\cmd.exe4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:5440 -
C:\Windows\SysWOW64\explorer.exeC:\Windows\SysWOW64\explorer.exe5⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Suspicious behavior: EnumeratesProcesses
PID:5692
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
542KB
MD5fa82009334ae6e23e2b7d7838fd1d39a
SHA1b2b2c429b4daab8ea897a063cdd3b5c30c00dfdf
SHA25612e484059be602793bee2c8076e4538747afc9835b3148b2a2b4999177c9b0c9
SHA512290fd603c1ab65bbc0bad1f26f159cfc36792504b4a6ed511f65ad36b61f0dde1948ced240f8776896a6e9406e4a28d70b4fc7ee0c355accd123bd50fc879ecb
-
Filesize
343KB
MD5fe679c33a1a35b4d79a14b75a06da59d
SHA1b53ce38b720ffda213df09e5dcdf287009b8f0e1
SHA256012d34f11ff4d603d5eae49b676d88eba49553deaeb9542df3fe8fe1a20f6d69
SHA5122f4fabd17c6b6ef7542ff5bc79d726400e96ca3aef878ff5dc65ccd6ae8058f703084fa5969931a985fb8e0acedf19b37473967fc7f79130931147e9a09b4396
-
Filesize
270KB
MD538d21e067d7673194a84cced59066ac8
SHA1e64362176f714b23603f3a67f1e741f12e35a832
SHA256483130bfd1e57a0cbfd8a4f3c6e2353ac3f246276f9476c83cca1cadbc47ef47
SHA5123fa6f78ff0cb527a8e82261549f24a8609d005821ac5c5e7257670dffd55472a134af3ef78d73779758303ae5a90728181cd4caebc871c5cfa4c309141201baf
-
Filesize
254KB
MD592063926c04f2e4bf5b5fde16542831d
SHA1e7be34eaff2d3d8796911d21f1fdbb93bf231dec
SHA2569193aaef3ea8f19408f88c25fcaf5880e7836d1c35028d7e4077f6090b083541
SHA512e855ee37980d1da2d143ee39133b05fff81937e529cffe74433e73088549daabd3abadbf05f3765bf3ffffd50313f0ed966efec0eb244d7363241affd73cc29f
-
Filesize
78KB
MD51c59c00ab0850af4b4d2bafd6be47db3
SHA14c6185b2f42987e25a5fdf2aa30cf4150de25d5b
SHA256133ec34432ab8fa4f63ade636193864b6a62a089a0c98d746f5532c8a52f437b
SHA5128425c02c4afb274e862e4ed5dd1c766ebfa1bcf5bf59018d86238014a52603331a8b7c1e233f5a1f22171e90132ddd585db0d2561ff2cd287d703397afdff4b1
-
Filesize
15KB
MD535e27f4c681085a4b096826ee8ea4f53
SHA1cf3ea4304e5558c8fdd4422e4d72509cd91ea719
SHA2567bd41c6b12b73e6e90476f2d56db8581664abe07e7ab9bf2917bb254ed1d75ad
SHA5121f9e6519ff29524e57cb0b3576ab118014293aade8f30027ef44b1f29a8e9a54e7bcb3b288a92dba996053b16016807d93fa9f44f2c43666ddc6425ddd7ae4b9
-
Filesize
154KB
MD57e999da530c21a292cec8a642127b8c8
SHA16585d0260ae98bab2ad1eaba0f9cfe8ebb8a0b3f
SHA2563af25e0c81c1462d0db86f55c4e5fd8c048c70685f9a566d29d499bc46935fb4
SHA512a18b6649b5c2f9f96bf639863df9faad436759200a64f91fb2d955f33c71ce4b2d5798be982f692a247ac864d8acb63fb731b31c06333e5c7d9a9c895ecd6451
-
Filesize
12.6MB
MD5805cf170e27dd31219a6b873c17dce88
SHA1ac90fa4690a8b54b6248dcb4c41a2c9a74547667
