Analysis
-
max time kernel
585s -
max time network
585s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09-08-2024 15:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Endermanch/MalwareDatabase
Resource
win10v2004-20240802-en
General
-
Target
https://github.com/Endermanch/MalwareDatabase
Malware Config
Extracted
C:\Users\Admin\Desktop\@[email protected]
wannacry
13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
-
Downloads MZ/PE file
-
Drops startup file 2 IoCs
Processes:
WannaCry.EXEdescription ioc process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SDCE3E.tmp WannaCry.EXE File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SDCE54.tmp WannaCry.EXE -
Executes dropped EXE 49 IoCs
Processes:
WannaCry.EXEtaskdl.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe@[email protected]taskse.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]pid process 824 WannaCry.EXE 2296 taskdl.exe 1332 @[email protected] 1528 @[email protected] 3056 taskhsvc.exe 2756 taskdl.exe 2152 taskse.exe 3592 @[email protected] 5676 taskdl.exe 5692 taskse.exe 5700 @[email protected] 5920 taskse.exe 3020 @[email protected] 5940 taskdl.exe 5528 taskse.exe 5332 @[email protected] 2896 taskdl.exe 5888 taskse.exe 5564 @[email protected] 3400 taskdl.exe 3396 taskse.exe 5704 @[email protected] 5520 taskdl.exe 5380 taskse.exe 5400 @[email protected] 628 taskdl.exe 3840 taskse.exe 4516 @[email protected] 908 taskdl.exe 1744 taskse.exe 4508 @[email protected] 5704 taskdl.exe 5436 taskse.exe 5840 @[email protected] 3228 taskdl.exe 4608 taskse.exe 4664 @[email protected] 4604 taskdl.exe 5516 @[email protected] 2644 taskse.exe 4604 taskdl.exe 5456 taskse.exe 2120 @[email protected] 5668 taskdl.exe 4148 taskse.exe 5984 @[email protected] 4924 taskdl.exe 1220 taskse.exe 712 @[email protected] -
Loads dropped DLL 10 IoCs
Processes:
taskhsvc.exepid process 3056 taskhsvc.exe 3056 taskhsvc.exe 3056 taskhsvc.exe 3056 taskhsvc.exe 3056 taskhsvc.exe 3056 taskhsvc.exe 3056 taskhsvc.exe 3056 taskhsvc.exe 3056 taskhsvc.exe 3056 taskhsvc.exe -
Modifies file permissions 1 TTPs 1 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
reg.exedescription ioc process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\oefimrcpcbg941 = "\"C:\\Users\\Admin\\Desktop\\tasksche.exe\"" reg.exe -
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
Processes:
flow ioc 60 raw.githubusercontent.com 61 raw.githubusercontent.com 100 camo.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
description ioc process File opened for modification \??\PhysicalDrive0 [email protected] -
Sets desktop wallpaper using registry 2 TTPs 3 IoCs
Processes:
description ioc process Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" WannaCry.EXE Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" @[email protected] Set value (str) \REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]" @[email protected] -
Drops file in Windows directory 1 IoCs
Processes:
mspaint.exedescription ioc process File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 4112 1528 WerFault.exe @[email protected] 4236 1528 WerFault.exe @[email protected] -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
@[email protected]cmd.exetaskse.execmd.exetaskse.exetaskdl.exe[email protected]taskse.exetaskse.execmd.exe@[email protected]taskdl.exetaskdl.exetaskdl.exemspaint.exetaskse.execmd.execmd.exe@[email protected]taskdl.exeregedit.exeTaskmgr.exe[email protected][email protected]cscript.exe@[email protected]taskdl.exetaskse.exe[email protected]reg.exetaskdl.exe@[email protected]taskse.exetaskse.exe@[email protected]@[email protected]icacls.exe@[email protected]taskdl.exe@[email protected]attrib.exetaskdl.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskdl.exetaskse.exetaskdl.exe@[email protected]taskse.exe@[email protected]taskse.exe[email protected][email protected]WannaCry.EXEattrib.exe@[email protected]taskdl.exemmc.exetaskse.exetaskdl.exenotepad.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cscript.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language reg.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language icacls.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WannaCry.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language attrib.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language @[email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskse.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language taskdl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe -
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
Taskmgr.exetaskmgr.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe -
Enumerates system info in registry 2 TTPs 21 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 2 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{7A478B07-B13E-4303-965A-9B828517FF59} msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-945322488-2060912225-3527527000-1000\{386E96E2-42B5-4310-8F50-E2E16967BE0B} msedge.exe -
Modifies registry key 1 TTPs 1 IoCs
-
NTFS ADS 1 IoCs
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 900963.crdownload:SmartScreen msedge.exe -
Runs regedit.exe 1 IoCs
Processes:
regedit.exepid process 5732 regedit.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exe[email protected][email protected][email protected][email protected][email protected] -
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
Processes:
pid process 3592 @[email protected] 5732 regedit.exe 2104 mmc.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs
Processes:
msedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exepid process 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 4884 msedge.exe 4884 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 6060 msedge.exe 6060 msedge.exe 6060 msedge.exe 6060 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 4456 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
WMIC.exevssvc.exetaskse.exetaskse.exetaskse.exeAUDIODG.EXEtaskse.exetaskse.exetaskse.exetaskse.exetaskmgr.exedescription pid process Token: SeIncreaseQuotaPrivilege 3944 WMIC.exe Token: SeSecurityPrivilege 3944 WMIC.exe Token: SeTakeOwnershipPrivilege 3944 WMIC.exe Token: SeLoadDriverPrivilege 3944 WMIC.exe Token: SeSystemProfilePrivilege 3944 WMIC.exe Token: SeSystemtimePrivilege 3944 WMIC.exe Token: SeProfSingleProcessPrivilege 3944 WMIC.exe Token: SeIncBasePriorityPrivilege 3944 WMIC.exe Token: SeCreatePagefilePrivilege 3944 WMIC.exe Token: SeBackupPrivilege 3944 WMIC.exe Token: SeRestorePrivilege 3944 WMIC.exe Token: SeShutdownPrivilege 3944 WMIC.exe Token: SeDebugPrivilege 3944 WMIC.exe Token: SeSystemEnvironmentPrivilege 3944 WMIC.exe Token: SeRemoteShutdownPrivilege 3944 WMIC.exe Token: SeUndockPrivilege 3944 WMIC.exe Token: SeManageVolumePrivilege 3944 WMIC.exe Token: 33 3944 WMIC.exe Token: 34 3944 WMIC.exe Token: 35 3944 WMIC.exe Token: 36 3944 WMIC.exe Token: SeIncreaseQuotaPrivilege 3944 WMIC.exe Token: SeSecurityPrivilege 3944 WMIC.exe Token: SeTakeOwnershipPrivilege 3944 WMIC.exe Token: SeLoadDriverPrivilege 3944 WMIC.exe Token: SeSystemProfilePrivilege 3944 WMIC.exe Token: SeSystemtimePrivilege 3944 WMIC.exe Token: SeProfSingleProcessPrivilege 3944 WMIC.exe Token: SeIncBasePriorityPrivilege 3944 WMIC.exe Token: SeCreatePagefilePrivilege 3944 WMIC.exe Token: SeBackupPrivilege 3944 WMIC.exe Token: SeRestorePrivilege 3944 WMIC.exe Token: SeShutdownPrivilege 3944 WMIC.exe Token: SeDebugPrivilege 3944 WMIC.exe Token: SeSystemEnvironmentPrivilege 3944 WMIC.exe Token: SeRemoteShutdownPrivilege 3944 WMIC.exe Token: SeUndockPrivilege 3944 WMIC.exe Token: SeManageVolumePrivilege 3944 WMIC.exe Token: 33 3944 WMIC.exe Token: 34 3944 WMIC.exe Token: 35 3944 WMIC.exe Token: 36 3944 WMIC.exe Token: SeBackupPrivilege 3016 vssvc.exe Token: SeRestorePrivilege 3016 vssvc.exe Token: SeAuditPrivilege 3016 vssvc.exe Token: SeTcbPrivilege 2152 taskse.exe Token: SeTcbPrivilege 2152 taskse.exe Token: SeTcbPrivilege 5692 taskse.exe Token: SeTcbPrivilege 5692 taskse.exe Token: SeTcbPrivilege 5920 taskse.exe Token: SeTcbPrivilege 5920 taskse.exe Token: 33 3232 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3232 AUDIODG.EXE Token: SeTcbPrivilege 5528 taskse.exe Token: SeTcbPrivilege 5528 taskse.exe Token: SeTcbPrivilege 5888 taskse.exe Token: SeTcbPrivilege 5888 taskse.exe Token: SeTcbPrivilege 3396 taskse.exe Token: SeTcbPrivilege 3396 taskse.exe Token: SeTcbPrivilege 5380 taskse.exe Token: SeTcbPrivilege 5380 taskse.exe Token: SeDebugPrivilege 5876 taskmgr.exe Token: SeSystemProfilePrivilege 5876 taskmgr.exe Token: SeCreateGlobalPrivilege 5876 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exemsedge.exepid process 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid process 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4884 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe 4936 msedge.exe -
