Overview
overview
8Static
static
3MetaBuilder.zip
windows10-2004-x64
1MetaBuilde...in.dll
windows10-2004-x64
1MetaBuilde...er.exe
windows10-2004-x64
8MetaBuilde...xe.xml
windows10-2004-x64
1MetaBuilde...er.pdb
windows10-2004-x64
3MetaBuilder/dnlib.dll
windows10-2004-x64
1MetaBuilder/dnlib.xml
windows10-2004-x64
1MetaBuilde...st.exe
windows10-2004-x64
3Analysis
-
max time kernel
839s -
max time network
838s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 19:06
Static task
static1
Behavioral task
behavioral1
Sample
MetaBuilder.zip
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
MetaBuilder/MaterialSkin.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
MetaBuilder/MetaBuilder.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
MetaBuilder/MetaBuilder.exe.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
MetaBuilder/MetaBuilder.pdb
Resource
win10v2004-20240508-en
Behavioral task
behavioral6
Sample
MetaBuilder/dnlib.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
MetaBuilder/dnlib.xml
Resource
win10v2004-20240611-en
Behavioral task
behavioral8
Sample
MetaBuilder/localhost.exe
Resource
win10v2004-20240508-en
General
-
Target
MetaBuilder/MetaBuilder.exe
-
Size
513KB
-
MD5
7e90d4f0a8dc11e5b1b0d47214ef0c2d
-
SHA1
0a3edcdee0e2ae20d37e76100d858d7ba7339fb7
-
SHA256
f357489b1acb16bdaced0f2a137f281d2b6e39bd158dc1a3dd786bcede3bb7ba
-
SHA512
81dba4bf4d3225b201253635c09922e6402ea467291aab22825e3f9c6164cb067bf3b729572f96fa97563564616090171812c19bf987a3cdfb18d9ae0c44732c
-
SSDEEP
3072:TJRWhtNtj0z0/0TvC0khtNhVc2EtkJ48sWhFyrtkA8EN0laOeI+iSvdQljH8/Yjr:TJMWtkJpsyQthSheIbS2Q
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 4 IoCs
Processes:
main (1).exemain (1).exemain (1).exemain (1).exepid Process 60 main (1).exe 1108 main (1).exe 1020 main (1).exe 5828 main (1).exe -
Loads dropped DLL 64 IoCs
Processes:
main (1).exemain (1).exepid Process 1020 main (1).exe 1020 main (1).exe 5828 main (1).exe 5828 main (1).exe 1020 main (1).exe 1020 main (1).exe 1020 main (1).exe 1020 main (1).exe 1020 main (1).exe 1020 main (1).exe 1020 main (1).exe 5828 main (1).exe 1020 main (1).exe 5828 main (1).exe 5828 main (1).exe 1020 main (1).exe 5828 main (1).exe 1020 main (1).exe 1020 main (1).exe 1020 main (1).exe 1020 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 1020 main (1).exe 5828 main (1).exe 5828 main (1).exe 1020 main (1).exe 5828 main (1).exe 5828 main (1).exe 1020 main (1).exe 1020 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 1020 main (1).exe 1020 main (1).exe 1020 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 1020 main (1).exe 5828 main (1).exe 1020 main (1).exe 1020 main (1).exe 5828 main (1).exe 1020 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe 5828 main (1).exe -
Processes:
resource yara_rule behavioral3/memory/1020-1788-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp upx behavioral3/memory/5828-1789-0x00007FFCC51C0000-0x00007FFCC562E000-memory.dmp upx behavioral3/memory/1020-1792-0x00007FFCDA040000-0x00007FFCDA059000-memory.dmp upx behavioral3/memory/1020-1790-0x00007FFCD9F90000-0x00007FFCD9FB4000-memory.dmp upx behavioral3/memory/5828-1798-0x00007FFCDD830000-0x00007FFCDD83F000-memory.dmp upx behavioral3/memory/1020-1797-0x00007FFCDD8E0000-0x00007FFCDD8ED000-memory.dmp upx behavioral3/memory/5828-1796-0x00007FFCD95F0000-0x00007FFCD9614000-memory.dmp upx behavioral3/memory/5828-1801-0x00007FFCD95A0000-0x00007FFCD95B9000-memory.dmp upx behavioral3/memory/1020-1800-0x00007FFCD95C0000-0x00007FFCD95EE000-memory.dmp upx behavioral3/memory/1020-1799-0x00007FFCDA220000-0x00007FFCDA22D000-memory.dmp upx behavioral3/memory/5828-1805-0x00007FFCD9580000-0x00007FFCD9599000-memory.dmp upx behavioral3/memory/5828-1804-0x00007FFCD94E0000-0x00007FFCD950D000-memory.dmp upx behavioral3/memory/5828-1803-0x00007FFCD8E20000-0x00007FFCD8E54000-memory.dmp upx behavioral3/memory/1020-1802-0x00007FFCCFA50000-0x00007FFCCFB0C000-memory.dmp upx behavioral3/memory/1020-1795-0x00007FFCD9620000-0x00007FFCD9639000-memory.dmp upx behavioral3/memory/5828-1809-0x00007FFCCA2B0000-0x00007FFCCA36C000-memory.dmp upx behavioral3/memory/5828-1808-0x00007FFCD92B0000-0x00007FFCD92DE000-memory.dmp upx behavioral3/memory/5828-1814-0x00007FFCD8D50000-0x00007FFCD8D7B000-memory.dmp upx behavioral3/memory/1020-1813-0x00007FFCD8D80000-0x00007FFCD8DAB000-memory.dmp upx behavioral3/memory/1020-1812-0x00007FFCC5630000-0x00007FFCC5A9E000-memory.dmp upx behavioral3/memory/5828-1807-0x00007FFCD97F0000-0x00007FFCD97FD000-memory.dmp upx behavioral3/memory/5828-1806-0x00007FFCD9A90000-0x00007FFCD9A9D000-memory.dmp upx behavioral3/memory/1020-1794-0x00007FFCD9800000-0x00007FFCD9834000-memory.dmp upx behavioral3/memory/1020-1793-0x00007FFCD9840000-0x00007FFCD986D000-memory.dmp upx behavioral3/memory/1020-1791-0x00007FFCDD9A0000-0x00007FFCDD9AF000-memory.dmp upx behavioral3/memory/5828-1824-0x00007FFCCA1F0000-0x00007FFCCA2A8000-memory.dmp upx behavioral3/memory/5828-1825-0x0000023709130000-0x00000237094A5000-memory.dmp upx behavioral3/memory/1020-1829-0x00007FFCC9900000-0x00007FFCC99B8000-memory.dmp