SHA256ba7e61a00e7a4634b5c5a79b83126f75580ceec235c613000c3efbc01826cad0
SHA512fa946aae906b66cb5570155a1c77340f2b6d4efb9be16068da03a8f1c5b5f37ad847d65cd1416017db19375dc6a72670300da4c766e6d9bb1a00374f492bd866
-
Filesize
394KB
MD560ed8b2bffc748d6a2a1fed8fa923368
SHA1be411429b9a649a495124558c5e5d95a83525d58
SHA2560b63cebb991d1911a607993ea5b4639f34a2b0b381a73973542db2d3591e9f90
SHA512b0a4ac2aa96d827258bb30f098512741ad3f93585e05ceae0255e15cd8dc9ab8048788902c1eb32a813e9c69c8a923200a716b4e00f579c22a0b425665e575f8
-
Filesize
7.6MB
MD546aebfbd6d7e74d4d558da62d7600d25
SHA19c1cd44ab8b5e283967427e91cbddddfc0c2bf5a
SHA256834e304221e742a831be5c5178892258e689eae35b730172e74161af2785aab9
SHA5129c4499d174a988cc3830aafcc42f79defff37b16198f49cf5d2dc86f88809fcb44e0c300351f813d46addf9998f64448c50213f1721c6a307aad21c205db1524
-
Filesize
94KB
MD549c86e36b713e2b7daeb7547cede45fb
SHA175fe38864362226d2cce32b2c25432b1fd18ba37
SHA256756de3f5f2e07b478ac046a0ac976b992ef6bc653a1be2bb1e28524a4ff8d67d
SHA512a9bd42b626158c540be04f8d392620daba544a55b7438d6caefe93b9df10ec2219f28959c4e0d706a86b92008275de94dfdf19de730787cdacf46d99fc45e3a9
-
Filesize
42KB
MD553501b2f33c210123a1a08a977d16b25
SHA1354e358d7cf2a655e80c4e4a645733c3db0e7e4d
SHA2561fc86ada2ec543a85b8a06a9470a7b5aaa91eb03cfe497a32cd52a1e043ea100
SHA5129ef3b47ddd275de9dfb5ded34a69a74af2689ebcb34911f0e4ffef9e2faf409e2395c7730bce364b5668b2b3b3e05a7b5998586563fb15e22c223859b2e77796
-
Filesize
17KB
MD58f3b379221c31a9c5a39e31e136d0fda
SHA1e57e8efe5609b27e8c180a04a16fbe1a82f5557d
SHA256c99c6b384655e1af4ae5161fe9d54d95828ae17b18b884b0a99258f1c45aa388
SHA512377f4e611a7cf2d5035f4622c590572031a476dd111598168acea1844aaa425c0fe012c763fbc16290c7b32c6c7df7b2563c88227e3dbc5d2bd02250c9d368d9
-
Filesize
15KB
MD5c7f55dbc6f5090194c5907054779e982
SHA1efa17e697b8cfd607c728608a3926eda7cd88238
SHA25616bc1f72938d96deca5ce031a29a43552385674c83f07e4f91d387f5f01b8d0a
SHA512ae0164273b04afdec2257ae30126a8b44d80ee52725009cc917d28d09fcfb19dfbbb3a817423e98af36f773015768fed9964331d992ad1830f6797b854c0c355
-
Filesize
15KB
MD5777ac34f9d89c6e4753b7a7b3be4ca29
SHA127e4bd1bfd7c9d9b0b19f3d6008582b44c156443
SHA2566703e8d35df4b6389f43df88cc35fc3b3823fb3a7f04e5eb540b0af39f5fa622
SHA512a791fa27b37c67ace72956680c662eb68f053fa8c8f4205f6ed78ecb2748d27d9010a8de94669d0ee33a8fca885380f8e6cfad9f475b07f60d34cdcb02d57439
-
Filesize
2.0MB
MD575f18d3666eb009dd86fab998bb98710
SHA1b273f135e289d528c0cfffad5613a272437b1f77
SHA2564582f67764410785714a30fa05ffaaad78fe1bc8d4689889a43c2af825b2002e
SHA5129e110e87e00f42c228729e649903ad649b962ae28900d486ee8f96c47acca094dbace608f9504745abf7e69597cdef3c6b544b5194703882a0a7f27b011fa8d5