Suspicious use of SetWindowsHookEx 49 IoCs
Processes:
[email protected][email protected][email protected][email protected][email protected][email protected][email protected]@[email protected]@[email protected]mspaint.exe@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]mmc.exemmc.exe@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected] -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2424 wrote to memory of 1020 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 1020 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3052 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 2256 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 2256 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe PID 2424 wrote to memory of 3852 2424 msedge.exe msedge.exe -
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Views/modifies file attributes 1 TTPs 2 IoCs
Processes:
attrib.exeattrib.exepid process 1964 attrib.exe 1416 attrib.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47182⤵PID:1020
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵PID:3052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2256 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:82⤵PID:3852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵PID:560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:2060
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:82⤵PID:2808
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵PID:1588
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:3648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:12⤵PID:1160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:3404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5352 /prefetch:82⤵PID:1936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:4780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6032 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:12⤵PID:560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:3168
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:12⤵PID:1464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:4828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 /prefetch:82⤵PID:768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3812 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2820 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:12⤵PID:2656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:12⤵PID:4452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:12⤵PID:1876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:12⤵PID:1548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵PID:1528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5336 /prefetch:82⤵PID:1964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,119477679854196798,12867398745779405471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6636 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3568
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2652
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4884 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47182⤵PID:1636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:1620
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:82⤵PID:2488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:2096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17665532649831204468,6490451820612851186,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:2624
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1536
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4420
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2904
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2720 -
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1012 -
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2420 -
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4064 -
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:408 -
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4512 -
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main2⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4336 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
- System Location Discovery: System Language Discovery
PID:312 -
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4708 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:4936 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:4684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:24⤵PID:1608
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2548 /prefetch:34⤵PID:2240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:84⤵PID:2212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:14⤵PID:4600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:14⤵PID:2336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:14⤵PID:3060
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:14⤵PID:916
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:84⤵PID:1852
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:84⤵PID:1808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:14⤵PID:5148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:14⤵PID:5156
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:14⤵PID:5336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:14⤵PID:5344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:14⤵PID:912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:14⤵PID:5312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:14⤵PID:5752
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:14⤵PID:2628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:14⤵PID:4080
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:14⤵PID:6036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:14⤵PID:5892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:14⤵PID:5040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:14⤵PID:2096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:14⤵PID:5692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:14⤵PID:3652
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:14⤵PID:6072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3680 /prefetch:84⤵PID:2644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5976 /prefetch:84⤵
- Modifies registry class
PID:1028 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:14⤵PID:5820
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:14⤵PID:6056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:14⤵PID:2560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:14⤵PID:6096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:14⤵PID:2336
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:14⤵PID:5648
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:14⤵PID:5768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:14⤵PID:4516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:14⤵PID:5304
