Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 21:57
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.mediafire.com/file/9r13k249f79stkj/VAPE_V4_LITE_%255BZIP%255D.7z/file
Resource
win10v2004-20240611-en
General
-
Target
https://www.mediafire.com/file/9r13k249f79stkj/VAPE_V4_LITE_%255BZIP%255D.7z/file
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
Vape_V4.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Vape_V4.exe -
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
Vape_V4.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion Vape_V4.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion Vape_V4.exe -
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Vape_V4.execmd.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation Vape_V4.exe Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation cmd.exe -
Executes dropped EXE 4 IoCs
Processes:
7z2406-x64.exe7zFM.exeserver.exeVape_V4.exepid process 7060 7z2406-x64.exe 3736 7zFM.exe 2232 server.exe 6528 Vape_V4.exe -
Loads dropped DLL 64 IoCs
Processes:
7zFM.exeserver.exepid process 3480 3736 7zFM.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe 2232 server.exe -
Registers COM server for autorun 1 TTPs 3 IoCs
Processes:
7z2406-x64.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2406-x64.exe -
Processes:
resource yara_rule behavioral1/memory/6528-2571-0x00007FF6BAB00000-0x00007FF6BB7EA000-memory.dmp themida behavioral1/memory/6528-2572-0x00007FF6BAB00000-0x00007FF6BB7EA000-memory.dmp themida behavioral1/memory/6528-2573-0x00007FF6BAB00000-0x00007FF6BB7EA000-memory.dmp themida -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Processes:
Vape_V4.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Vape_V4.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
Vape_V4.exepid process 6528 Vape_V4.exe -
Drops file in Program Files directory 64 IoCs
Processes:
7z2406-x64.exedescription ioc process File opened for modification C:\Program Files\7-Zip\Lang\ca.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\cs.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spl.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\7-zip.chm 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hu.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mng2.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\va.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\eo.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\th.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\7z.sfx 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kab.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ext.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fur.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tr.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tt.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ast.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sq.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ta.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\af.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fi.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ga.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\kk.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mr.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\nb.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\zh-tw.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\bn.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tg.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ne.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\gl.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\en.ttt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ka.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\mng.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pl.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\yo.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hi.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fy.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\he.