upx behavioral3/memory/1020-1833-0x00007FFCD9620000-0x00007FFCD9639000-memory.dmp upx behavioral3/memory/1020-1832-0x00007FFCC4660000-0x00007FFCC49D5000-memory.dmp upx behavioral3/memory/5828-1834-0x00007FFCD8CA0000-0x00007FFCD8CB4000-memory.dmp upx behavioral3/memory/5828-1838-0x00007FFCD8D10000-0x00007FFCD8D1B000-memory.dmp upx behavioral3/memory/5828-1836-0x00007FFCC97E0000-0x00007FFCC98F8000-memory.dmp upx behavioral3/memory/1020-1842-0x00007FFCD2A80000-0x00007FFCD2A94000-memory.dmp upx behavioral3/memory/1020-1844-0x00007FFCD8B10000-0x00007FFCD8B1B000-memory.dmp upx behavioral3/memory/1020-1845-0x00007FFCD2A50000-0x00007FFCD2A76000-memory.dmp upx behavioral3/memory/5828-1847-0x00007FFCCFF80000-0x00007FFCCFFB8000-memory.dmp upx behavioral3/memory/1020-1848-0x00007FFCC81E0000-0x00007FFCC82F8000-memory.dmp upx behavioral3/memory/5828-1846-0x00007FFCD9580000-0x00007FFCD9599000-memory.dmp upx behavioral3/memory/5828-1843-0x00007FFCC8780000-0x00007FFCC88F1000-memory.dmp upx behavioral3/memory/5828-1841-0x00007FFCD4550000-0x00007FFCD456F000-memory.dmp upx behavioral3/memory/1020-1840-0x00007FFCCFA50000-0x00007FFCCFB0C000-memory.dmp upx behavioral3/memory/5828-1839-0x00007FFCD95A0000-0x00007FFCD95B9000-memory.dmp upx behavioral3/memory/5828-1869-0x00007FFCCAA80000-0x00007FFCCAA95000-memory.dmp upx behavioral3/memory/5828-1868-0x00007FFCCAC60000-0x00007FFCCAC6C000-memory.dmp upx behavioral3/memory/5828-1867-0x00007FFCCAC70000-0x00007FFCCAC82000-memory.dmp upx behavioral3/memory/5828-1866-0x00007FFCCFA10000-0x00007FFCCFA1D000-memory.dmp upx behavioral3/memory/5828-1865-0x00007FFCCFA20000-0x00007FFCCFA2C000-memory.dmp upx behavioral3/memory/5828-1864-0x00007FFCCFA30000-0x00007FFCCFA3C000-memory.dmp upx behavioral3/memory/5828-1863-0x00007FFCCFA40000-0x00007FFCCFA4B000-memory.dmp upx behavioral3/memory/5828-1862-0x00007FFCCFF50000-0x00007FFCCFF5B000-memory.dmp upx behavioral3/memory/5828-1861-0x00007FFCCFF60000-0x00007FFCCFF6C000-memory.dmp upx behavioral3/memory/5828-1860-0x00007FFCCFF70000-0x00007FFCCFF7C000-memory.dmp upx behavioral3/memory/5828-1859-0x00007FFCD0600000-0x00007FFCD060E000-memory.dmp upx behavioral3/memory/5828-1858-0x00007FFCD0610000-0x00007FFCD061D000-memory.dmp upx behavioral3/memory/5828-1857-0x00007FFCD1870000-0x00007FFCD187C000-memory.dmp upx behavioral3/memory/5828-1856-0x00007FFCD1880000-0x00007FFCD188B000-memory.dmp upx behavioral3/memory/5828-1855-0x00007FFCD2680000-0x00007FFCD268C000-memory.dmp upx behavioral3/memory/5828-1854-0x00007FFCD4590000-0x00007FFCD459B000-memory.dmp upx behavioral3/memory/5828-1853-0x00007FFCD5380000-0x00007FFCD538C000-memory.dmp upx behavioral3/memory/5828-1852-0x00007FFCD5910000-0x00007FFCD591B000-memory.dmp upx behavioral3/memory/5828-1851-0x00007FFCD6F00000-0x00007FFCD6F0B000-memory.dmp upx behavioral3/memory/5828-1850-0x00007FFCCA2B0000-0x00007FFCCA36C000-memory.dmp upx behavioral3/memory/5828-1849-0x00007FFCD92B0000-0x00007FFCD92DE000-memory.dmp upx -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Detects Pyinstaller 1 IoCs
Processes:
resource yara_rule behavioral3/files/0x00070000000236e2-620.dat pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
chrome.exemsedge.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 3 IoCs
Processes:
chrome.exemsedge.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133633840598557764" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe -
Modifies registry class 64 IoCs
Processes:
MetaBuilder.exechrome.exeMetaBuilder.exeMetaBuilder.exechrome.exemsedge.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" MetaBuilder.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{0B7EDDF6-8214-4878-B34A-B88EFCBAF374} chrome.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1" MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6" MetaBuilder.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ MetaBuilder.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" MetaBuilder.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents" MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 010000000200000000000000ffffffff MetaBuilder.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic" MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4" MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" MetaBuilder.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5 MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16" MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1" MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 3a002e803accbfb42cdb4c42b0297fe99a87c641260001002600efbe1100000013a8e9cc47bcda010bcbf3ce47bcda01298e28d047bcda0114000000 MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2 MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257" MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell MetaBuilder.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16" MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0" MetaBuilder.