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:24⤵PID:3252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:14⤵PID:5244
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:14⤵PID:4324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:14⤵PID:1108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:14⤵PID:5476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:14⤵PID:4732
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:14⤵PID:748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:14⤵PID:5744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4148656969758452010,16926572062254106779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:14⤵PID:5892
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20163⤵PID:6116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:6128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:5708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:4032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton3⤵PID:1540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:3288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free3⤵PID:5332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x104,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:6028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays3⤵PID:4468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:2808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6060 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:5788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:24⤵PID:5524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:34⤵PID:5488
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:84⤵PID:912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:14⤵PID:5624
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:14⤵PID:5132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:14⤵PID:2368
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:84⤵PID:6040
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:84⤵PID:1288
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,17355033693484996106,11844878767189376366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:14⤵PID:2212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2464 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:4900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:24⤵PID:3068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:34⤵PID:4536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:14⤵PID:5160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:14⤵PID:2260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3444 /prefetch:84⤵PID:5844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,11984606766690569053,11621291368160199309,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:14⤵PID:5344
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:5732 -
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵PID:5464
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4272 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2104 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4456 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:5152
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:24⤵PID:3952
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:34⤵PID:2240
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:84⤵PID:4004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:14⤵PID:2128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:14⤵PID:1692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:14⤵PID:3000
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:84⤵PID:6044
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,3052053105138484365,8479063358224860969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:84⤵PID:452
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵
- Enumerates system info in registry
PID:5236 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:5132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:24⤵PID:1684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:34⤵PID:3372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:84⤵PID:6052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:14⤵PID:6044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:14⤵PID:416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4316 /prefetch:14⤵PID:1948
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3052 /prefetch:14⤵PID:3176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:14⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:14⤵PID:1200
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:84⤵PID:1852
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 /prefetch:84⤵PID:400
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:14⤵PID:5688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:14⤵PID:5444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:14⤵PID:2024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:14⤵PID:1160
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:14⤵PID:2260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:14⤵PID:2724
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:14⤵PID:1444
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:14⤵PID:2720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:14⤵PID:6136
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:14⤵PID:5284
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:14⤵PID:3004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:14⤵PID:2720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:14⤵PID:5712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:14⤵PID:5316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:14⤵PID:4924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:14⤵PID:5392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3392 /prefetch:24⤵PID:3540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:14⤵PID:3064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:14⤵PID:3852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6907919840420516282,5140963583195355405,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:14⤵PID:4332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵PID:1936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:3024
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
PID:5976 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
- System Location Discovery: System Language Discovery
PID:4232 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:5352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:4740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵PID:840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:1176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:4360
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:5052
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/3⤵PID:3352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:4196
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵PID:2888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x94,0x98,0x9c,0x104,0x128,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:5484
-
C:\Users\Admin\Desktop\WannaCry.EXE"C:\Users\Admin\Desktop\WannaCry.EXE"1⤵
- Drops startup file
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:824 -
C:\Windows\SysWOW64\attrib.exeattrib +h .2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
PID:1964 -
C:\Windows\SysWOW64\icacls.exeicacls . /grant Everyone:F /T /C /Q2⤵
- Modifies file permissions
- System Location Discovery: System Language Discovery
PID:3956 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2296 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c 283191723216873.bat2⤵
- System Location Discovery: System Language Discovery
PID:3064 -
C:\Windows\SysWOW64\cscript.execscript.exe //nologo m.vbs3⤵