-
Filesize
15KB
MD572d839e793c4f3200d4c5a6d4aa28d20
SHA1fbc25dd97b031a6faddd7e33bc500719e8eead19
SHA25684c9a95609878542f00fe7da658f62d1a6943a43e6346af80d26bcff069a4dbd
SHA512a414cd9d7cf6a04709f3bdbef0295349b845a8301171ed6394e97b9993f35816383b958736c814f91c359a783cca86ee04802856486d4b4e0ab90a45da39db1d
-
Filesize
82KB
MD532aa6e809d0ddb57806c6c23b584440e
SHA16bd651b9456f88a28f7054af475031afe52b7b64
SHA256e8d1f5c422ee0ba3b235b22028ab92dc77c1ff9774edc0b940cad7224a30ba7d
SHA512fe43b3d6ed5c37d59a44636d3c7522a88d83e6ec074bf69d3cbb6e5454fdd8f0523ea10fdf6fd452cbd0e2fc159cf9d03dfad6b30e80e400e7f1773b5a2e8632
-
Filesize
2.9MB
MD58129c2d72bcba8b50576e7c43e558832
SHA1f4892f78d2496f3a2e1fa2380ff68fbeb62e2dca
SHA2565794a3996a0b4ab9cb13f3de0f87d50462615a7d0eb1d243d9324a682c1b58cb
SHA51240fafbf9590d2b2c8f487f44708e9e97ddce03b1487be5c7cb3d4c92bdb7100a98aebada379f63003f0dd9d447ee2b0b9dfa0b057320ac05f7f77b31c5ffa97d
-
Filesize
12.9MB
MD5a51632facb386d55cc3bc1f0822e4222
SHA159144c26183277304933fd8bb5da7d363fcc11fa
SHA256efc52dbbef5202d9ff424d7adc6e2249b66450a5fd5414891776fc617b00123e
SHA5122a8d8e2ee8168e6f79476616385320f463ebc161c7393db2b18a7d35ca0111c5100b83954c5eabfe32b12cac3dbfdc514271dde4cc4468dd26235eb7020d9c14
-
Filesize
1.7MB
MD58b81a3f0521b10e9de59507fe8efd685
SHA10516ff331e09fbd88817d265ff9dd0b647f31acb
SHA2560759c8129bc761fe039e1cacb92c643606591cb8149a2ed33ee16babc9768dcb
SHA512ea11c04b92a76957dcebe9667bef1881fc9afa0f8c1547e23ada8125aa9e40d36e0efaf5749da346ba40c66da439cbd15bf98453e1f8dab4fe1efd5618fdc176
-
Filesize
4.8MB
MD59369162a572d150dca56c7ebcbb19285
SHA181ce4faeecbd9ba219411a6e61d3510aa90d971d
SHA256871949a2ec19c183ccdacdea54c7b3e43c590eaf445e1b58817ee1cb3ce366d5
SHA5121eb5eb2d90e3dd38023a3ae461f717837ce50c2f9fc5e882b0593ab81dae1748bdbb7b9b0c832451dfe3c1529f5e1894a451365b8c872a8c0a185b521dbcd16b
-
Filesize
342KB
MD516532d13721ba4eac3ca60c29eefb16d
SHA1f058d96f8e93b5291c07afdc1d891a8cc3edc9a0
SHA2565aa15c6119b971742a7f824609739198a3c7c499370ed8b8df5a5942f69d9303
SHA5129da30d469b4faed86a4bc62617b309f34e6bda66a3021b4a27d197d4bcb361f859c1a7c0aa2d16f0867ad93524b62a5f4e5ae5cf082da47fece87fc3d32ab100
-
Filesize
388KB
MD5a7e9ed205cf16318d90734d184f220d0
SHA110de2d33e05728e409e254441e864590b77e9637
SHA25602c8dbe7bf1999352fc561cb35b51c6a88c881a4223c478c91768fdaf8e47b62
SHA5123ecbaf20946e27d924a38c5a2bf11bac7b678b8c4ebf6f436c923ea935982500e97f91d0e934b7fd6b1fc2a2fd34e7d7b31dbbe91314a218724b3b2fd64c4052
-
Filesize
133KB
MD553e03d5e3bffa02fbc7fb1420ac8e858