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\tk.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\az.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\an.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hy.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\descript.ion 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\gu.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\id.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sl.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\7-zip.dll 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\da.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ja.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\si.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\sr-spc.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\7-zip32.dll 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\br.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pa-in.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\pt-br.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\ky.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\lij.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fa.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\es.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\fr.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\hr.txt 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\7z.exe 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\7zG.exe 7z2406-x64.exe File opened for modification C:\Program Files\7-Zip\Lang\el.txt 7z2406-x64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 22 IoCs
Processes:
7z2406-x64.exemsedge.exemsedge.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll" 7z2406-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip 7z2406-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2406-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2406-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2406-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip 7z2406-x64.exe Key created \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000} 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension" 7z2406-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}" 7z2406-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip 7z2406-x64.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2080292272-204036150-2159171770-1000\{25976052-54FF-42AB-9155-C37A3BDE6375} msedge.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2406-x64.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment" 7z2406-x64.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll" 7z2406-x64.exe -
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 465387.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeVape_V4.exepid process 1540 msedge.exe 1540 msedge.exe 3952 msedge.exe 3952 msedge.exe 6620 identity_helper.exe 6620 identity_helper.exe 6096 msedge.exe 6096 msedge.exe 7096 msedge.exe 7096 msedge.exe 6952 msedge.exe 6952 msedge.exe 6836 msedge.exe 6836 msedge.exe 6836 msedge.exe 6836 msedge.exe 6528 Vape_V4.exe 6528 Vape_V4.exe 6528 Vape_V4.exe 6528 Vape_V4.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 3736 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 56 IoCs
Processes:
msedge.exepid process 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
7zFM.exeVape_V4.exedescription pid process Token: SeRestorePrivilege 3736 7zFM.exe Token: 35 3736 7zFM.exe Token: SeSecurityPrivilege 3736 7zFM.exe Token: SeDebugPrivilege 6528 Vape_V4.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
msedge.exepid process 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe 3952 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