- System Location Discovery: System Language Discovery
PID:3532 -
C:\Windows\SysWOW64\attrib.exeattrib +h +s F:\$RECYCLE2⤵
- System Location Discovery: System Language Discovery
- Views/modifies file attributes
PID:1416 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1332 -
C:\Users\Admin\Desktop\TaskData\Tor\taskhsvc.exeTaskData\Tor\taskhsvc.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3056 -
C:\Windows\SysWOW64\cmd.execmd.exe /c start /b @[email protected] vs2⤵
- System Location Discovery: System Language Discovery
PID:3516 -
C:\Users\Admin\Desktop\@[email protected]3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1528 -
C:\Windows\SysWOW64\cmd.execmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet4⤵
- System Location Discovery: System Language Discovery
PID:244 -
C:\Windows\SysWOW64\Wbem\WMIC.exewmic shadowcopy delete5⤵
- Suspicious use of AdjustPrivilegeToken
PID:3944 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 2484⤵
- Program crash
PID:4112 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 2484⤵
- Program crash
PID:4236 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2756 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:2152 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3592 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+buy+bitcoin3⤵PID:5536
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff77ca46f8,0x7fff77ca4708,0x7fff77ca47184⤵PID:3216
-
C:\Windows\SysWOW64\cmd.execmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oefimrcpcbg941" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f2⤵
- System Location Discovery: System Language Discovery
PID:4604 -
C:\Windows\SysWOW64\reg.exereg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "oefimrcpcbg941" /t REG_SZ /d "\"C:\Users\Admin\Desktop\tasksche.exe\"" /f3⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Modifies registry key
PID:2716 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5676 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5692 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5700 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5920 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3020 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5940 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5528 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5332 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2896 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5888 -
C:\Users\Admin\Desktop\@[email protected]PID:5564
-
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3400 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:3396 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5704 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5520 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:5380 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5400 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:628 -
C:\Users\Admin\Desktop\taskse.exePID:3840
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- Sets desktop wallpaper using registry
- Suspicious use of SetWindowsHookEx
PID:4516 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:908 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1744 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4508 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5704 -
C:\Users\Admin\Desktop\taskse.exePID:5436
-
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5840 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3228 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4608 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4664 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4604 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2644 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5516 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4604 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5456 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2120 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5668 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4148 -
C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5984 -
C:\Users\Admin\Desktop\taskdl.exetaskdl.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4924 -
C:\Users\Admin\Desktop\taskse.exetaskse.exe C:\Users\Admin\Desktop\@[email protected]2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1220 -
C:\Users\Admin\Desktop\@[email protected]PID:712
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:1612
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1528 -ip 15281⤵PID:748
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3016
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1528 -ip 15281⤵PID:4424
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5108
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3916
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4bc 0x4b81⤵
- Suspicious use of AdjustPrivilegeToken
PID:3232
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3632
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4152
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4688
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4028
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:5876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6016
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5692
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3228
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4768
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
File and Directory Permissions Modification
2Windows File and Directory Permissions Modification
1Hide Artifacts
1Hidden Files and Directories
1Indicator Removal
1File Deletion
1Modify Registry
3Pre-OS Boot
1Bootkit
1Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\AppV\Setup\@[email protected]
Filesize583B
MD57413b45735801b9688a426b954144567
SHA1287926e4df92fd70c56ddc1cfdf5740017af81cf
SHA256102578929605bafc29cb002ba9e4b3244b31182e62c032214ac198db6f253b81
SHA512efc24d50f7d9d4d2bca13ea2253e5ab4a9facaebffd667011c774868be2246ce79ebbf5c0541681e18d500ca5137c5140373481d3340aba8c37cf868efcc500c
-
Filesize
152B
MD5c7571cbcc1448aa5246016ad0feba7b4
SHA136490fa23f20b45bdd8cda5f72facf47583ebb10
SHA2568dd3ff85971dffecaac0e59a8bbb61259e9df57ccaa51ea8c316cdaaa91eedb8
SHA512c17b5de201915e4909e3207d3ded218310e714057ec6c98e0f93fb7b75de7366bab85081cb8d8827df0123509fac176e3d201ac36db7cf25edfa649dc95d766f
-
Filesize
152B
MD583e6d0bf4f148f075eaedcccd4ce57e3
SHA12e0977f229e314490f5761c622f6cb04a3409e32
SHA25681a1bf635bc913773e162e3367caeb6aa17ad91b211aee06ccc1aaeb6abb8d18
SHA51221132a003b85fb4741ef3a9a03f4b0079c1c7761df32e680635ae63c1e3d6b8dd2ac7a75853299fa706c4fb0590d60b0fee50c3b17b3eba62df4a859f192da28
-
Filesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
Filesize
152B
MD5de6bfb97f7053f2a9bccb4db99681bac
SHA11610ddcb911d76d024bd72d5f1eccae76b775fe8
SHA256cc772ba8bbdd7f0b913a5d3a154a6725c4f092589eff63508376e3f20196f46d
SHA512c627fdcf29a6d73af775103fcc50e8481c4bb2f08b021551c707bc1947f22c6aed7974f56592a6dae1383ba9ec5d27e2f9a681f33abad8648145322cc7cc30a6
-
Filesize
152B
MD5943b881cb295a917ac5c33a96766468d
SHA1533b641cba852b3101db30c1140be65e64359ff7
SHA25641a4e14dbb2c8e0d046a730325d17b220a9ca01d3b56553423acffc5d62f8e6b
SHA5124bb21f697fb8470ef45f33e5f58bc1f274f86dd0b8932b41221101f52eef83cf33d11c5b886de526848e0cb5b71664c29004637c3188f797f0d8d4dd96e60d44
-
Filesize
152B
MD5bdf02139bae8328034646ff0482002ed
SHA17a3386e5aaee13c1afdb1b4b8594511eb576640f
SHA2562cb5cc189c41789ecf7db19d48cd86db8b4868b7bcf0db880905fc08e336cd56
SHA512b9b539ce90975ae7e1236310c16985a72b7092777a3b4b12eade77724a2657364f267318e8f49342da16b7770e060f6882a3b4418d7d1ac2f9c2e05b671584f0
-
Filesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
Filesize
152B