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByKey:FMTID = "{30C8EEF4-A832-41E2-AB32-E3C3CA28FD29}" MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{24CCB8A6-C45A-477D-B940-3382B9225668}\GroupByDirection = "1" MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 MetaBuilder.exe Key created \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell MetaBuilder.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1" MetaBuilder.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{764897A4-DE0A-482E-A944-7EFD39E37B95} msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0" MetaBuilder.exe Set value (str) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}" MetaBuilder.exe Set value (data) \REGISTRY\USER\S-1-5-21-3665033694-1447845302-680750983-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202 MetaBuilder.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
chrome.exechrome.exemsedge.exemsedge.exepid Process 3480 chrome.exe 3480 chrome.exe 2680 chrome.exe 2680 chrome.exe 964 msedge.exe 964 msedge.exe 4268 msedge.exe 4268 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
MetaBuilder.exepid Process 4888 MetaBuilder.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
Processes:
chrome.exemsedge.exepid Process 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 3480 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid Process Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe Token: SeShutdownPrivilege 3480 chrome.exe Token: SeCreatePagefilePrivilege 3480 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exeMetaBuilder.exepid Process 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3620 MetaBuilder.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe -
Suspicious use of SendNotifyMessage 26 IoCs
Processes:
chrome.exepid Process 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe 3480 chrome.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
MetaBuilder.exeMetaBuilder.exeMetaBuilder.exepid Process 3620 MetaBuilder.exe 3620 MetaBuilder.exe 3104 MetaBuilder.exe 4888 MetaBuilder.exe 4888 MetaBuilder.exe 4888 MetaBuilder.exe 4888 MetaBuilder.exe 4888 MetaBuilder.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid Process procid_target PID 3480 wrote to memory of 3088 3480 chrome.exe 109 PID 3480 wrote to memory of 3088 3480 chrome.exe 109 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4328 3480 chrome.exe 110 PID 3480 wrote to memory of 4772 3480 chrome.exe 111 PID 3480 wrote to memory of 4772 3480 chrome.exe 111 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112 PID 3480 wrote to memory of 3236 3480 chrome.exe 112
Processes
-
C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe"C:\Users\Admin\AppData\Local\Temp\MetaBuilder\MetaBuilder.exe"1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4244,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=1056 /prefetch:81⤵PID:372
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3480 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcc802ab58,0x7ffcc802ab68,0x7ffcc802ab782⤵PID:3088
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1624 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:22⤵PID:4328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:4772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:3236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:2144
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:364
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3956 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:1020
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4352 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:2712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:712
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:4324
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:3988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:3944
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4880 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:5148
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3304 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:5584
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:4336
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3160 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:2748
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:5528
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5136 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:5548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5164 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:5556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=2088 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:4140
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3152 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:5860
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3168 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:5920
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5200 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:5996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2472 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2680