7z2406-x64.exepid process 7060 7z2406-x64.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3952 wrote to memory of 4956 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4956 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 4044 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 1540 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 1540 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe PID 3952 wrote to memory of 2036 3952 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/9r13k249f79stkj/VAPE_V4_LITE_%255BZIP%255D.7z/file1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3952 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa9db446f8,0x7ffa9db44708,0x7ffa9db447182⤵PID:4956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:4044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1540 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:82⤵PID:2036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:4980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:972
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:4236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:12⤵PID:3788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵PID:2096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵PID:3432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵PID:4508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵PID:2488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵PID:4468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵PID:2944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:12⤵PID:4148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:12⤵PID:5036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:12⤵PID:4140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:12⤵PID:1596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:12⤵PID:4880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:12⤵PID:2652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:12⤵PID:4864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:12⤵PID:2228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:12⤵PID:1864
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:12⤵PID:4492
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:12⤵PID:2796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8184 /prefetch:12⤵PID:4772
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:12⤵PID:5544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9088 /prefetch:12⤵PID:5740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9128 /prefetch:82⤵PID:5748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:5928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵PID:5948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9384 /prefetch:12⤵PID:6032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10400 /prefetch:12⤵PID:6120
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10576 /prefetch:12⤵PID:5540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10748 /prefetch:12⤵PID:5940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10580 /prefetch:12⤵PID:6148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11072 /prefetch:12⤵PID:6156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10788 /prefetch:12⤵PID:6300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11308 /prefetch:12⤵PID:6392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10356 /prefetch:12⤵PID:6464
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12068 /prefetch:82⤵PID:6604
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6620 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11108 /prefetch:12⤵PID:7136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:12⤵PID:7144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11140 /prefetch:12⤵PID:7152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8988 /prefetch:12⤵PID:6832
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10572 /prefetch:12⤵PID:4644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10556 /prefetch:12⤵PID:3024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:12⤵PID:5700
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10900 /prefetch:12⤵PID:5640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8892 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6096 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:12⤵PID:6928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:12⤵PID:6468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:1844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10644 /prefetch:12⤵PID:4084