MD51e17bc73f23d69d8726f5aa4792028b1
SHA15e2ab5b3e67f6e9fdc06ddd0ffb07fb774fbd866
SHA256a42d129ad26b9e871fe6a5fafea5024ccf726068a53d237fa5dffcaa311645a3
SHA512ee5a2f3586aa4d8a7f6f3d303345ddf514ce1876ea3c324e699fca6e9d90ed908f7297ba570151bb79897dc85fa1e7dfb52e5673b58a2550d3589b482b8977de
-
Filesize
152B
MD598e1ebe1d47a5c85ff6845eb5411559c
SHA1a7bff28ca513eb97450ac611924688871e595a9d
SHA2565fde89ba9ebc7d9db7da439e9f11918920017ce246b11a07357f4cdc8c517b53
SHA5126ff48d11aa13b959d9f13d172cc203e8afdfd5f513bb4657ef4798acdbc2ccde7c5bcb43689e88a5eddcde71fa98ed5d69515ec0c971251b85b251403feb0766
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\817a208c-fb40-4f02-8ea6-64e0dcbee749.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
67KB
MD51d9097f6fd8365c7ed19f621246587eb
SHA1937676f80fd908adc63adb3deb7d0bf4b64ad30e
SHA256a9dc0d556e1592de2aeef8eed47d099481cfb7f37ea3bf1736df764704f39ddf
SHA512251bf8a2baf71cde89873b26ee77fe89586daf2a2a913bd8383b1b4eca391fdd28aea6396de3fdff029c6d188bf9bb5f169954e5445da2933664e70acd79f4e3
-
Filesize
41KB
MD500d4cc262b70dd3d386111ff78fb0812
SHA1628d4dcee1e82d04ab3969c29e256cef10101407
SHA256956916ddd6bb5ebde0f5df3605a524d1624ea335cdc6bd5bf26681d3a5ac5239
SHA51212f3cf77c4ee58eb00b08ced394d35e35237da4bc9ca62b1408c6dca4350068aa94d3a0e98132aa0e6cbcbdb7dee9c2b9c5399ba7c4780442200ad37a4c2b1a6
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD53f06d90f781a40e2014b2b3a97c48b41
SHA1660682729eda776fef2b49c1e4be9860a032bed2
SHA256c051c48247b58ba107b7ded31e6a3913c8e0c890e547047080132f4ad81545e2
SHA512ebaca5aa11d984601460b0def00e974411397a00efa251b221145eab261a8180c8e35347693e1ec3a1528b8dc206259593f21fc1618fa79840f588286c7e6224
-
Filesize
210KB
MD548d2860dd3168b6f06a4f27c6791bcaa
SHA1f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA25604d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e
-
Filesize
24KB
MD5c594a826934b9505d591d0f7a7df80b7
SHA1c04b8637e686f71f3fc46a29a86346ba9b04ae18
SHA256e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610
SHA51204a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961
-
Filesize
820KB
MD502e604f7843389afb730ca36ffb02f57
SHA1a8d72bbe97f6934bfcbf42d279bbed0dc96120a2
SHA256efb317934f9e8cc3bfbcd81977199c2a97b22ce3e51f8bccbef475b4c158690b
SHA512591f1fb1e55f314852daa23d45cd3b46881142e881d7f96307b376eb4192e32df372873b1e89f4fb90090642184892500f4a53c774e00b8e4210751e13429808
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5d6c54b07bbf9d0c92a18bfa9e855aa47
SHA150cda5dbe2a20c7a399962f305857c8afe03de6d
SHA25605f413f716ac68a408f0466a3aa6c09e0a7be647a8c441e4e4fd5a003afddec0
SHA512d7c90e7a155f53a6d938ea16d52b84400df689387168d8d6eaf68b94ca705c2a60481215ac29679d93bf9fb4b428a164a4f665db3bdb2bdeec195b583c5e6b52
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5bc3271f83b545612d30b98e17da52bd0
SHA14b00798ac3520f9d5054ae1a6aa67c76d982eaf5
SHA2561f268320cc3242eac4d2af5e54f03c45a27cc665288eac58f9874e09ff047e74
SHA512ca7e492eb22a9238eb36dd3dd1d17714a10662a9de9a8d6816476e181ef1c1f2b108417d1c378281961da135908851f75d8a04fc839108eb431f278205ecec80
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD59d69ffaa433dad09c2b052aa43326591
SHA11ad6eacdd8b7d8d90028fd1014ffb0d78a302f71
SHA2564b3d41ed31d46fda58ae53a2b93aabc56757cad1f583520f0818d5ba1c136c5c
SHA51295b9b7a16069d2f513e555f30385e6ac4473facdf1c0df667eb7d811a93327469896c6723ac5568c133862557bde9a4495099f4076c1972be6279d92a12533c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5084c0bb9ec475efdd86bf687cfc2e7ac
SHA10f3c789db1da1988f0da66f037d98e00cd9caa49
SHA256cf0f4e7c3cfaab2cd8330cf2ad1826ee4c4ecc39a0f1681d36af5d7ac07ae0b9
SHA5120b746f55ccb81bf150ff3f3351b7535d68df655d96c3a352c665c282e2cd8baa906dd7acda17dc6c40dc47e8b329e1e2aa0a033f46b34ddf2bc728a5d3d84389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD54479b5dc76210bddb0aa9cc1fb5ef3ae
SHA162720f574c9cf9bf32601c2811090393cec4bc57
SHA256ba230cfd105eca4295cb4c194d12a0060a3aee0e4eb14f2d66d678aab13cc793
SHA512ffa75377991797df786c68795ff07dd63121cf3b8692aad2bf79330c96f7f185110296a8e14509714f497dee9152d47904dd1daa428a345902952b30498d6bc9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD540fb7e77a6fe6be1fe635157613c9867
SHA11dfd24e3e1768b33c47de8e73589409a331ef793
SHA2564114d11758488350859ac1bb72913a38dba68740202f7ec613e6fc9db52e01d8
SHA5121c0ed5eb16e4465eb8f112be5216f877ca1844cba49968af60457abf6009ef340659c36c232d3918f29dbe9c76c34ffb81f5bd8c345426f89ff244eb95462935
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD59767147a4a26865d2f8abf63c170c8bc
SHA1b081f423192b80cf47cfdf16f571227a88a0da92
SHA25686cde2d88d69eeb080d6a9cf402994a0b2f1b4a8ee0d13af26b6f031d2ff36f0
SHA5126a02bb0dd91c517a8e83108ce0af5a58e54d14ebb9684e278a22b3b648cf37a3d19b90b8262d9dd316849c040f260ded6bf8e058d4fef60ccf9fe315ef31b387
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD523ccbeb7829959ca1fbaf3bf2596d4fe
SHA10641c63c96264044e0ac5a5a45fd161d3af22ee0
SHA256af13ea0304b45c82065a1c871714286ea8915e3d99a40f8e81007979b018b4af
SHA51217b58c60e77edff02ecc015f469403a42ba1e3b84c890c1afa2f7dda9b60d9e21ccbb29c96100d0dcdd2cf4ac2edefe70c4be2ce81a0e1591e1e9a17df7ee36e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD52ab8d011f66d98e1f13706acdd79b572
SHA106956fa5d061ccab56b52c74a78e6dbaabb8d852
SHA256bc302c8f134a47d96d8dd9061c37c81e5899d3f3e881658b356d9db33225910f
SHA512489b4bf8235425d9aa225275ff40b6ade5e7139ff1c9055f2b20f7dbb6ad0a999d2fa36b9823a404b04980ec568b45a946deae2e9845a2d89c6a58fdd9add8e4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5abb81.TMP
Filesize4KB
MD5f7c08b3561015878cf728971405743eb
SHA11c8f37969e6bb3ee68d35b6cccf5b85056b84a3a
SHA2569b8f878da14be9fd8a850ef6cbf904b597c92a986aca4ad7a408b1656f1b067d
SHA512c55eeab349f11a4beabef8fbd1b34453708ebe1abe33d16c4e9c655c5f60e307fea9f4d7957e673365075f9519ff14642975cefc80df148d1f274a76c0353c88
-
Filesize
28KB
MD5b3b6bbacef136a4186c5c60598e45ead
SHA16798bd669721754360cac65702141973252097fd
SHA25673c5a89b6bec4d4b9a77faaed8e278991a33f4402b6a1990f6fc5db3eb6296e8
SHA512e78c55638dd36f7394ad19230e74acab9e9c00ecc0b5c71e623fc8fd5d624b556a06318d9264ae842a4d57c91f42d1642c410293ccec8303493b824194d9f142
-
Filesize
319B
MD52a3f3e0f4d87b63f70bf2d3adbd1683a
SHA1f86e1f6d969258bf46eb9d57ce6e48d804f28ba5
SHA256d4b9710e8de719174630a186a8d485a441df94eea73a009b7bef5a0c42faa9f7
SHA5128dfc69c89ea3b5a6b73f8fdceba2185a79f85b216cb2e2d48c8fe20a20a01bc783e4cf5a94b74f22725bb594092f3a889515c4b2dffab4ea59b1623893e0c87d
-
Filesize
28KB
MD59a7c70340c70c0c564956af620efc03d
SHA11d02cbe822b73f1be8a99c0ecaaa2055c3b73128
SHA256be847055ea25af94da19ac412242575ca86ac2a0bcb190f36c5e5345825c0748
SHA5120b31e98ccefe106d0f17073be06f7f371df3233d3ba06d7b541ed32bcb611cc37873275e635f12abbd3b2fb0de8042d0b3ea66d47194413994f77b2b71eca983
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
264KB
MD58a7099522f9c09dbdbc974b48f9ed2bb
SHA1680bd94a9d20a6f4526b5b54425f7d66401eea33
SHA25679db0aacf2a399201c4fbb0d6b26b7e192ee07f8fa1dfb43282f07ecb5a245b7
SHA512f936b70f0e2d0b225622bc165b4388d493510c1eb776814a11ac6be32e31f1e09a67c1db0fde273953ba868ae676806982553a5501ce70735b0c170cee397b91
-
Filesize
124KB
MD54e4d08185c05ac430a97c3428737e50e
SHA170f90983c1d041b530c55126767ade1509eed3ec
SHA25654a2b44ea77627a25232d770879417b90d5efb0c8f5ac8f2b67ebd80bdc26bbf
SHA512417768c427abf3dbbc3145256f55642e4ce6981c635608804ed890f2c20ea5afb0ed74406116e74ab5988ee2a1eb2fbe220a9c85cc451400918b0d32198e01ab
-
Filesize
5KB
MD5fe7bef998d4873b5a57e8bdcfafafaaa
SHA1dcd7bc7da6650c4c01ceea0cff1e1edbe4378d86
SHA256b46bb2a36ca2a62013e45fe86d2ccc79cb9c83dd7437746078d065f069455633
SHA512b45d9ee74135f7f862a3e55ae5c34f0ede3e94216fa780887f2a64e2f42dc0f79226f4550e9aacc1b8bccf25a68adaed41eff1c4365cb57f141623c0f7ecc077
-
Filesize
32KB
MD5fb1fb1aa49d956fb2cd2822072b2514e
SHA1cdf1266ce78fb9a8670dffaacd295dacc5c3ed7e
SHA256aeb5f195cfd114ae349cafac1854011cc055184b2d6e43c64b4ed016870b7e7e