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5480 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:2388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=3220 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5600 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:4436
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5608 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:4240
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:3836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5316 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:5268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5384 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:1616
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:2400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3260 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:3916
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4544 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:2276
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:5572
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5580 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:5668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5828 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:1372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5676 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:12⤵PID:4444
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3140 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:2788
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵
- Modifies registry class
PID:1620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:3260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5988 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:2540
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:3580
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4452 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:1924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5892 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6756 --field-trial-handle=1988,i,10438081019172087537,7745040845562417771,131072 /prefetch:82⤵PID:364
-
-
C:\Users\Admin\Downloads\main (1).exe"C:\Users\Admin\Downloads\main (1).exe"2⤵
- Executes dropped EXE
PID:60 -
C:\Users\Admin\Downloads\main (1).exe"C:\Users\Admin\Downloads\main (1).exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1020 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"4⤵PID:3848
-
-
-
-
C:\Users\Admin\Downloads\main (1).exe"C:\Users\Admin\Downloads\main (1).exe"2⤵
- Executes dropped EXE
PID:1108 -
C:\Users\Admin\Downloads\main (1).exe"C:\Users\Admin\Downloads\main (1).exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5828 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"4⤵PID:5064
-
-
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4344
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1544
-
C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4220,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4160 /prefetch:81⤵PID:1500
-
C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4888
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}1⤵PID:1784
-
C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"C:\Users\Admin\Desktop\MetaBuilder\MetaBuilder.exe"1⤵PID:3836
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/ToxicExploit2⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/Toxicvirusmain2⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --field-trial-handle=3780,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:11⤵PID:3580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3892,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=4592 /prefetch:11⤵PID:3228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --field-trial-handle=5104,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:11⤵PID:1428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5440,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:81⤵PID:4992
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5480,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:81⤵PID:392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5520,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:11⤵PID:2056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=6124,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:11⤵PID:4964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=5748,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=5636 /prefetch:11⤵PID:5284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=5784,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6220 /prefetch:11⤵PID:5652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6024,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6332 /prefetch:81⤵PID:2008