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8940 /prefetch:12⤵PID:5980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=11868 /prefetch:82⤵PID:5812
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=10644 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:7096 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10352 /prefetch:12⤵PID:2300
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:12⤵PID:6036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11612 /prefetch:12⤵PID:5932
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11500 /prefetch:12⤵PID:5548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=9904 /prefetch:82⤵PID:6324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11384 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6952 -
C:\Users\Admin\Downloads\7z2406-x64.exe"C:\Users\Admin\Downloads\7z2406-x64.exe"2⤵
- Executes dropped EXE
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7060 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=10024 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6836 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9576 /prefetch:12⤵PID:6960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1584 /prefetch:12⤵PID:6320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9096 /prefetch:12⤵PID:5276
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5593594720460607176,2985154217682795770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:6612
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3240
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2824
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:7096
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\VAPE V4 LITE [ZIP].7z"1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3736
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Vape Crack fix\fix.bat" "1⤵
- Checks computer location settings
PID:2624 -
C:\Users\Admin\Desktop\Vape Crack fix\fix\server.exe"C:\Users\Admin\Desktop\Vape Crack fix\fix\server.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2232
-
C:\Users\Admin\Desktop\Vape Crack fix\Vape V4\Vape_V4.exe"C:\Users\Admin\Desktop\Vape Crack fix\Vape V4\Vape_V4.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6528
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
99KB
MD57ec019d8445f4dcdb91a380c9d592957
SHA115fd8375e2e282a90d3df14041272e5ac29e7c93
SHA2561cc179f097ee439bb35a582059cbc727d9cea0d5c43dfaa57f9f03050cfaea03
SHA512d71a79091fcc6a96c24d95662a18cc24145b9531145ef0bcb4e882c12f5bb5ca6c7a9b9e50024c9c0bf4cb6bf40dca7627cecbfddd637142d04a194e1956ae9b
-
Filesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
Filesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
Filesize
203KB
MD599916ce0720ed460e59d3fbd24d55be2
SHA1d6bb9106eb65e3b84bfe03d872c931fb27f5a3db
SHA25607118bf4bbc3ba87d75cbc11ddf427219a14d518436d7f3886d75301f897edaf
SHA5128d3d52e57806d1850b57bffee12c1a8d9e1a1edcf871b2395df5c889991a183a8d652a0636d5452068f5ef78d37e08ce10b2b2f4e05c3e3c0f2f2230310418a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD518dba21ecc7d649880255609f26eb684
SHA10bb0b419b3367c8601c3d4ef1cfa3347ba6e92b0
SHA256e27d9caa29810cffebdf8eee47dfa16cb1535c22e8c1611c408ca9e4cfb141f3
SHA512cda7a5560aa85c3aaae8a5e370ddcdd3b530ed281e3731d0307ca4c7a19629535aab1cd1ec12c25918c208b43f11e6cc9667ccb3cb2187c4ff19ed7b11a75e29
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD51019df54d7efb3f6e1f338f13856057d
SHA1203cc2159946fdb1e2fd02da79886f2593eb62aa
SHA256b478d8d9c906c95dd1b4a697abeb30e45513a844576d189af7bac1769ee8b8f9
SHA512247e52f4eeeffef7deb5782cf4ad997988b530558ee411f4b3759e7d90d441f8574596caf9d28da182b446de3c05d3761b94c8efc3864c2d1ed82c4818187208
-
Filesize
14KB
MD50454686832cccb23927d8e206791d39f
SHA114e9bbf05df5373c777ec299eedb4b71c68e7368
SHA25634b7b4e8e7b053e6f57905646ef4444f44aa347757ebc1036ae1a55c30dfd897
SHA5124d8719c2589c4a8291d157a7dba8fe3c009f309a0ea9b4dc0e9dfde3224ebc8baed29f046ec469e63ebefd597d9c2e3e76761b2b9d6bdd3b3bebc7f31e769daf