SHA51248cf39aa6ba310bb7945ab57691524ac7238f7f7b2ae1fff4c68226862600d52b22db8d342a52259051421e6b6726cff90f74f383d164f33cae80197b48baf14
-
Filesize
331B
MD52b51f6c62270e8ec578962b3d0fb9df3
SHA1a6f37901bd404ba23bdd5e95ebe6f8dee4814717
SHA25627fb58704a04bf223e6a9ea6b4b17651d00fd03c3ae58b938ecd5b713fb4c6f6
SHA51267cdce2208c0b446a3196bb61a32007ca3c6a4944e900cb9fa5a5d881140a36fa1dda6fae72fe60f9dde6c31aa332a5ed0a6d7d0d75192827928783430d402cb
-
Filesize
1KB
MD5950105af3c81fa622057b1813df97ea7
SHA1e1692e303df33970f27371719e15e9d813c57847
SHA256518da3c1e78cee30d56cab5ed37b75dbfcc56fdf34483a088c4cc01b6700bef9
SHA5129197a12af5ac2ca8f4bef8bcbc9ea31a0c57f253b4e5a251a8478d0d54a1f323cee87a7b01f54950d430e0338efeae588ea01b976e3077d0dcffce5a78a7d7cb
-
Filesize
8KB
MD59f3e47d278e93bbe54b2422686098686
SHA180f42afbd6b087cbe17159b85a4b3e86272407a9
SHA2569a90b3419118a6162b9a37cd67f94e276a2640080c1c07f1b3e11bc2e78914ba
SHA512e764005439736db056ef44abc31a5ee45fd069e63cb16acd18eefedb6d5bf03a5617de3c05afd0dc9de437b135e0d53dbe235f822e21e4df8f71c54378794d34
-
Filesize
8KB
MD5cf73e46b0ff0c7513e755b97255e930e
SHA16ded46b8877ff9360539b59566efc85fed8f7af9
SHA256e866a4029a08d1abe5f1fdbc394d1e5e161acacf812bd9a0b6e418061695b509
SHA5125fab25a46af8107c026b881974e126a3d0ef3ca41b6e7333cfac337aaadfe04f7606184f883c5493961237ca6d65e097ae09ce67eda1fe30fe3ecb5b3e887129
-
Filesize
865B
MD59485afbffca621334330da44f0526fb5
SHA18a667edecc18473c58416b60a80346082d74f20c
SHA2563b0c26c6ec293b8a224d0f5901742a346dfdadcf9d4217981d32148ecaf63767
SHA512fde2652d970b18e4afa87662ef557efb7292fe1e62ad4dd58781844458cdb4d91032beca3f2b1d44cadcae481e0e0fe5f9e6ea0ae4785eada4332ba2f8ccf82a
-
Filesize
865B
MD5cbc5ada5d1aed538b672f7a0bdc5c07a
SHA10a4c4e3a0f693f1542f3511f6db8484b3cd85622
SHA256364466e5ab92a4992699839c582e0df3e138fbb696c7b99af024902b5dbb062e
SHA51299dd038edbe7d4e5ecd6b8deb0bcaedb608c55515b7ef9b3ab3733793f2eb5b1e0d347c35a3916a6fad843f8f7770d0e963fca0992bbfc6e053c81d639900315
-
Filesize
8KB
MD51b01d055b0347ca2658f331b3caa33a3
SHA137d395094c184078d190965f1f70ef2fdec6a82a
SHA256c3f04256494dc7f0a925b572468610267a8ea3c2b2d0364a993294b2be7f4f18
SHA51233150d577d8dec83318a03024bc90e8683e60348db2b56f080a8471f09884b6cebb7efb2b2d2a12fbf8cd5d3f5b5990bee3945ab72d2494c35090bef83242205
-
Filesize
8KB
MD5ee92ce84489d99c1463009a93c54c8df
SHA1439abbed81c9153c229f6bf3684edceb21da4c5c
SHA25698e4e6394cf310d7d457d4cf6f73a7258bfe8649c7aa52437d13f2f3e784ed07
SHA512bebe16439ad5e1f4aff3e311e9c853920e50c71b5fc7d4f32cb3e1d8d6c39482568e80d09bd4c17c0006efa251e3668b79d4af35a3b822cb56bdff672ddd47cd
-
Filesize
12KB
MD51b2196bcf883b9ab311b9f3656962ea2
SHA117e8699d4af6dec123812cd2b463f2ba1fffc721
SHA256ae3e514eda1a74ee9ae1aacb525ff95ff40a178b8e3b8e83fadbad9344d0899a
SHA512d03be2a80846752cb4b5a3b77e57fa6a37a83c1da58a867c5b3bf5a9052c7295a58f18ddd537b011b79832d7f323023870404509e7f3b836b27b2049c91d0bfb
-
Filesize
8KB
MD5d184c066a733e01d1644964adf096244
SHA12c1d49e0de301ce4a97f2e49713e1e0c027f6235
SHA25666c5f9c970aa71d1c94d9eead71a1ce41ae3907d9f6434584ff7741d0e400c60
SHA512688a3c07695d70396938f365a6c1d53bab7b6205af2483ae1c4c0b56149e56754d1bde50f9330f521b0d9099a5d316465b9322d744e40d33182422bb0f8d5988
-
Filesize
12KB
MD57646eae24a3b2447c4623320f7896219
SHA10c4eaa832c133ba2f513ba7c951d66797b5cdb6b
SHA256f94c13aa0dd9d3467ee36558fd193fe5f756ff75cf66c95092347103c50a9458
SHA5125bd322b5738c8249f4a9c82bb10f75ad73c39de078337189225fe4ac759beb1282891f5a2b776e98a44a1e7089b188103cfa4c5a45d707640e4604f9da296c74
-
Filesize
12KB
MD5f8e3ffc71f65e763f3f2d94a10bdf6a1
SHA127f21983f0a103c654e9f27070000af878b2bbdd
SHA256aba1aec6fe99e21834bd79f61e2ff22e80bffa04d2bf202b020de39e192763e8
SHA5128213fafba1c6bb3cf377fd0bdffff9ab7a93c822499f09320f7a350af029acc7d5f740d78631bee4fb81b6c611bb4c4d78647b862107bca8fa8e1289cd772792
-
Filesize
7KB
MD505c1af1fb549113f70c43a7547484d6c
SHA1ad781cc9a469dfd6a6d88bff696446df0325725e
SHA2566c1523490a89500c77f02e4f268fdfa4e05700b7c3a692b44be808688f2d873d
SHA512a33d62503a99653b4e1807a13f559f9affcafb0bc2b3ba06ffd45d396f25662d64c988b2b549840ad1b1573bf6eaf1c6371062d555a68fa7422acce1c35386ed
-
Filesize
12KB
MD544777568f508267ae0d4229c26ce550a
SHA183f837e7b66ca2104b541aec3599d762181ddc69
SHA25602eeade535d7665fcc1f78764baefc6e3656463855ceed483826aef6900197b9
SHA512dece6e9c070ff4c6f06a5fae1b32395c43a8a62a3fa3e9a3ac21fe138c06d18a403e2dc2a00f948a8d2e53d510cc722a0fb7a333e93b6daf190f9f41d5e2c228
-
Filesize
12KB
MD50a2124e3e9413e290e93a250dded97e8
SHA1e9ebbd98f57fbbe1375caff12e3987d08ca8d668
SHA256e4d1194be1b67975716d76613cc6d75e3b70d5186a6ef44cf39472a9b3070cea
SHA5129b734c2f374425b3be4fd5af6d6d90ffe40f7e518b6fa84fc9867aa7b19b34d892bd0204ea804a8606a682e5d53ade203a9c1f2724b96b0b5c5e7f8154963813
-
Filesize
12KB
MD501cb745a65c6581b8ab64c9053036190
SHA1afcdb409cb351b6583a003ade3dc46dbabb34efa
SHA256266a6057949bc8f880aeddcdd1a24d8a03b61d5218d37024a81198aae9ff0ff0
SHA51279bd343efb883fdfa6ce1a65382396a9880ebb9d348a6b01d4b4dcb1290fcdff1d6f6cb4168adb484cd3f13a51ff2729c54ea46928af02e1189dd36115ba467c
-
Filesize
12KB
MD5e7095fc1263c54dc2075ebfd21ea01e7
SHA180c87ec952de4f72731e17ffa306a5caf30642e1
SHA25668f91a7c8e53b114ca9fd61d7fdc39c51393920eb6f8862d2c5616ce3060141a
SHA512d5fea0eab77cda272940e83d38d5d7df232ccbca762ff850316860b00677b105cf0beb0dabbbcf6deac412fb58d78e6543270cb8b44d7de2ca490b1bfa094bb6
-
Filesize
12KB
MD529e99b59bfa55575d51bb21d4f0852c2
SHA1fa87b1782942a14ce4429b4bd0384a2cf37cac58
SHA256ff26bf08ca15996c39bc5fad1147171a1b688e82330bb55c1e4aaa38487072b4
SHA512eae02d5dfce34a8cad3d2c14dd0b0539425885228452bfb7e6da72caa2640b80742d4e1ddb5a1c96da497ad52bb57ff5ac7f90d2dcaa0936a072088f5ea3185e
-
Filesize
12KB
MD54e40d744e8fee1e94ed9c3c722b35efb
SHA19ce98af55406158eb3dff7ee47ee0199dab082c2
SHA256862c05fe168c498a41d4baa12c81759cfe911c6cc748bb6fb1466560f47818a4
SHA5121cbbb3b719d1f317a68c0fd55ae5ae95e40fe4952f6b975eeccc572d9b19d0dad16e57e7ea2306892f15144e8befd0d286973d5e7e5b74cf3e6c6d7c3e18adb2
-
Filesize
7KB
MD5b698a4fe505d8cbbc2fa5034abd3c823
SHA122894d03d1c5965e3ffffc520aa2b75d6bbc994d
SHA256f6b2b3817dc6a8b3e54a4c55bd5c13956eb8edb3ebc56bb424854c06ca810fd4
SHA512feb1ca63385a8b8e005fb94f2de4bf70c2720415ac86711076c9fb7a61790baa8c495d9b5b9babf6ca3e23e8e1997400643423d64ce4dcae6d03e1e8d8566501
-
Filesize
7KB
MD5e5697fcb2ec5f3bb5b0b157d91118e74
SHA1497a552f5dda42dbed2d01ad1324df0f5fff09f4
SHA256f139d60a2ab0f6e2044aeec943578f7af1885f458a2897556f0967b9c5557623
SHA51201ac09410a1fc002ae50385100830b72f37d078153b7014b9318bb259fe48c371ea3733ea28337db73624ae95c53c5a5201a64026212a69bf74ba07b37bbd0a1
-
Filesize
7KB
MD5ffae3b1ae141282c586665b7230b9dbf
SHA121bc85f106a2dfe433d4863687f786f6aca8ddce
SHA2569991120688ca2791632347874cc3b31b7cbbd400076d216004ca584d06d0d820
SHA51295baf6095a70ac4cd492f1397a15c62b30254ad66671b7f1330718bbc2496fb9ca092e9e997787e8699c0e1fa4983852fbe022aff8c6bb76149a093e952da24a
-
Filesize
7KB
MD54191516bb9dd5fe819eb6df7b9b8d21f
SHA16b86dd91ba52422d50f8914c281ad603b07c571e
SHA256e9ac96bb226597a18229af18d781ddb98a940a7f4767d0dba1ae38ffb8e067d8
SHA51265a031a3901e5ce24fafb3647adfb3c35c9e0044dfb522786da07a68489adfed467cb5429a2a55fac5a63f6ee248039e140f8a165b858d382e51615a610d4df4
-
Filesize
8KB
MD57dcf0476d7140b175a4957fb8743edb1
SHA17141a5a457b42754ba78d2d4e404bfcbeb3440f1
SHA2563ae2ad869695ec42a854551c78e7cb7739723248555a4000b1aebac49cfb3ecc
SHA51244db79e6c729fd37b42aabc123b495545a536a5f65ccd61222e32437dd050d873a6448f82094a6a199cf5167ee480b7340b3fa4a7478a8a5dc54bed7481a2836
-
Filesize
12KB
MD588c34451c2296e6008eb7fd4f1422f2d
SHA171fd2499e39898e6db341df85c6f664d6f49bdc3
SHA256a56e0f11154668f581521ecb4ceeea376c566ab64deb1cffb94f28e82eda3791
SHA51281d5a8d6d31fc2915f05906571239df41c62ff1083fc5b81a658398de195412efd1e47d1ec6b94dd65363599d9f8b337a5bd01555ecd0345ddeb7f15f8faba56
-
Filesize
6KB
MD5074d700cf6064e7e3e292a289a5d7b3c
SHA1f3747945124d1276bad203ac5c00361d7e22e478