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6320,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:11⤵PID:4640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffcc0014ef8,0x7ffcc0014f04,0x7ffcc0014f102⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2220,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=1980 /prefetch:22⤵PID:1244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1868,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:32⤵PID:4064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2520,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=2672 /prefetch:82⤵PID:4028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4260,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:82⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4260,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4500 /prefetch:82⤵PID:180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4748,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4796 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5092,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5140 /prefetch:82⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4820,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:82⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5460,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:1784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5608,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5748,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:6064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4884,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:82⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4876,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:82⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=3464,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=2924 /prefetch:82⤵PID:444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4676,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4128,i,17158827751389607222,15278991007371928597,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:82⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"1⤵PID:5224
-
C:\Users\Admin\Desktop\main (1).exe"C:\Users\Admin\Desktop\main (1).exe"1⤵PID:2296
-
C:\Users\Admin\Desktop\main (1).exe"C:\Users\Admin\Desktop\main (1).exe"2⤵PID:864
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "ver"3⤵PID:3692
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
48KB
MD547b6e3b9a667b9dbc766575634849645
SHA154c7e7189111bf33c933817d0a97cefe61fe9a6d
SHA256302ed4f6c8ac4312d71205603c4c28dd2976fafe4c05533c0a08ab3bdb531aa3
SHA512a12b74ff45f6f9e6abf459863c299e1fafe61dcf2bea8a7331ed9547de14ed29e2deba69b104c6960db93b458f83ba6a4ba454c5514105e7ffb96da96e26e612
-
Filesize
36KB
MD5b23078951d91c38ad508e190a81517a4
SHA18dec45198f7dde8f6f30155817b7b03ef6eb570c
SHA2568f951f1e047ce385bb4a999785def042031f72f3039ea096c677393bfa918749
SHA51218da7c34c40298ebaefc6ced9b0b4769181addc85f192f258c70ac98b0275119a4e6f1aa938ed779fb73c9037036224a8b07dea403b9a5071996f2e3fa759e0c
-
Filesize
22KB
MD51ac27973084a93966f6a90d5b518e258
SHA1787986ea7a061e18e3d858c919a7692c6d100ed3
SHA256f8a4c49273653af8dff6bc5e910bdc5a4ca5496c60f0221cfbf3da26df2388f8
SHA5123bbd2a13f7583890c4730aa4fbe49bd1d280950e28917389177b6eddfdfaee6b1969efa3e4741c6ab21e9f83154540ed80652f3c1c9145fd2fa6a0687b6aa461
-
Filesize
20KB
MD562b3656502d2f8f50d792ea1c8c41438
SHA1cb0fd4f8bdfb6e32e86b6d805916dc95bbed7a71
SHA2564ff8b2f6c2012d486d9388885d7bed23513913f3e50d35bfc34cfc0e6d4c6385
SHA512a3fb33fe6c2ff563c8324dfeea173ac02d918b38b14adf56403a8fcba33dd21957bd617b4e15d09e1a347a9fe7415789d710505317754873aea6a8b60167eff1
-
Filesize
85KB
MD5008d0ae10f41631bb124d78799baf5bb
SHA1cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b
SHA256a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590
SHA512e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e
-
Filesize
3KB
MD5de7264a3db88382a111fe7ac9cc540c4
SHA11d6c507c9d8f640cb94c6b6a347b96ba15d57365
SHA25665bf7dea91f631077afc609773f1ebd63a80e87ee11dd3288efda954fd302846
SHA5124265e4a2ea8d1585ea2bb86dd884700e2b114c0f5b5822c3f397717b567bbdcf9a3f2e6b7e50c57ac16221c8d91877f6bc984b87172d8a8d4ae8233522ad344b
-
Filesize
4KB
MD5077bdeebcdb658d59f26d2f22268a4bb
SHA1e619ed9ea1cf40486133c5617c32f40e3728ffe6
SHA2563b6823c81e3e4501e981ac77da20c5adf13bc2d94ad6d109428126eb30874891
SHA51274d94b0e200cd594ec416df4307f972eeb097d82b75fd008e426e3511d168a654aed1f3706c383ffe5395e27f3454e29f1d0835229866c14e55df4fead4830c0
-
Filesize
4KB
MD5d027b26a910826417fe9c44b14ce8885
SHA15db55aa818998bab591413fa3791eff26b238864
SHA256704cbe0504bd1c58fda636789d973212abf09d31a78890b675482f6cd5d691de
SHA512a8b3810ec62e7618bdc33e3deaea0cea1e378910c41c7a55e59a908701312ef19c3aeccf105cd42f83e5195d1a78e5344d67f5f5ae858cd237acec480c5f6829
-
Filesize
5KB
MD5bae364123cf18d59a020e2921a9647af
SHA104b59d38b0bf67435b58ac0d29535a3eb0dbd48c
SHA256f6a2d87a939792bea59703db10f1f8e8095d41fe54280e8eeb7f2bc7d5ac66bd
SHA5125fbd37ba350caf16e089f4733b28a5fd09c02fc205219b7a00279154076476d6869eede94c6a88d371df72d4a3af0de4d9dea645ffc96e0cdeddf477d140cb95
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
3KB
MD5af3c17e8e64b85a612e4c1b8c751e92d
SHA1148a95f7c57367313883d46e1847489f1c80ff24