-
Filesize
15KB
MD5ff97b748fc48fde663e0f95acc5a0744
SHA17fd3f462cd922e93a136ac4d3e74df9c1dfc1745
SHA256cca2b6e432aa929a006aa67db68bfb6a63932f3dd6d70904a55ded99ccaea2f0
SHA512dec04a1f1dff739fc3364b7501dbc1df7a97aaa5e26f1288ddf972c10c46641ebb4893aec82d3f995585eb58d7b8dd4a1f40523e6228830603962c8bb99c3e40
-
Filesize
6KB
MD50350b79082cd9be9a925e5dae6c08747
SHA17e75a090aaf2686cf0e347b866a7645c6f5b4abe
SHA2568961ec9dce64934bef4e615f31d9a7525b473cc6ce72d5cba512cfd0ed58b45a
SHA512a492f6c3b5c64242c272eec9b1db94c9a6073d3f55714c555e46bba6c707c2c4bdc76ea0eae995dd127cdcfb578f400299a57df169cc1f9a464768b9c2b8ee8c
-
Filesize
19KB
MD54cb43b10792fea37d8c97a397c293a48
SHA17b07bd25925a1961f8f69c7b3ada7aac414e40f5
SHA256cff8c90871f33e1cf34964a48f049fc3b91e501099c5c0a6f402aeb8c1014f4d
SHA512cacede7fe1aec9e0a8371bf8c3129a82ce9af5f4422d80ed4be94bdaf117d02a835a98d0a96c9cb26ed3b553371d97ebef2933dad648732d65252444060b0f90
-
Filesize
20KB
MD5f7cfca2b6f7a13f9c4213bb0fa54ac58
SHA1fb3ccc3c6392d3e359a13d0a392909d1ea3b7829
SHA25676eb57412f1a3f6d156227bc8e7f65474a9681a0e9a5517c0bad3376ed35bce1
SHA512a83435b3002d3a5da8a55cd79c2f56a38b3c29186c9a3b3c3a7471661ff019a752f0a51004cee61c3149fc7ff68b226f6e7be27a403a0c60c4e8be7aff249442
-
Filesize
8KB
MD563bc9d3b88012f73a712f7ff591017d6
SHA1324a3a38b496a32611af160f593730090a9d7f2c
SHA2560d5d536450135c28058a0a5c86eed1d1c8701fa6873ff68ffb4b406f9a4d5cfd
SHA51259b7f52b8f8704b48b3d32c73402a32459d66ac522351ea8f29c811dc8cdb135c495a2810ce8f851df47b14fbcd751529ce88a268cda8007f7012144c11ccc49
-
Filesize
18KB
MD5d2693ce2a822b7a41755adc9ef40738c
SHA1c84625a3e88ccb857ab8996645c4ed2b5421471d
SHA2568ae3463f2138074ec613d2c3e7ca2c0eb53902d8679831f4f17c8bd5bf951cbc
SHA5122c43494fc1aacda35a71addda9ee97d4dc239979f36bcf882d4ee60b65d05aeb1c2c1964fdc8852c7524ee042e9cd0f3c2c16b2d22e437bd061fbff456b254cf
-
Filesize
20KB
MD579a71e3f5741e7d67349043a8c1bdbb5
SHA155e7b29c772ba660db8aec0b5bc10993997fbf29
SHA2569972272343d6d62ba3a75823d71d5aa8af6ffa08ed40aca44091a72f985c0dc3
SHA5125cc36f849bd0f1a6ba50a1015a3ecbf2fae300cc0ded0aa2b3ffcdb49d23f54ee99bfa353030be434a0dad30123bdfd658c1fca5f6d038db52f0d9f3419be2e0
-
Filesize
20KB
MD5887c60452ecc8e7e2c324e18474d0157
SHA1915e3b7379e86c8ce372703b0e37ff0fd94c1c9a
SHA256daae3f97cbf9c5f8c0ed8a539c5bd82e89827a9d967c1bfcb198808dd784021f
SHA5121b721756614f040b5da1ce8b1925a2884a310bffe8ee37795f933f2d9be070ba6e56cc5a49ad4be4bb4816b95f848ee248052d7e44be711464f8d586e69e8098
-
Filesize
6KB
MD5e7a7d4aceb4f7883593d42a5c4b1b5c2
SHA11f338e7f2205a2a23720ab4c063afa464d1459b2
SHA2565434ac89573b99ae184a96a2ec54e032d9d3221b00727efd6c8c864254d0615d
SHA5124d6de878725778a13c42c4d6ab977258d641c8d66f00fe3f0d2344cc44803f98570266147b03c63c92cd34429dbe41a9cf967981769c9f769da171f55acc22bb
-
Filesize
6KB
MD544ad2f74e4e27cc3797eb76f9f3f2cb0
SHA129b45da99ebac81b689f208b091b1e08bf7b0273
SHA256062bce07e576d4f94b98c6bddd9305339ef20516c0c9b4421a6bef2f5ba12243
SHA51212805fed3de34c29573acd8445ee0a8021c25140a4f2b9e3a9f1cbbb50602c1e4f31b4e31afb63abd28968b48fb290236c54f06ec077c8fcd56b4df6438b5cf5
-
Filesize
6KB
MD500a0ce6bc943f4313aca051c24b50388
SHA1cad12055a592d99d0e13a1193d0f60d87fb64fad
SHA256b2812c03040fc8d24ebee770ae1400a1eeba45aedd305bc347146477c635f5f1
SHA512a4dc9d228833ae054a1c6022e4a73a867a43919f027f07ad9fdb1ea0f6ddf909fce02d779384beaf1ff3aa967c7ba5ffc415235efe5dc94ce0a9ed88aa6ccc74
-
Filesize
705B
MD561c65f406fa11442c7ff30a643cc3bc9
SHA1f776f97e8507bcf17c2f14494c47f123f4d012e7
SHA2562781fb3031066d2cfd85aab9b2e09efad3765c41e4b624f9b40e662a23c4930e
SHA5124e3b59ed13fb3d8773746aa557f65d8dc0152fd381e466711f49cd73a5e347b91a6f53ad3c8388c2c398c139dbb47e27971f69c2eccdebced5a123ad3fe9d308
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58c90616f70d98455c7745575283309a7
SHA185c226830035be137fb8c2d5c57a2a4aa6d94785
SHA2567c71f726f5e98ac99bbf47aebe5047076db905e9c1498877ab53f08ecc95d6c7
SHA5123cac714de927fa5f5b7efb2ee9bd0f8f43719ae293980aba2faf3e68ca870f2dc286e000ca458fee59e46a67afaaaf9cefff5fca30e0ff243e3448e1be4f74fc
-