SHA136c44c9ff39815aa167f341c286c5cd1514f771f
SHA25623a433398be5135222ee14bb1de6334e7b22bad1a38664a83f1cf19dfbddd960
SHA512f6aca16b90f6b4efa413dc9a8f1d05e83c1e3791b2cb988f9bce69d5272a0077c1edcae4111a494d166b5e3ab4e25956dead4e93ee1e43417c2b7bb082292170
-
Filesize
152B
MD5a8e4bf11ed97b6b312e938ca216cf30e
SHA1ff6b0b475e552dc08a2c81c9eb9230821d3c8290
SHA256296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad
SHA512ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76
-
Filesize
152B
MD523da8c216a7633c78c347cc80603cd99
SHA1a378873c9d3484e0c57c1cb6c6895f34fee0ea61
SHA25603dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3
SHA512d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17
-
Filesize
1024KB
MD5026f8247772975457d1c0bc56faf6ca5
SHA1c3800debaf4c72dd140ccf9a2781d03f3bd29ef8
SHA256237bd6c6a001ead50c79c381c3f2b6aad7f5d8cd35df6bb81b0855d3addf0dbf
SHA512f1f260441c8ea58eee2e741f6d48df6158ea51501a84fd4b9a2045a11e0afd744d900201eae1fc06c540739fceffa00bb8c804fdb6e1a6986b251da7e257debf
-
Filesize
1024KB
MD5ec09a2a83a7bfbf588b500dbd82c8b34
SHA15b5e5711b9d12fac6b9ae929814028efe12a55d8
SHA256050c1d6bb6cf435acdf9559da2369fe309886473ea4dba4d396f9b3a71e21721
SHA5124c6d0a46e6b0597d07fd12bad8e7649953dbdde3129652c1559c33fec087a3a6e7bb2e8f3976e9d76c73346a7e071afdbebc97903336f030fd73a129b6838e66
-
Filesize
1024KB
MD5fea68ba4b099e91189016405ec488257
SHA163017483109ac84396893fbffc8888b93715a9e4
SHA25692c117acb028c866019a6bc6031527387a2516b5e25b2164fd48078962106fcf
SHA512499eb78a1c383e6dd9845d765fd6ffbe26fb84dacb5ee8ee2f21093b602719bba0b81ad89ea19f7f6da017ed6fcc56ce1448542988899bf405484fe390b43e2e
-
Filesize
1024KB
MD539d36cd5cca903eeacf13532483e0afa
SHA18c563860e8349cd5512272777ece6520959ef691
SHA2560153619c311cc7c0a98def9d551500e53431effe5033a38b12fb660772512d6c
SHA51297f6f273808d5421c58cb51632b31eea0f4ea129bebceb23529de91aee0f9b3b9de8f8019f397af0d4153b7e8c3fd204ee5009b0689ea702777efaa647391d21
-
Filesize
526KB
MD5867eb0661f4b1401c4ca0b1aea217ca1
SHA1cdd64a93d25093699bb8be85babfb2d83e51fe10
SHA25663554658c456384973381a31b0a10d4a80c8e60b3a22e4555a72d49172bb14dd
SHA512bf6b012ab7d3346c971e0ba1905a0ffe72612a2e388f51fd5375c82e6f7c08a844b4d4c9ec88a7d2b395676e71306617a4fe2055415ab4dec8e5f49b5977fca7
-
Filesize
1024KB
MD5307076507b64af55f45832690b293c16
SHA1d990c1fb47991a04c74ecd7693659b1fba5ae269
SHA256e4882b6a51078e61d0852b8a04c9077a984a9faad4795274f1dcb8a37d597263
SHA512f06cbec2d8457ef48e584bbe45ecc8726f257ff8d63a1722e4362af9b5550b359bfff0f7b1bf6a48a03a5a357be9aa322aa366a2d656ffc05bd9f91a2bf7f196
-
Filesize