SHA25699ac91e0a3041414638cf17501971ee3f8f53afd91cefa1ecb224aa4030b771f
SHA51239b919d170f060d664d2b29d1c5f347dde12288ff18cd316380df497c4a1dac617e4f458b10f628a2749e4a9cc9b64b5d40dd024ec6d4c5598285befc5ae16e9
-
Filesize
7KB
MD5f626d6979c026ab34e0aacba066be9f3
SHA1183f74b421a833d354b39dd6d3c2932d7c6bb862
SHA2562cc1aeab2855b8744e4ab9eece91f2a3444d8bb250bb82125d99510dc2ef1684
SHA5129bc3476ff774a2bfd4ee58e32a01f473fa61c6ca772a4d353c67b081f4bcc700f12b219f7220b9d2fe6c91434a204d8badd9071582843a5cb653cc8bfbc4ff05
-
Filesize
2KB
MD5dfaa2f0ec860327bb27d0f0b166fac8d
SHA17df4a1a05d1d47dd8b1e99b9c300971535b0d9c7
SHA256e94b1a9966e86283c0cc530dd4907e99dd611c4395f823bd0168ceb36b7af5cd
SHA51281df14e888f1351e00815a7e6336b09f4612084ed2a2586bc1fb635808a48a60c4ed87c56d8e3d1c4fdde6ad0769e5e98b86dcc45a0067ae7f383fa7af07daaf
-
Filesize
3KB
MD5d8328e669e3a05984d893c501922eb4c
SHA1f7dd4753f980d0ff7b9ceef2010aed7ca1f4e24f
SHA2566020c8e08bff02e516717c870ea81e563bd1faa91fe5b9b5021beeb5706340ab
SHA512ab0dfacba6ae4cf7fa36e26392f3f9558926772d1c6807ad1850abe9223ad30e052ddbb039d1e8d28f1cfdaa7052ac1a37359f70e6a3d44b252a88f764bcce58
-
Filesize
3KB
MD5337c4429feca429cecc41015e80ef422
SHA172059f6cc26f75c245f0409765a3b370d2fa6717
SHA256a1bd26fc25382f6a1154b983098a58fdc87762d0dba5ad61328f7e716d295dfb
SHA512fe2bcbac778556f644194699884e72e3ec75baeeddff263b66fd7702bf8a1409332d567349b1fa19a64d81eb4da582023c343302197ced1f6dd57feea0efbeab
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
2KB
MD5ae009ee9be8d0fba44871eb3db7c3d43
SHA1a6f47c94c60d2daebad3f86b0215bd649176e4bb
SHA25658858e10c6ce2c2f8768e02ad3b22fc8e79f0de33a800c54f72e53e434046ed6
SHA512681d2ea05aab8fe517040f5672a2aada28911369d4d069758d52da2ed5c18321c1ecd32e9d23202269f8b820084daeb8ff1807e9af48dd32b80b4f6d953cb71b
-
Filesize
2KB
MD54713ed05e031a3d3d740ea3a5276b46d
SHA135c150564ba45757f47025bb3def6a1034f54612
SHA256472bf4354f4bdc2e3f6ea7a8ab41949395b401456d29e7eceebc07c5f45cc10b
SHA51248ca864d32c9033e5d085039f4deea7d16e7d7aa8adfe60649232e44b89a11e74cc616ca2fa682f24d17bfd3875273adbabc5cb4bc7933c8892ca6e8746e7e81
-
Filesize
1KB
MD5c7671983e8589a5d18a6b513077249c2
SHA124e2ee12061c364813e11a30fbd5425fd5039992
SHA25698ca29679dc83cb07a122ce4bf7634b6e3c18e73d7ba3d2ff5de2197013ba760
SHA5124e90deabe3fce42fb2e255b9e1ba345278ffaeec1f134b279f712bb2f1da4433550571ebcaa0582870a1842a648a4b1c3514065bf320a507c7952523e210375b
-
Filesize
4KB
MD556582af7bb374d91291ae0c62509d956
SHA11e9f77b5f248429af4c93b1975ae3e6875279dd8
SHA25673710309ad277873319c984b3c3ccd33bba6226134440b0e8fedc606c7722ee7
SHA512937c27f6d7e96fefb481cefa1b72c0a6f816dfd3ec07995cab4c252617c5b797870e448a6ec3f01c68c240d4fece52b145e4f1e54ced4f1932890ab3eaca6524
-
Filesize
356B
MD5a1d448ac06ab555cea87d0ef04ea177c
SHA11c940197a50a8ff7e23967f36b67aae1816f1171
SHA2565836ec14ed403a2f74b149e56eb441d1682c2d56e3937bbad08c088ba54e4508
SHA512a9c1cddced79dcac88d6d479bc7ec03fe17cd4d39f07b02958c717a484b96e8bfd55186fcd9566b3b375c0df027ebcfc08b27c3e96f0d811d4ae9a7742f06316
-
Filesize
1KB
MD547e3c843eb515309dd0103607bc87950
SHA192848964712151b329001f36f0836c9340e1e84b
SHA2566adc7e3493941176f584dc96002dc5ad77dd2e2c5cc9f1f947d8db540c185c27
SHA5124513a3819efee94e820bd07ca19fa6aaca9b2a203a9bdfb6fca9cb1cf29901e1f5d8ac77f386ffc75c6f7d5845a7c80bba43eb5620570692e1b133f5d670da91
-
Filesize
1KB
MD5dad4c4c5fbed0729a24a87aabe74c20e
SHA1c4703155fa425411cf6f08d6d90771ae136def36
SHA2561b3965ba2caf82e8d4c86d84c10178727e7eb795b110a9275f713e168240a29c
SHA512c525619eb36a75bef43d784ccb612b010ae1314b839382abfd80e47bb2e6e37234aff020be0bb2adbb715f60865ce471dca749951e4a0f527885be73a51dd379
-
Filesize
1KB
MD5588b06e215cab3065be95671d0c5cdc2
SHA1e3c237eeb2acafe66766343494693503ef74cc05
SHA256341f659fa9110f58b65c672a8361ebab167dc26e311db012e525cb6a50ab925b
SHA512aeac05ae344e7b577c4df6acd34cbf2dfd904802ee1f47f15c213d87d777c46e310f14e6b962971cf8f634ea4d8b09f0f1c1fbf2e924fa9970974bf7c353d47c
-
Filesize
2KB
MD5c20d75d7a3983acaaa842ccf680545d2
SHA1923c3ab76f7c3e343f76bc594e2c6b13c2d1ee20
SHA2563221918c8444a8f7b2053815a83eadf8bc801c5366758335d3bad9a4e4d8a61b
SHA51284b77ad8a120e1af882f2537845a53cd250b990b38e63365e2a0065a364133459604455c0eec7ae77db5a135b7e7a3975f75d96a42a80d3c80f6020c0236d068
-
Filesize
4KB
MD5197e000b2121627322fcf174067b686c
SHA10ad90edabc9064b1ab9bc131db59e77f14df293a
SHA2560416ec34f75b6808d4610fa9190244c059c016ab1acc78162aef88552852f000
SHA5125fe97fc79f9b8654b2f02391609cacd2fb11f67cbdbd2d01f0ebdb2f2b13d5588686ed7a1023eba9d984819617dca508831af5008286b5e570a6f322aa252f45
-
Filesize
4KB
MD57cf0508812510fdc590bde3ede95436b
SHA1afda822844652ec696e1faaf155d71fe340c9573
SHA2568ccf2d9d14e88a2e03c6221b16e38cec08c9271bb87ea2be4ded655636761096
SHA5126283179b714339cefa39f8cd66cc0b67fa2b2e1114c02d908bd4eb0501a2bce8ab23e866f86d074287e2ce931de0852ca6ba8c28b553e8c6d56e83f32ecb1773
-
Filesize
3KB
MD5aaf4cad933d4731b386adee181233ffe
SHA16d31e5fe041e146fa61eaad43e529ebe1bac92d9
SHA2566478b514e1f014e9a2a91171d6729fd241bbaa7dc4a7fad0f17207a57b7628c4
SHA512c5e5a123089c4222966f142a185eda51b9d71d17a4756f19c27ce742af9d6111c93bb2a6e8d9587c6bf0f1b7f38fd63e0bf7b75876c846f1b69af82f37c7da96