Filesize
12KB
MD505d3e0895bc1c22b9e7e5f191399cb4e
SHA10c95f7d8be7461fb6133634e1607966cb5ac1cdb
SHA256f635025ea31be3f94daefcb4fe8ae31a0e5787c87aa5370a3d254a2d368b0440
SHA51216d2b49631553d2e35d200cf6c7c4be0ed56d4c8c14eed6f09ae33ee4dfb245b02330682f2393c22a5ebe9cc74d702e0c33ff1cfddf352087b05dd544b46d8b1
-
Filesize
12KB
MD53945da9dca64a7dd3320fd9574187549
SHA164ee3c74d20dccf5d00b902a7350ad76128ea9e2
SHA256c6b72c29ba85ce0dc5c9c9627968c6ce28640a4d047118485409fa32ea0d0638
SHA512ec0cba51bebf1037b5f0e3054e3554d7fed5cd70dd834f503da2bc9ed113088cc51f8e1d45afcc7fbe001f4bba7040c4d291e785b73e701f8f078e9d7f36a9d9
-
Filesize
11KB
MD5193a88f782c59bddda4fc193ae26a171
SHA10cbd9bfd941ae43a34a52414a4c033eb625051e0
SHA256da3f2f18902750509a48b273dc7b127602cf6fe7eb36f9fe4ac6d457a7a1bee8
SHA51293c26d01c02f9a9cfe3b823c3721739f8d1cbb42c1041b2ea78693acdfe40dad8aa831644dc2b55631da867ba43ff2cb264705f04cc45ea01be650ffc6533ae6
-
C:\Users\Admin\AppData\Local\Temp\7zE89E8D249\Vape Crack fix\fix\cryptography-36.0.2.dist-info\INSTALLER
Filesize4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
Filesize
265B
MD586dcc322e421bc8bdd14925e9d61cd6c
SHA1289d1fb5a419107bc1d23a84a9e06ad3f9ee8403
SHA256c89b2e253a8926a6cecf7eff34e4bfcdb7fe24daff22d84718c30deec0ea4968
SHA512d32771be8629fb3186723c8971f06c3803d31389438b29bf6baa958b3f9db9a38971019583ba272c7a8f5eb4a633dfc467bfcb6f76faa8e290bad4fd7366bb2b
-
Filesize
148B
MD509a9397080948b96d97819d636775e33
SHA15cc9b028b5bd2222200e20091a18868ea62c4f18
SHA256d2efac4e5f23d88c95d72c1db42807170f52f43dd98a205af5a92a91b9f2d997
SHA5122eccf2515599ed261e96da3fbcfbab0b6a2dfc86a1d87e3814091709f0bfe2f600c3044c8555ed027978a8ae9045666ee639a8c249f48d665d8e5c60f0597799
-
Filesize
235B
MD58244c4cc8508425b6612fa24df71e603
SHA130ba925b4670235915dddfa1dd824dd9d7295eac
SHA256cffeb0282ccbd7fba0e493ff8677a1e5a6dd5197885042e437f95a773f844846
SHA512560c7581dcb2c800eae779005e41406beaf15d24efc763304e3111b9bb6074fe0ba59c48b5a2c5511245551b94418bbc35934d9bd46313fcc6e383323056668c
-
Filesize
149B
MD5b77fb20b4917d76b65c3450a7117023c
SHA1b99f3115100292d9884a22ed9aef9a9c43b31ccd
SHA25693f19e9551d58868ae5820752d2c93a486124c364463dc9c9489d0458f8bc682
SHA512a088c2a4c7d72717257c3125c7c2aca28463d68306ea452afaad75b8a0f9e5730a8d9c430d14668809717a672dc63c4816762acb046b339da662da421a6d65df
-
Filesize
246B
MD5049a2b9b24bbd0cfad59a06f8e813e13
SHA165c0d4ab314cb72b8d8c768e3d0c3218848b61f1
SHA2566c1bcc752668e77585a308ae8543bd0bccd8e813865626e809bf94f3fe3d977e
SHA512fc9b86e23d12a6d013d98b8be6146317d9267732d87560fd175758c12e4606da662474bbd801ec14dc99213552d5ba00053952d6529fa34712fa0819ad0364bd
-
Filesize
246B
MD5adf95d436701b9774205f9315ec6e4a4
SHA1fcf8be5296496a5dd3a7a97ed331b0bb5c861450
SHA2568491e557ff801a8306516b8ca5946ff5f2e6821af31477eb47d7d191cc5a6497
SHA512f8fceff3c346224d693315af1ab12433eb046415200abaa6cdd65fd0ad40673fdddf67b83563d351e4aa520565881a4226fb37d578d3ba88a135e596ebb9b348
-
Filesize
1KB
MD51342337c1ba29a36342c5f9f8df09898
SHA1ac9a4e79fe5a861447c23d68cccb35762d5f3aa4
SHA2567621f57fdea46db63eee0258427482347b379fd7701c9a94852746371d4bec8d
SHA512aad5259d1b7b2b7b88c43d43e42936ed7227cc232614be13565c830105497f97f23711ae042d77d1ea3393e9423f3683cbb2163675160722242e7aca667bb8bf
-
C:\Users\Admin\AppData\Local\Temp\7zE89E8D249\Vape Crack fix\fix\pytz\zoneinfo\America\Coral_Harbour
Filesize182B
MD50972a9c4c28bf71eeab5f0bac573cdbc
SHA1a94fbc2d567e41723f03629b6c9a864260108a17
SHA25691ac80fe976931c490d058c8ce8b5d71ffa6d4961f6ca13ea9c153f0b0bccea0
SHA512ece548f7d840a588523aacddc93891e0dd300390f79de063e60074e00a92ae33a8201642b841ff868387f1ac2188c485cce941d83c7a3617d27ac286dbcc0c17
-
Filesize
1KB
MD5d006fe381417eb507316edde462e5679
SHA1bbbc8e6ed142fd6ed7c4c648932e9765decbc302
SHA2561ab36e6f5ff7526e5087aef03b1e7cfd3100cf87f001e025936025313540fec2
SHA51272a8972a3b498ee61a6b67f5dd539b593961fd11d7ffe66b99c772dfa378d514cbad0746657d512f4ebd2edcf9403c651229d07bcfd630a61fe1ed674cb2197c
-
Filesize
1KB
MD56b5ab25d6c67149b565e4b62ea6d07bd
SHA104f2815d23c3c63ac6bd204a2935f18366c8d182
SHA256d57a883fc428d9b3d1efdd3d86b008faa02db726e6c045b89acec58d903961fc