SHA25686ba16cd25b47c4cb965c29abdf72eb895e00cd1072472c7df5730b9fb61ec57
SHA5122527cd695393331ffd5627dbaf12492ddf988a286f4fb04b57cfd1a93741309e4506f7eb64e87c564d9b9f1e97f8e94a08046f00ded25b2b288d651f29f1443d
-
Filesize
14KB
MD5f60edc99a3b5dfb1654266f8f0f4e7c0
SHA1c77d91c7c703277303e8275b0de3bd354da2d47b
SHA2565d79a41da957dd503710d95f9237a9e71310a38048b660916deab979789af07d
SHA5124b559d522fb44019a478011a08ee8e6b75d88068f5a7f72d952bdd669630f21713da295907d455d79a42190e93be62ae09ac04db4c0cfd2679b69441064d231b
-
Filesize
15KB
MD5cf604a634c7530768b976104f2f93645
SHA147048ccfca0a0b56eb0acbb7069e918d5ec19dea
SHA256deb7999b294e0aa5d5d948d2c449ec71a129494543dbd3b340da3537383cf12b
SHA512c989b49272003745f0af720d511ef87d2cd8bf1f7567a7c68b86043c9f62849cb3f27047287e41c2f13f75f3d8ac669adad34587839e9759acaa986f798dcb31
-
Filesize
7KB
MD51fb45a7b43b06abe9e3108eed12e719a
SHA100dfbc37e06bc19ac06e98326317d4a37ee07bed
SHA25661d6aa18355493a5c549a80c14aaf857d6e93663aa7aa72ab185476e95ccc2e5
SHA512f288ce7bcf8825651e0dee137b7251e21ca5506bd3606b62e5d0d64e75edcc6c198a262148eba57addbd19d9c98563bc3a1c1e3695841d522ddb309ad5b65258
-
Filesize
12KB
MD5a912242ce95b01893f8afa12dadc0442
SHA15f03325ffdff32d6ce3fe611fe363cc34b0441c6
SHA256bfe8a9fa53fde263b62d05c2af68a003a2bac3f4e717021903d921bcdce8876c
SHA512ae4f13a298b96ec121b59f67f9e18eb0f03e85704d0458667be46e3ea16173571fa2b836568d9785873b263ff66b8b622fef357bfc1b3bd4a4308431e89ea2af
-
Filesize
15KB
MD5be1ad8b8882e2c59e04c4947e7d6bdf0
SHA16716f94a056c8c36d598b92abe6db7ad21865c2d
SHA25695e3e2f49976242b88873d0f1bffcfe007e0010a6d4da5a881b13a4e02de6933
SHA5128ce194cbc2b06694ead9d4db19dcbf1a633b21e1a45560686ce624aa25792dac6c333e5c86abb275a7e620c682dd565b9fa18d21cb16c3798a389e531b921936
-
Filesize
15KB
MD51c302c39c66fdb10c13103d1b683b4bd
SHA130ace08b5ad160c244ea8049cfca7eff6843def7
SHA256dfce76cb768e10c66e07b1b8b9f3de3dd95b112be6322cdb4173bfec3a9ea37a
SHA512170e00563e34cee97518391ba5b28f5e2a09383bee7c88a31660a11a8516ef2f86cad3efe09e34e4e9d9bd3dbbc8f845dfa247f38afed398bc929b2fa7a6bf66
-
Filesize
14KB
MD571409904bac67cd8797ce5cda4269a17
SHA1a0af02ffbee1669ac9311fe1e1faf0a521da4b26
SHA256feaeff3328dc1257ed27e5173198f1eb393e79f28006b5d099dc0ec5c6f5c892
SHA5123cb45a5210e2e61e12e5d5408a77615fc2ecbb945443483c494bed56f98f11f81dfe646f5c4bcd66caf6b3c56c6efc0b4148691f7a50a341af4f88fa237f07a4
-
Filesize
8KB
MD5003466de8c326495308b8cd26460a759
SHA1ee475e6cd00e23575050deb2a497d5c6abd4c057
SHA2567f33b8bd6131d7d466f752aae27077216e49f1c86955da3b924341b2ab064494
SHA512652200134079ec287cd9c156ab2706fd447b86494a3d43963cd034d1cd238199f0b91edfa7af55e669d0c9b430667ed988507129694e4f69ff290495e0817608
-
Filesize
9KB
MD5e85ee225c32c7856831ea28a1129119e
SHA1941fc804514ece7038cdeb738af8c5cabd412fd1
SHA2565c30f5eb8bb530aad8774c9bd8143e7e4902377b8b9c5e95d641e55da524fdb4
SHA5126fb785667074f1cbea4b74c6c1b007da982ff91117d6a754d682686c59e5497abc8634ed3dae94c8f5ffcaf20528fe805d89edb8d1ee401f50155b1c1e3a2541
-
Filesize
453KB
MD564d4b191e2559b80ba200657ab9c1bdf
SHA1394b3c1ae87b45b7f1c7cbd03c3a3885692f42d0
SHA25616ce3a53b693376f40f5bd58dfb7bb6b0eec8175ba7b3b608068307309037b2f
SHA512db8b6992ff5f08cdcb042594edb4eee71f1c52cb39db0a4ccd33eb3a49578aa0667556dc604c7ddf2f72c9228c3681a552a4583024c8a128dded9a8912a838e3
-
Filesize
1KB
MD53448919143fb934e2d9a46069484643a
SHA1d0eae616fe25917795924297c83b6a6e64c0156e
SHA256b96eeecf756edf282e57178182de7032363b095b16206f9252eb508a76269b53
SHA512ce6319ce3baa03a9917487e827c0b19e579885a9152fab7c5efd0511bb6477a6fd5abbbc2d87cdc10e2135e1d0dd0a78da6a7ca090378a9f3289578d6ebd4c2a
-
Filesize
388KB
MD56fdc1f2e221e49d5310c0cacade157d3
SHA1e0c51ba4569a850e3f16c6ca6cf7069a9665315f
SHA25641dd63762a7bef41583b41a24d799be039427083ff7af6e9a1ee176b552a89bd
SHA512b674347b8a8fa33cb5eb774849a51110473a3adef78b1d76df076677f1f7a14775780f2367e645272695ea9d16742084bb51f79f741163c5a3a595db05b98e8d
-
Filesize
641B
MD5839def0464ec9d1c66aaf8c6df31a972
SHA14d73dcbf95396161736e44d7914028b6173754d7
SHA25698a1d8b570dbd3fc63966bb001aeed146c4b01cbec2446144f2955ce5d470bdc
SHA512fac1c1b3ece8268d797adb7003249b03469d0e5ad831982077763397dd620512ea16625bc175c3b491132296184b0b23e28be5d0200f578bd21d1bab2f4f58c4
-
Filesize
298B
MD509b4fc4c9d7d6c0d9366fcd7de92eb59
SHA1845e1e56790f4db401aeb8950d6faf91161cd520
SHA2560be345c63327b6dcd49b63273216207131888a13cce509ea254c738e6e84ba32
SHA5121ccd34cc47bc5b83cb24631b32013b44b1e72eb4b4677eccae63b30f5ed1d8bac3925c2e14b0223ddeac36ee9d945ae823ef1c4468140b6a1e744830d7190aec
-
Filesize
29KB
MD5626815adbd0de00b1526cf8c7e366ab7
SHA1d8bc12c5fe078ef186c65981147d477f088905af
SHA25664e5c13a8d4fb586e31c0059d3db67884a732ed8dfbdb3f386cf45cee15889a7
SHA512d781975dde77394ebbbb29b7c89f4b67eae774b054947cbdf9a3b20fd3c2ca5a5fea6a62eed05288887585663b47d0df488195ee863f9093d2743310ee2f6769
-
Filesize
78KB
MD5eb391f30410db998759db92d105c1ded
SHA14a55dafc25ca140567479467ba9f6e2a382b67f1
SHA256dd7cf35b7c19b8af3276a0356667dbf5b3d87b5482e17982bc02f8f8b6c6933c
SHA512f4bbc31cc1dda461e312b4983fff2c1c1aebe63f25da269290403731ea948f1850d9dbfb8e920fea1c5fba353529454a708602f9035b9f4dac6ad2bbc48f6a4b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize256B
MD53e2d02e2bb79df1b595108b225670c6b
SHA15c715be833a5fd8a244719a38cf9c09434001a39
SHA2561234340cdc130ca1b9c51dec0935cf6e761d8cb275f0030772585bb144d5aee3
SHA51204dfa3694ddc7fc496ba35370bfff7e051f2f01c06c3d43833e6758fad5323c826b6d5221621596f4b4cd642d25f9e48e3834f02e719d1756cf3c63c5690b094
-
Filesize
347B
MD5c514e24b5386247ea67936b8790c3b51
SHA1dad85d1dc010e6bcac8db84992cd9f1db6ab05a2
SHA25668e5b72ea6259bd25916eb9e07984047d2cda94f8b0013314efc1e46073f6ad9
SHA512d61a17e50b00e1ee6b43af7ea922310940cef2d7595fa7f6e42a84686ec51f997062317554e24142c9acb3f5e208c8c220ac8611b79264f506d22a9516d47761
-
Filesize
326B
MD5ee46eb623f25a08d61877fc83e071f6a
SHA152c81e283c429e7261c7c1669da0eeb7965d41e5
SHA25620202f0e56946106101cf2e5d65d8a7414dec4f6ea2e3381876e717354de76ec
SHA512df1e0a9df68eb260fb42ce0e3747c050a3cbe0e1503e1dd210e1014fea9d0ebdf83a2c9ce97d8573de0ea3f66c8304c16d36c8c9b223e6fcf1fcfd1023a75d86
-
Filesize
2KB
MD5a00f5088782a08be0b9492d6f151f25e
SHA147ce69d3e5f6c337e38b7ff2d10f7b5434e5b8a5
SHA2563c5a5c5e88c918c59215a4e16bc93f4982d612a033c170e790d33586a5cc3674
SHA512d8c13b3d04bf8e3db6ac6527cc3bb59a0d9bb134d7eb9ef93da650a4357969fa03e099c7fd8a67a0c453b662f8bd1ca1a95818bb0f36cf0d6730aeb6ae8e38e5
-
Filesize
4KB
MD5e847c3add8ab16b096563d9cfc577be6
SHA143ee2bab18627f989744045a2419a8edb3cb3693
SHA256b59f19cad1dd9ea0d32b827d4f8957b0da757e20557a10fd757348745c30b555
SHA5127edf5af311c3396f758939f9be31f100dfab65785439125ffe3043c727a89f97e69276e0f28c99c6f7d4d1bf5ca27a8c8edc80b102196a4085bd6fdb783dc2b2
-
Filesize
1KB
MD5d33e82e7eeec71d9c404dd79f93799d4
SHA1ba4492f0ee518b4a0aca8a8676890598c2bc6390
SHA256433d25eff47cbfffa28055365e8d3aadcfb8d8e615b4909df2cf5bcb42e95f16
SHA51216b80d39be9a45c4fe77f080b0d3065383019f003e4f99f093e9fc2986d4310417c0acb12ed753caae6b4a8829d7d16a22102b1c4c35ec6ea10ab82ed0fea8e0
-
Filesize
1KB
MD5a4ae4066085b652039ac5c85f5e8347d
SHA1a1a107c1ab8b6e0e8fbcb48545bc09a5a37011cf
SHA256b392fd10b2a2c260cdba84b8c8a7f200e037ca9b11cf019382a95338a7a7e376
SHA5120302fc4a8e22058412ee3fe288275f1f09ac38dc4c188d0b42eba8e50d15409cb3dc6908bc9e9f46f039a1461b6bbb4c5745eed5b15d8e5c1a250c7c3b471044
-
Filesize
4KB
MD5498f5b2d2c49e1929c010f8b522f53db
SHA1668b72e2b37d1a38d9aacce8f652c4a10f6208fb
SHA256541f10ac8c2cad6aa8bbb83b47566f5f179fab8915910652d93782718b99ccb3
SHA5122379ab7d57a7f6cc4fe0b2fa47d3e0edc72aa3a7e3c9606e06e750012db11b2ebcc039d78504c4031cf51cf7f50437c14dcc45e47fe1a19b5e5bba52bda30e78
-
Filesize
1KB
MD545c06b4fa73b6c2b68063e7b53a1499f
SHA1b660e019522434198229ff544acaf9f276b05349
SHA2566c47e5929c912bf7f5ce7dc7bd1bf5749a34542af456d64c81fc9eba44fe9bda
SHA51254f15d2cab3dbb0adcfd88f627f5c4fc4b3dd2a4734423d444b33e7c32e4a7cac544a28cd306f5dc99ab0c0d5a7047647c0b9d00042e5edf956f258b23c89760