1024KB
MD5b9e4b30d5734e68b419f5e01a25650c7
SHA145578d56b96aaec899ccec570a1e1ca197cad5c8
SHA2561f5c004f77b30079a7e0f5308d6b983076198ca4658b33270ed1bd678a611e5a
SHA512828fec0c9fd447b1ebee041b84bb18f6184c640891fa0d4d838e289b53535287ddbabcde35b870b71b416b3607229a79f9211a58eab6b2d2457a9d9f8d44b3ac
-
Filesize
42KB
MD522b06f778b8ccdf9b962bbfc193376ac
SHA18e70153e3ea5b28905e89da10bdcdc6b37f88601
SHA2569bb7510af1a0924a6e4271ddee964be0231b6561ba3affda5177546c1b59c778
SHA512426124c2e2770a45732049b0d25634e820d372b6a7ceb46fb025631ad60d527bf8e011ed8f4f254eb5f368b9e390e442f55aa3c0390bb7792024ef762f72098c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD5a6baa7e138c3f699d396b8d91bd55aa4
SHA15ea4ecca8b49f220cb57d39317f18d79b60d3ac6
SHA2560950bc8d45aebadd650402305c67d681f9dd137d7fecd93a7de000edbdcafa5c
SHA51220a6cbc705485de169a79e43ab4aec8f02218b90ee92ee92ebc4ebe9db7c8eb2f0ac9d1d6b249267ca8cf547df164284233848c039015c521d04e3c39cd458d1
-
Filesize
180B
MD500a455d9d155394bfb4b52258c97c5e5
SHA12761d0c955353e1982a588a3df78f2744cfaa9df
SHA25645a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed
SHA5129553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f
-
Filesize
5KB
MD5fbee467e6fc4e060a32f64f56d9038b0
SHA1d2b026684ee551691a16b8ead71db2bd4b99aeae
SHA256af46f4e89dc56333337f97f6fe8f24786ef8830e39ab0ff0c1e30e8c8b89b473
SHA5129a402416f2b9e78051da8036321b0dfc9fb886c554f0d7721ba3edd9810f3bf4729d2a6f4b9d0fa6aaee1fa848c0266c669849ceeb9c8eca3c2c296234ff8a4f
-
Filesize
6KB
MD576cf0971e85e91cadd193dac493f463b
SHA14eefcd398ff081c118400551d531118b864d544c
SHA256a2e9aca43b96fb8368dfa9758b4356f503d4c961677857662028bea929bafb92
SHA5126a90fe10cfcd623c035aaa3a730b0f8607d895e51746a11444a7db389cc2f9af1070f806a0fcead9dadb6f37e01cafeed1503c224fefb0f4867821f089c95803
-
Filesize
6KB
MD52096c7c02bc7026fe25cd9bc11fd0e8d
SHA1cba88dc82a02eed32979f845c716acd80463a6be
SHA2563be74e979d54e8da993c2bdd3e7097a1cd5da2872d232bc2e66bdd51ea216456
SHA5128a6594dd972ca46f7cefc603c098f4e460962ebe5bd2747ba5ac5e002ce4cdee2b0db62694c0499f9c2840f73920429af42e622ea66e8ac07e0d2f074a14131a
-
Filesize
6KB
MD59ed7e405e9e92190b1bf90291b32cd62
SHA1b6325fd7ce2bd25c238aa411af7054791221b49d
SHA256e8f8d6b44fced984548eef8ea53dd3e8d5c779fbe7ab4c9404f76130ce4a9735
SHA5120281486a96856a10de75671463eaa12181df0a00b63b6a4da3235afe29c1165a0db535e38f170259c2ec45b9d381f0947e5dbcc4074b4eacddacd202f4244089
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD503128e2bb008607e4532b87994dec17c
SHA1654a87e88364ca10cde498f64a5302b8d23a35ec
SHA2567d007980cef6290ac142621f686f7a2fc2d4670144261b5fb55e96b854496fce