-
Filesize
1KB
MD507ef85d9af91bdecfbc58bb702145b48
SHA1784edf422f18575e4aee043d77198afb15caf01e
SHA256d567f7998cc2112be450df1530d176c962124815e80fb80c7f803e2eb2cd0a63
SHA512509d7c5d7c21fb6a0a4b17931319b461dd8bcc5ab6cebee08c27daedec0e26abc53c409f003115865e753d8f1ae760e0e1a0a3cb5a897c1d9f286a65b18c2032
-
Filesize
8KB
MD5493651da5892945c27dc75276205866a
SHA1c2c20923b5a0bbb378d5d31f8e1ecd88b8d02ff0
SHA256db71ec03e1bd466a77e195c89cc9e9fcc3d3bf945b772fd8f6b0800a26432740
SHA512c199f3e891a091b6c6129530c41fa07d8db17d442ac82022fba239cfbc7385bb46537818eb10d6d7d1f96d188859af94d879d482757a52cd261a92f26f5a764b
-
Filesize
8KB
MD52661524a4273397ddfa0faac8df9fbfa
SHA1673e0a34cbe2c67afb5ceb8dfb152c343156b518
SHA25633438227a40fd3c7345e0b9fbe9c1fc2dfba464447ff470806305eeb5e88b9c1
SHA5124e7570db416ba792dcc83061d2cd4d341ff60fd1762d7aa15795bba9fa1b5330d663c50aa12c39ea5b420f8153fb7b2aa4361e84a4ed4a0a880fbf11a546eb70
-
Filesize
8KB
MD5e9e3f28d8299d142cb2739011bc054f7
SHA16a2574266a86a4a2334511992368e16de0187e5c
SHA256c0bfb53f436697a1763f75f7cdfc043e2b7c451c63d18032f2da5c7756ca774b
SHA512518a0ed696491945d8f5fc445bf84ad7cb9372d6b2d40d71be4b0c9e622e4df281854d0d078f41cd6d495a5ebd4b844218c7cc42aa5bc7f950ab36b33035c6bd
-
Filesize
8KB
MD56f8c12bc8fb10b8911e590b283bc98db
SHA11466217254cfea6e4d41e15e387cae61e46f5138
SHA256c20347f89ad69e67ec3e7e1ebc479c9d37d6039842d3ab004e544df96f217383
SHA512470890831afd1784d5948bbe9d90f8e5986807c86cf6dc274d6dc9a64f769ce42be29edb1242f468ff33c2367d6610bdd0a8ff19b0aedd7407dfd16bc50f2962
-
Filesize
10KB
MD57b7e466fbdbaa484dd999df84f808eb7
SHA139019abc9bf990a5ca0cb06c2fa1e22555cb2c4d
SHA2565ee89d1f38624c636064731a6ae72651e67c37d43879e770e637d69c35aef052
SHA512086241a7e1e36518d3b3f1c82aa98ebc09b4f7a76b22ec3929a9b0d4094049a3d8217673e9d80decf68b66ca4576e4d0788b06f1590ba1504cfaf39c35090bbc
-
Filesize
8KB
MD54ed07f15c6fe4911ef61a8957b80a141
SHA1baf5a40e2809ca526cbb65a218641659b61d6fc3
SHA256bb1d894894ff5ceafd822494b3eaf4f4f38d367698f5312808b93a71ece15444
SHA51260bf9aee333816d62860a4e3a14a5b2069bb74e7083fc621e15aec565d8122d59dcab0ba44af88f589b20e9cd7468fccefa8087ff922bc6650e97c9f602d622e
-
Filesize
10KB
MD5555b4ccc52a1abda7e24cc61b28d588a
SHA1621f387d9b3d7007ba6c20201f88e60751f8361f
SHA256c1aca8a0b6df67c1a9249a0d778f4958be398727a22d42f7b0613f2697469b4b
SHA512d4e2c433a93a274397d595edbc8e493af706366ab17cc37d3c8b31b4692034ff691071152b6d0154a6e6058591f00db66bf25cdf2ebf60a7970de5c0073df372
-
Filesize
10KB
MD5f98703d59565b92994198767308a5e5d
SHA115da40f737ffe14cc8f656c3f90aba657624ca21
SHA2564216e3d877a68c56c217bed9d35de3a3832e2c4a5d9f61fbdaa54aa692f6ef0e
SHA512350b6155268e6f9623273afe7518f22eb590734fe59638f0f88d7baefdf1016224407f2159e9178af27764a101850541e909e9bfa9c8d66c0cb6e1ccaaae2ae3
-
Filesize
7KB
MD5a025fbd491ae2304a20dd6656496dc5e
SHA1ee752da596f2072fd0fda3969655caf01f3a210f
SHA2565d292eb3c3a0fc25134f42eaa88656de1866e07e065ce22b66b41a39ef89bb40
SHA512455af293dc901b957897a0c690d52cd40ae97ae1cf30f67719643a28b3f6d0bd19dc89e223eb39a99a9661b31aef37a4d59469af7ae0b7071a6a5a7a5ab02ad1
-
Filesize
16KB
MD5e323e71daa5a212c92f7fddb36248414
SHA113f77b6038e2005494f9f8445c6c649bff781298
SHA2563ea1802be49ca722ca350c94dd1eadf531ea7684359cb477084b3b3b5522a893
SHA5124faf8a006a478e227ed3a009868552528ba466047c724d2191e19f53dc3738da939af2ca59ed63f2b221d41a77d0ab481b7f871f1bfe3ebb9b06513f61d2efd2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
Filesize96B
MD5ede0dc94dc27b8dee3a0f6157638fc0c
SHA1601c0784873364cae23cea430741a6cff8695852
SHA2565c2ba120f639553027c49188cb6c58452d6615063c45db2be8f7bc9e11bd81ce
SHA51242405edcf2208665544b910c68fad39112d02ac6513f352798f518e6674c4d9672fb7c1fdf872a5c5055963975cf713f116303b4af5c3d8960060006bc42ec28
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize288B
MD52a70931836a2330044c2a9b683acb099
SHA197ee158818563b2704767734f804e62775ac0ffd
SHA256cd3fc19821a259c7abbeddc5e9638e11eba2c3d20ef56b1d8b275022d80e34e4
SHA5125bff17ac51a4e28274c4142b2206f4cd8b050a20c0f6bb33352125b8e0db3e961a5ad003c07fd49a603cc554119113be5c7e87f689aac6ad3787ac430d927909
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a14cb7cc-2518-4bb0-b574-05f3beae98fb.tmp
Filesize7KB
MD5f859668102d9eacf8f61b46e369945fb
SHA1f28b10b264d036b8a48720aa4ec03ed1051136b9
SHA256517dc40b86404053eb88bd046dc876bc23c3dd34c806a9a3f91d0af4a88acbb8
SHA51218e7e22a934fd1fd53669ccaad58f6e4c9d52a526d17607e2ea88467bcc8c5e0fb6a0322fa6fa7feba2942a575ac00b6bca01b57b34980cc4112bda89e761fc2
-
Filesize
278KB
MD532d005bb1a1364fa43a52f944a62bcd3
SHA1a4d8eadc7215c30996ae24300ffab0679b20932c
SHA25619bfe75d6aa6eb2476dc638692ec557ed1d07032d7d850dfc27a9fbef5afea7a
SHA512c64844e9fe3b1c831ab93a7222522660b254fd6276686bf3d362a11da5e8046b576a441aab827aad1501d785eca2ac70a98e231548b0f4cc349fcf6aad1355fd
-
Filesize
278KB
MD5539f8041f1b1fc31da1e33a995e5cbcc
SHA1facff31ba96954d5b1450f228550e4143a860fb2
SHA2563548941af997377481d9e950a4afc1cb037dd661fac7c9df997b10030337ba23
SHA5128bb88b0daa13d6821ae5e14ec8b574cb568b564c8ed5f6bce5eb2479e537cdcd3437b2e1a74174ca40742161ce9de7839f2b597bea39d2d92c39bd1b5e9518c1
-