SHA512521820194f3e1a7dce73498ec37937214b8a168c414c4a4e0e0d77853efe928fa86d4eca30aabf438a3a910bd0e20dd3c46461cb7eb7d0f4704e8d452165d63a
-
Filesize
2KB
MD5f62f2b82ca05aafdbf7df7dca812df80
SHA1039fb0c1f7175007ba07175b37a32878ac96968f
SHA2563871edbf2dc9ef4cfac2f2811e03ea3049c6b3a497a7c7e47f4597f5988e3839
SHA5127db3d0e84955d8c21de8c6d6c17d2f64a452b9d2266f65e1e1c7f2304ca30f2e07d65746fe59ac5d0187b08cd20549e63601b6aa19330a66c51b1ef4064a3b84
-
Filesize
3KB
MD544a2dd3cb61b90aa4201c38e571a15ba
SHA173f6ad91b2c748957bdaec149db3b1b6b0d8ac86
SHA256820392cdb1e499f82ef704d0ccfd0c50ab2b28c6e0bdeb80793861d5e165d5ad
SHA51211ddb971c65c2f4ecc690ef685163f2972c089660f4778997964d89113a403030927edbb2ed397b81cf61bde9276add6a43ee8ee92dfa69a6d102b035fe9f01d
-
Filesize
561B
MD509dd479d2f22832ce98c27c4db7ab97c
SHA179360e38e040eaa15b6e880296c1d1531f537b6f
SHA25664ffc2e43a94435a043c040d1d3af7e92d031adc78e7737af1861baa4eeef3e6
SHA512f88ae25f3f04c7d5d5f98aafecc03cc7e4e56f1cd4c8deba6afd043f0fb7fe67b4d50e4df5493e77c6b34ba183e019442e736a13f784ba8c2847c06fd74ff200
-
Filesize
165B
MD5310d07841066a98eddcc7d3813ec2786
SHA1bde5a629fdb78b40544b8018b2578f0b085045cc
SHA256aeaf4a3e3f25d050679ca9fddd690c780d489e036d4f3939fe8578b04661738c
SHA512aba447ee023e8dc32da7bb14674c0554686e7a017ccf23091c6cb39a68079ebdfa16adedbb3e882b8605e411cf727f297223e6cff9be3c2ff99367a8037fb25e
-
Filesize
199B
MD5b6cb1b97eb7b7e587f17b7dd9301045b
SHA15c81d559f702a0239d5bf025c97e70b2c577682e
SHA256798ab4be1f3d3758f4ebd511a10bed06ed277446a5e853ebb5b17c58228aa43c
SHA512b32e4a6b3f7b88a4b2dd2b77eceaf9ac1e1c06c9a06b8473a4acb88d98bf03c59236212d936866865e32fccea478f06cebb3f8cb60cfc3f6f1a579bd1ae946bf
-
Filesize
2KB
MD544cc3e944fdd50314de398d0aed2bd8e
SHA1ca9f55088c536a5cb6993b1a5fe361c0617bc4fd
SHA25642c3857585b16db2f8ffd47ba19faa60f473340de8d4fe9320ea7be861605906
SHA51233f9b04997fc4d3a207e7905029886110f455934f87d6820d7ec8f901f6b65700f69f667991d909d09d73acfd3bdeca9d077e3fa74f1f3a0d0edf9bcf871dfb3
-
Filesize
2KB
MD58b19c5bc1dc3b7baee99a3528d2bf3b6
SHA1db8884f4beb55ae0c292403cdb8ffc47c18effcd
SHA25618b412ce021fb16c4ebe628eae1a5fa1f5aa20d41fea1dfa358cb799caba81c8
SHA5123b6ca88f06374f4c0f95b3cb9c62720a1a71491280b2d1f39938fe37e999e4685865070dc4b4c941a65ecd0f61c3c2e1bec15c153ce43a682f81134e4dc9b60c
-
Filesize
628B
MD5103eb03cddced65a327ace0ecaf78ef0
SHA123649fa3b661b1a7b1332e38479d24bcdb4e902f
SHA256d7ba27926f0ffd580c904ae32bdaebd2ac0d9e2eeaa7db6071467dde0de5b4eb
SHA512dec8dc175c36b1a73ccf7a3524a1779fe1770832c21eef88f86c4b4b6e793d22b318173deaa5a85fc9969554dc486cec05bd4100466090438d9bc4660fcb0a3e
-
Filesize
114B
MD59cd2aef183c064f630dfcf6018551374
SHA12a8483df5c2809f1dfe0c595102c474874338379
SHA2566d9f378883c079f86c0387a5547a92c449869d806e07de10084ab04f0249018d
SHA512dafa0cb9d0a8e0ff75a19be499751ad85372aafa856ff06dd68ecf2b1c5578bb98a040becaecf0aed2c3e4ff7372ff200fe7614334756d19fe79dd61c01d4e92
-
Filesize
114B
MD538bb24ba4d742dd6f50c1cba29cd966a
SHA1d0b8991654116e9395714102c41d858c1454b3bd
SHA2568b85846791ab2c8a5463c83a5be3c043e2570d7448434d41398969ed47e3e6f2
SHA512194867d0cf66c2de4969dbfeb58c775964ecb2132acdc1b000b5ef0998cefde4a2979ffc04ec8b7dcb430e43326a79d9cedb28ecea184345aa7d742eaf9234ac
-
Filesize
3KB
MD53d9add8c0dd4f406b8a9ad6f1219fb95
SHA1c0b30d0940f65b8819cd6628d0670784dcb6b344
SHA256c69d3cc15e384d932601d06aa69b6d0c285001bf2d44dd3719c121b7df5162d6
SHA5129c82987fa7919fc333f3f04b309345b91240fa60d205a144b6ca10fcb586fddc3e9725e71da5a588eddd21bf99265dfe1495bb16df4367a82df57e103a324c78
-
Filesize
2KB
MD5b14df1a5f5e982e5aad07468ef6890ad
SHA1d8838a66441249a79ab65c959eff3dbd379a1a06
SHA25651d0844618f5258a71de88e68a5691a32568478a8c035f8f12fea11b09e9b090
SHA5129af8dab36bb648939594c9f67327f43c612b8912bdf523d59ee22158de7de99ced88a39979d853c0f26c17617f7a44ce5113ac519956a40b7aedc9a861d8dd61
-
Filesize
1KB
MD56213fc0a706f93af6ff6a831fecbc095
SHA1961a2223fd1573ab344930109fbd905336175c5f
SHA2563a95adb06156044fd2fa662841c0268c2b5af47c1b19000d9d299563d387093a
SHA5128149de3fd09f8e0f5a388f546ffe8823bdcda662d3e285b5cebc92738f0c6548ccb6ed2a5d086fd738cb3edc8e9e1f81c5e2e48edb0571e7ea7f131675b99327