SHA5127b6b2cb06f27527823dd5a6644300b30b42d2685d6ba41dd2e2d28909e1b3ec57ffe8d9040cb93f0bf5ca9790c72e214a42c14bd28735000cb17aedacab79a09
-
Filesize
12KB
MD568b10890e85bfb01aff80788d6def1b5
SHA10125c3f8345e2ba379af43732c8a5c1e7f9169ee
SHA256a517f5a1b30d52dfd82301e0e17403696efb1fd9be724658746a5e0dd5ce4f38
SHA512434111bad739f4f533c6f32fe61ae4164e9d11d7757d58f356b081a30956169f9190aeb5aaf99bff7a5cc717f2fcf99392caf5e1023b76d8bcb15daea9e011bf
-
Filesize
53B
MD5e9d01ba4fce46d149d39ce647b5ed9af
SHA18f6ca6dd01dc16032e009e1a2c83fec27b13d0d9
SHA25683be216af0490d5f47aa27a0d34513a14a297fd09953db4d0667648f69c9a276
SHA512a79208e06c486881470b015610cc811068e1a85de791b42ac35798049e09fc298bfd45008fa0ba9efa58b28cf3258c92a337bf7092e6e3d6dd32cc778a3fcfb6
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
15KB
MD5d095b082b7c5ba4665d40d9c5042af6d
SHA12220277304af105ca6c56219f56f04e894b28d27
SHA256b2091205e225fc07daf1101218c64ce62a4690cacac9c3d0644d12e93e4c213c
SHA51261fb5cf84028437d8a63d0fda53d9fe0f521d8fe04e96853a5b7a22050c4c4fb5528ff0cdbb3ae6bc74a5033563fc417fc7537e4778227c9fd6633ae844c47d9
-
Filesize
5KB
MD550016010fb0d8db2bc4cd258ceb43be5
SHA144ba95ee12e69da72478cf358c93533a9c7a01dc
SHA25632230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
SHA512ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
-
Filesize
12KB
MD54add245d4ba34b04f213409bfe504c07
SHA1ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
SHA2569111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
SHA5121bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
Filesize
1KB
MD5c927a5d897f268dfadfdcb9ce846ad6f
SHA173915a9188e71b14a3c4256a0484c82515acf6f5
SHA256b2fd0662e2522336386d24039f62dbe3a9a502abaf09c21bad7a325a39011ecb
SHA512f88a628141b684d13b2cea3dd0a126b2424f27f129a250b6c3c28a10d8653986a144bf13f9508a0ca641f7fca01a9e1c7bc997e6f40157bee2aeddf7580c8c00
-
Filesize
1KB
MD563ce3ce4f9b0d0772e746c8be4f4d0ed
SHA1114b196aeb321a8eeb2bd1a329f3251a963e29d9
SHA25683ccea3d3f26c52cf1d3df78fc6ccff8cfceed39b9b813c27d9e58925600ef52
SHA512c9288a3b531899e46dfba7ff5d9b866207c6fa67fc13de0ba987eabeb6f2097c1f2391780123bfad7547a43f62d1562549d40afd0c0c444fa996fc32a4f48ee6
-
Filesize
47.6MB
MD59865ea7b0c864c9cb7b402d719cc866e
SHA1dc9e1f78e8b7211ed2390a513cfb1f42d1468c6e
SHA256cced68e78da1e155cdc09eec9df2bd6e41d8597fbc0084b10e741ebebe7f46b7
SHA5120ad597ce5bb9f526143574bfaf29076b1ce8dac69b5750b83406914e2005a9f21039f438b05fb03f1c808c93b0f57811c1e4f1c46dd44e10ccf71efca880e4f2
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98