Filesize
278KB
MD59fa44bc17e24052415579afde7303673
SHA1832d4d5ba3ed9a2b23809751f4e98774cf395798
SHA256d486aeed234e621b7d56e61747fe712190c965de41019d17808d081dee9d5817
SHA51295faccf0e189341f5a7532af5baf67a7fad8026611eb14b36fd71f4d78e7ac70283bf6c950abe7dac3f7af8ddcb92e6a507f43cbb9e0273a6da3dc09363ff4ba
-
Filesize
278KB
MD565079c6e10ea851320858df65b139275
SHA14a02bb713818144e3dbc6a6743209d597f4970a1
SHA2568b2bf0da8d234dc9055aacd7f2d63453a59a9a2887a32bdce3d7b64aad240d4f
SHA5127a8f95d7d611df581d0260e26abe9a5274dc7722d1b663fe6ccb2b7c578f1d249882180c36860ddc13ac455325d81cc87f1d7fe9c2c1e89988797129915a020c
-
Filesize
90KB
MD546405a442be592f896cfd82837390f2a
SHA199ae27d7faef55ec68dd0970685ec62f6fde497e
SHA256fdefc47304cf95dabea7bf91298687b19d7ae8024318f8f8a6070d42b3fdebb6
SHA512a8c45a27a54b5a9388b66043bb391b8e13365906c62102f53616cc4f433194c6bbb73bdb1a0ddc1525140fc2d77bc6c50add2211ff79230d6afec1c36404b1de
-
Filesize
96KB
MD51709896e25342558ce231504ad83ca1d
SHA1fbd89a68e9e76ccd514fe5d15081444cef16e3a2
SHA25655b215488ef74f1248e0723fca3e9e2ed0f6dcd7790acc56da212e9315fda4b8
SHA512db4a0c8f3b5e37b4d3c28b49d9b1914a335824d078f2e49ba13e3ebd9bac7ad61b503da7b76461755fee31dcc55a1f993d9ee724c02a15ef085107fb4ff4bd41
-
Filesize
98KB
MD59bd9d2373194bd3f622c48b70de64fb5
SHA1d91db6e3cd65f53a636f355409c36f9df23cbff7
SHA256d719a79846a9d1fee27253018e1d4d7438a16ca5a34aba1a22737ce14ca90978
SHA5129c7001707747a49b2aff80556b20ddade5c794abeb6d342e247210b6f3ec60fc57cf9724a09529999ba901871f974479f988f228b3bbbc6a2bd7a2609e350b1e
-
Filesize
106KB
MD5ae1a15c2be0265a18d81df259352feb6
SHA101c409e2ca6bbabebb79ca6aa1412a06cd457275
SHA2565136a3c0457b9e212b9fb7558d843cb5fe99b0e15c847f327afd973fe4fa7122
SHA5126de5c2954610ea08171dd895c51a388541135fbae6d73713ce9b04f63246e197b512b61b92c8f3ee67217903401c777554cf0a21da9324dcc5951b3c4f21d0bb
-
Filesize
110KB
MD5cd88d229ebd7dfba69730f436824b4c8
SHA107f3c6dcd6d8058dcc8320470b8f5092d3b8f1d2
SHA2566357357c4578fa06908477700b043bfb2714c5f35c91daba4924bc9ab176a088
SHA512fd9042fad2bd47007a0d4f20d1a859d9799ccb88e3ef5761b3cd34df90a3dc38d9ea58a0939d8d69ebdedae0d6b12d5cb9478451749258f141409ca51a93a1f8
-
Filesize
89KB
MD5050b2e01e678649b708cd023ab5ccb01
SHA1693805dfc9d60e2566c0bbe44eee654cf3ed1a4f
SHA256303588cc95476dc74b8270e8e38b7e64a77fce459958290b3d49e395f20b8d36
SHA5125892b317139e031778fab46d64b1e91acb91275bcead17cb558ad615f9b198f75129bc6a7ace3cdd70dd6fa8511e484aa42420d2442a541c0a86fd33e2a08433
-
Filesize
1KB
MD57ebe314bf617dc3e48b995a6c352740c
SHA1538f643b7b30f9231a3035c448607f767527a870
SHA25648178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8
SHA5120ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7176702d-1bd4-4bc1-a8f7-dfa3ce4b9d41.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2KB
MD522fbf87d2af4f3cbcc5fe81e23c3a399
SHA14ed75a80aa47a54630b5251c17f7111084660758
SHA256d55198d36e9fc6cf55916c9235517302059b37ab779f74ac3cc6e1d5dbf9e2a6
SHA5125196836d3071697d8e0b46eb0d9d2a391fa49bc850f3a5fa879892bcd55983e764c921bdff44f3c2a067f06d2e30e39e3d4c21a4f62e705a95d25f9d8908990d
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
11KB
MD5eb1faa3922e08bef40a55f7ca2615996
SHA12803b344960bfbaf3a532a1a4ecaedadc70eb5b1
SHA2567c63e317a678c76825e94730ac87624f16ea0d132fbd78e1d5a11b56be101f63
SHA5124d2a6e3ef86c0076f6ec47484f6ff2d6e4c664635b2fc4f45240efbeb5cafc50cf21e48bafb04d4c3c524bdd840994b4434cd8029ac65904887f66783950b367
-
Filesize
66KB
MD5f61e6fa71b3d99ab21299438b21a655b
SHA133187e77539f8396ace73b8212a04fd98cef488d
SHA25617b0a3beb49ffe6c8dfa21879365ccf3969b734036e40fa7912164a636e07f91
SHA51263c82b440b015be57d3fcf77517a6ba9c54aac7d68dd24ab7b8b84c3844d8cdaf4f562ae070dd4f071044131cf68ca3a5864af17b8610911ad90f9795585e32f
-
Filesize
66KB
MD593f9c92e683a135aae01b8a8345adc89
SHA112d67845b83cd010dab8cef0619b26b0ec68e00a
SHA256cb7fd3625dcc244b927948e9afe5d4c6bf367ed3661a672f439e22500cb5f0b6
SHA512be4049bfff98da88ad60ace5407a1e18607bdc72f0297913f22e05fea3e0c89cdc2138a9ee0a0aa63d1cd693ee1fbefa66ac2e1020b582b1cf5fc05bb820be0b
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD54ec96d7afb2848ee14ab7dfa50373dba
SHA18ca524dae4955e6b7cc706e1aa495268412fa6c1
SHA256223d5e7b88f0dc2ad05df6c0d4c151899b59310e1120b5aaa341816c84c85032
SHA5128262f3c885653f26903ae790b056d03820c619c5331f27e9f6b0d4c4c7208ba2aa4a431da3f59c79f7edb253b179e6d47d08dd1d450d2aee6f1d01c46c9c90f1
-
Filesize
4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
Filesize
3.9MB
MD54957be44996cf5022997c4c25970ae3f
SHA1f2394930678fa0d843826a02eb9e5f1019560ced
SHA256eed0c4edab3e751e754de654b8eff38c1d36b9e54d7354e20639503f312bae40
SHA512dd764d121f02cde0f1adc7bc51c0f734e3bd7adb02a8d9a6a8d0e5d0fa8af0d0b956908fc91c778beade5ed22581efec2f99c23a6673f334aa2fffa263e566a0
-
Filesize
18.6MB
MD5736304cd60f82ccf3b05b3982300bb11
SHA14fd9433909008d57c1edcc37489a7d395a6c7461
SHA256c40383322a5eba3e7f533b1cf73ca5ea96a23d2f4b37e97927c0f53fb0cd5733
SHA512cd2f6948db7a82e9b6085f60917177ec950c6f122e6545588227ea621443e08107dfe24aa4dc16927d551348186b4b5975b519b666626d534bd4d8784e3fa8e7
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e