-
Filesize
2KB
MD50854fdfdc75ae977fbfacbcf91373305
SHA1645c9273e893a40dae3abba06edb5c9ae6f81bd9
SHA256f97e45fdddc3cf49014568944d750df9f81e0876d41072da68723010f6447544
SHA51286f972715b93d2531283a11cf1c0a29bca28d65098dec823ba923ad852251802c85c49d08d1e4997141b0469914dfcc24e79149d1b40b23264063d3228f1a02b
-
Filesize
1KB
MD52da42297275a23b4a6b99702cf995583
SHA1782d7d6812933a263ebfff012a0120d480071b1b
SHA2562b9418ed48e3d9551c84a4786e185bd2181d009866c040fbd729170d038629ef
SHA51268837833426fe905b74a9364496c572e3157c0c7cf179688e7facb7370fab3f01edf08421998dade9023c6bc17ab9b84eef2154a0ec83a8f7b85992bc9b88d1b
-
Filesize
2KB
MD5570f4cd5d0ee9ebe57259c7ded62de1d
SHA189e42d27cfb78255ae18ee02f5a4c8e3ba57dde0
SHA256254b964265b94e16b4a498f0eb543968dec25f4cf80fba29b3d38e4a775ae837
SHA5126b89b8e78404ba60b8cb2c4bf1b22482968cf07e1d87c43f10205f915fa56d1a1bfc67ce89a84e625d625766fd1fe001d96070c74654e58c420eb3ae3ed07406
-
Filesize
2KB
MD577332ae81e8f657034dd1e92e77716f1
SHA178d4d3a481c49ab7ff31722bced30e1c31e8bc98
SHA2568000e3a323e8fd0212414e9426b020707a771c368ca0e151747f9ddb7b814b27
SHA512ddfc24fd77bba175c9365bc4683260fe5d66c03c4f6035d9c74273a19ccc4e1733af4ead7cb9927bb2b6406cd2efabfb4457c2d2d12027600f0938b989fbf2a0
-
Filesize
2KB
MD519227bc675e2571ae222314e661e3e6c
SHA11605d96fc5764f101adc3151d3a8a0345508652e
SHA256ebfc8fa35fe6be7b7d0e0a4fcebd10747b2376c7d41ba00b9da8102cc2f50d23
SHA512d3ae1f7aa3ed19427052a27be2797712b72e67bdc608c7fe4bc4e82b4fc57a6bb3fe65624c751e176757b485c353178afa88f01b549fff376071b8f35d25cef9
-
Filesize
175B
MD5c14f2b93f0df81c20caa20bb4cac3773
SHA14c388c7f9a7700517fc6577943f3efe3bdddd3eb
SHA2567c262b62985863aad47f13b0ef5db2e5cc917b5d38002de9a2ea83ddb0883458
SHA512de7fad8c156a159afc0422e2622096182c8e0f284e0971963f9793042983764de331e3eca316ce9d2f30c6adc9e65ac99178cea62ba7f119f2a99c8318e7be4e
-
Filesize
269B
MD5241d697eee1307dd6dfc08a11f171e59
SHA184bd517076992c1ab829d16577327e8c1873fc28
SHA256e886032958ae4430bf455c750093b16b35444fa719b5dbff2c513ac5bb4622d2
SHA512c50689b85e0def9ba584aca2d9fccee49ea3125cd7c4474d12cd7d6782e64fd0aa64d6a51757bd19be8615679dd2ac848f90677f36cabec9fc0b720c813027bc
-
Filesize
1KB
MD5c9a38ba69f382895c76b041da1d8e40b
SHA1df6cbece3d9afb3aedb44e131b6e68a6cf74ca8e
SHA256d92d00fdfed5c6fc84ac930c08fa8adf7002840dbd21590caf5a3e4a932d3319
SHA512cd85c8838e7f67a482252b0f3d35161f191cfc25f2a5e1ed6d05a2ebdb5c378fc7447ab362b8ab95861a43db3fbb095f0f1f7f0cd3bb6efbc2d4a7275c9fcf47
-
Filesize
2KB
MD5f43102c06ca5450a97e9467f49bed36a
SHA1be58a7c839146fa675eeb6dad748c08d0647542c
SHA256201d4387025000a6e13c9f631cb7fccd6e4369dec7224052f9d86feb81353a53
SHA512ba8cdb793975054121eb8284fdf41336428778e4b856d176ed8e55f16eab6b520a6bb42db2e36b81684589a46b3363e41681916c5c5a27a3c56b675fdf9b635b
-
Filesize
328B
MD5cf35f572aafd957e09aeb94465607e14
SHA12a602f28796917b134dcb2bb57cc4ad958940405
SHA2569c43b060e9c6c44370f735bc9b9d0f1b16ed55f4eb5f7418028e31e0b80e2df2
SHA512b031557b697eb2879182dff02896d7ed9356e7f93686a8a49716eb8051a7ab1a43110df4f8b6e972240e42347506503dac83eafdd5191b364ed973ec05df279e
-
Filesize
329B
MD54e7fd88341bd37b660769d4583914ac2
SHA15d5313bee3a467f7b5311b263c7d38b52f182164
SHA2567f03d1bf5264e7ab023a2ef9b997ddfc8cb6936692407c770762b9c549523f33
SHA5120d7a0a3aab195c1b8c5b58793f78182fe9340193434b95541c93caf0b9860e2e1c07bc77cb62424657feb8f193a5da55df77fdc52e730638dc7d4cc673eb6a82
-
Filesize
2KB
MD5f21a138cc4c7ed21940f57b3172a4021
SHA1f8a312b32af4e9074f4f68955ce2af41a8bdd6ca
SHA25606200b4a18e238b835a3c98c4562758f24e526482fc33b5eec1f5648ebd350d8
SHA51211c3cca68bca7d816e73b250b3340005fec6a9c2ef3395a3eed628a08bac215e18394db4eb9d5730e7b7de11c2ae8298acd9ce9d606197200822c4e9198d8f60
-
Filesize
1.5MB
MD5d8af785ca5752bae36e8af5a2f912d81
SHA154da15671ad8a765f3213912cba8ebd8dac1f254
SHA2566220bbe6c26d87fc343e0ffa4e20ccfafeca7dab2742e41963c40b56fb884807
SHA512b635b449f49aac29234f677e662be35f72a059401ea0786d956485d07134f9dd10ed284338503f08ff7aad16833cf034eb955ca34e1faf35a8177ccad1f20c75
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e