-
Filesize
1KB
MD542e01c7a3d19913bcccb2b6df0a4261c
SHA1646ebc8adbb2b0a3f4768468288196196c7d0e96
SHA256f479455898fcaadf5424fc58373e3fee63b03c597c74a59a1be674581d72280a
SHA512cc1f66197ac57dda4bea5c95f26c9e1240147cdfd319d2327aa7d8a57dce459761b99c4272c08e33310bfc796e1fb10f09def21eb5319e5369de42fe745842ce
-
Filesize
1KB
MD501d51b8f5cfbd430998c1d028e6915af
SHA16409398280c49e6b6edb119e4663fccbdc9dd12f
SHA2569282a6172a9a9999dcb6176570812fc31d413a2180b926d4785f9546e74c4c31
SHA512d9ad14bf8856580f3510d1ffd567205142f6b97a24f4710e7505fd540cbaf0bc318296fa7d4aa44e539b1509a386f8f225d063d7679a3f8a46663b4324e2747b
-
Filesize
5KB
MD572429025b80e33bf8d66b71935ec64a4
SHA1e800090fc8479baa6d6931049764378cc8b7d139
SHA256aa7b4ce4378d456d606ffaf947c92f2bfcb327539aad2fcd6c291c9c0b3f843e
SHA5124ca3fb50392a905a9ca3c059aefecfde5c025e5a17dc1b328bd8590f24dec7aad09f06d3555ad787e06461fef2d34f653ea8d4eada4c98f9dcd6cab54f9ed4ef
-
Filesize
1KB
MD5a726548ffc8ef8bbacd773c9847881ed
SHA128d1942cf5fa2659d8beb331b81e2b41c56b37b0
SHA25605720ffaa240619c80e59f449ca2b91c50898096d4197b41f4879c471fd3942f
SHA512dcc476b48f444568ea2cea039c5b430225ef010c28d7b6c4ef5983cc1ab513754ca1accca5ad57f94b26eb5d1582be8926df8497dbcd229db1d708169cc5282f
-
Filesize
6KB
MD552a0b05a8f8ce939c48d070b8e54b358
SHA136b89e4b6d3d30727002fa41268bb07d524e0c6b
SHA256fb7accbcfafa82b2fa975a13d8ff4e983562d7e0698253f2d1b2a00758080929
SHA512c4cbdbe7948e96bba700234798703e6165fd802de4b2fa68aea2d91d84035a43378a474848a048cbeffffa8c84d6729112d1c413bdf2dcb82a5db82c20b7a50e
-
Filesize
4KB
MD5785107e5ed4ab408440b3bbc044bcb63
SHA1b7b7be616f25c469178dcf50b1afa69b14249099
SHA256ab71fe3cb53dc3578ee8e65f619b33d5ee4983b69895cacb18bf4718e91d57dc
SHA512dd84c0d5ea5a276ed6d44db152575ef7c76cc5798a94d165193fbbe1d20fb941ebb9a834e98cdbebb35f7de391d06f301abbc668033e49e8d3a4d002c1bb58a2
-
Filesize
4KB
MD5aaaa63cb370b395823d66f11e483583d
SHA1e78b03f4d1d500f4e6c71a8b56fee90c108829d6
SHA256c02d6fb82a5f83949547ff6ea974d84d84b5d6c2f8545d82c353681ec7b01352
SHA5126985fdca3cd1b605b373b8c6b4bef0c410557c2c1ec25a603c40a20e5b6fc090394caf4923eb3e30b54c5c1edc243e56d0c4dd6beac16172ba43222f655884ec
-
Filesize
1KB
MD52a345663b859d39e01c34f684782e0e2
SHA11bbea85456483dc2a0e8def992841fb38c22ee81
SHA25682acd09e92919ecccc308b7c7416619280b07db4d1647c33a7a42a80a7b4b545
SHA51206ef12042f28400bec8b643165e61bac621368ee3a7714db06c6243bb1f5679239bb44346842ea1ef8e8f4d86f91956b87800c34606e943979bfa486bbef595a
-
Filesize
128KB
MD5fcdcbbdd0df87fc4b4504ca91692b153
SHA15e5e97744f12d1a2d5a8b42ad3d320be4eff74a9
SHA256d732e6b7df65a485f62ee3b29988dc95a30b3efe57f45fcac206e95ddc8b6d7d
SHA51223f78376dd3263b81220572e2514f9bbcaa3350e5d7bac2e47f15fec4bd0b59a89c1d216106acaedfd6fbad656de791a8ee44465dbadde9c370fc7ba6b1969e4
-
Filesize
116KB
MD5ac510c553e037c04129a8671df7620e8
SHA1a1643b467bb5627e7fa45131a1e96ec856b18011
SHA2562421a0abe682b5da6ec0b86b36927b839b8bdd9a8e5a22dea46d89a80c1df081
SHA5125343f46f0adbe41d77a9597865c7b4926eb1df8d0092a843e2a345e08f9b12b8f562fef8adf869f9545a48130a4b8f0b35f4075e0422cc912a7902665fc64190
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4eaf094-5e8d-4677-93e4-73c4307a78e8.tmp
Filesize6KB
MD5fe98c5c35832f831515bf74b719af34f
SHA1c408043992168042093f44ee57a00759b1e59fa5
SHA256925c02cd4510e5a2cc8a909c754fcfefc12fc049fd180675be49afeb7678ae7b
SHA512b73ba273ab4dcebd6d26b9da9b5ea0cff656c2515f8d80ceb290b133417e9ee935fa018ad5c852ed60585772a0bf69b34204a8fc3f8e71350c78c482c105d307
-
Filesize
16B
MD5589c49f8a8e18ec6998a7a30b4958ebc
SHA1cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA25626d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2
-
Filesize
16B
MD5ab6ab31fbc80601ffb8ed2de18f4e3d3
SHA1983df2e897edf98f32988ea814e1b97adfc01a01
SHA256eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8
SHA51241b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
16B
MD560e3f691077715586b918375dd23c6b0
SHA1476d3eab15649c40c6aebfb6ac2366db50283d1b
SHA256e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee
SHA512d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f664a245-aec0-467a-b4ea-18d232274924.tmp
Filesize12KB
MD544c93b22564adf59121e50c793341654
SHA1e08fe07b6598a3c89ea6b9caeeab7ed68fc3738c
SHA256ab82e5968f7f325ee391b3e44cdb22d9a35afa89fb7baf7a6a58c21111044052
SHA512860783e4b7c963933f284daf5647e866ba544f2c37727a5c1061309fdd0b1a6bb23f2b4352c698fee9fc738b8187020ffa1ef25278e4f5e283bd8d1e35bad47b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\fec93854-63c0-4b2f-92f2-eac73689e19d.tmp
Filesize6KB
MD516e9b9fccf496907f218282b2e26537d
SHA17d5a33ebb23046e06556f03951cb4387d0b28245
SHA2563d16bce063ddd9eac27dcd437f94d5448390cb6e10ba456bf1995d653938b06f
SHA512364dba83b6967ef2bf5e6a0e4aecb6af147dd949f27fb23e783408e41e83ce91e69b1854748b51228aa6cbfe4eed10a9bed9978196c3b9f53ff6b965ac78298e
-
Filesize
80KB
MD5d8980a1476e48ee02c7f4fd9d16d3649
SHA1c5957f3573cd88d08e5ae1a864e380f4202188bd
SHA2564c8c85986a1c3f9b2db7ccaccadc9797368e5476fb88edc53fba2e0d5bba7264
SHA51269abd3bedd9b00574a7c53d2e75fb4dd84d6627debb06cacf82e13b51a7cef589e2f44aba57c827456eb24d8c0680c7e601c5ada173c61615dfdec8c81780892
-
Filesize
6KB
MD52a1b57b0d81d156e50608ba390594ad4
SHA15399a98d2262625c0ce1840fad8d4bb11a629a61
SHA2564fd7e57c235338d8b5063c4e17b8911b7e3b5f0c08bd70168d5f56c1d06f182e
SHA512f1a577824a389979968842bbddb1ce1669371f3ff1ef16b86a4fee9a269f0b00cbfb94053aa55ac60287a23d9a2c0df053b0221e17f752a7fce45dc717130464
-
Filesize
6KB
MD505654d6f33298ebedfdd5357334b5f9f
SHA16d61e9c3b15e3c818abc3c624d1e96364194d160
SHA25619a30623ff20f2dd6302409cbeb2305b80ead590508c0543c7232e14cd3f310c
SHA51229b178401271882539628cbc46a04beecdbde67e2e0854eea79da0de64067e04b777b3e2f6673f9f79258b58a1123c760a69768cf08f3ccbbf81efc1159f6ee6
-
Filesize
319B
MD52eb3681d80debab2310dbd47315cf27f
SHA1543038d3c97318138953875371326a50d8a18286
SHA2564760b23ae748f46f89a8a054e9e31656aa7bdc9bbeda94f2c5ff201578d581b7
SHA51271cc2224d7955f4982762d335a27504f2826d066e8700eef5ea391adf2dc9d8019ba3ba4db5ff826b6efe51a8af55f3a59a4918c4c7c1e4eb86557120bb91e51
-
Filesize
594B
MD5114da86f0e752725ec4402bccae35443
SHA18f0e968d8affc73eea0b3132ae5cf2b56a1b6e37
SHA25656e023128f893831ab6ed3105a0f7e73a147b874bf5b53ed193d88f9e463f6e0
SHA5121b8b6e5ab015ac86aa28400e466af7737d60ddf9376bb0bbf98c8b2a1924deda4b8c40ca4c84af1dea9145597b3e54501225949550255072c6aead87c38b1dc7
-
Filesize
337B
MD5b7ebe87db97ec4025b5efd4e861e5c63
SHA1e2c8dfd1a0be30d2089d4fa92db9d27ea9e66952
SHA256ccc4b7d2b1f8c42e518ffc461755803e22eb4e4a2c37ee306cf5b574bdd636bd
SHA5121f3e86acbd5dbca5a53ed82cb6a837a315cc767eab79b961cc0641353ff16d2e8abd6ab0d374d75aa3c1ea6c82b74c3b580e976c900d801460f1cf4fedb38f94
-
Filesize
44KB
MD52d4cd38f6bd0045b399ef602bffbb448
SHA16d28863bed5951980ad801ef6242f99f120628a9
SHA256d05273f199bc473153d887fb07cef76e9453dcf9a79901530ab08879b0eb015d
SHA51292c6b7343b8ddf9898d2f00a8f15be78f21ba7c9bd4c95cd08191a631a534798cfe2cb4db43d21401f494fc3271e95313e5b0c50a7b3787905d6d3e0ebc71db3
-
Filesize
44KB
MD51e458d7ba453d0c5e8a88551efae4da5
SHA13bd2433e281697bdded659a623984e72216c95c5
SHA256a33a60cd6e74673d6b896e894f17d24d07904bbf33be54a1f0b9c139ac698d10
SHA512df990b810f8b7f38f42de192b3fc14fd1b8a04d49edb63ecd1f67c6b754f83b94a73d15698dbc95ce658a0fd996c523f6c704e454ce26263fb1ecde2aab6e5e4
-
Filesize
264KB
MD58c3bae226fbdb1b45893ddde5c35fe8c
SHA1a97a5a390d6cc6e9523371c70c060662ff52107b
SHA25659f227c5de85f70cf471b224f1e8f9fe5ba48e6f722e236126bc6edfcbf600aa
SHA5123e9feabe76653387a5f55507426acda55b115fc9dd5f70c0e4cd243f95ad58882a8a1f2db580f5440ad822f1e186db45859922beda9a3805d0d75e7b4f927bb2
-
Filesize
120B
MD5a397e5983d4a1619e36143b4d804b870
SHA1aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4
SHA2569c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4
SHA5124159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
11KB
MD5860d3586a817ea60d1aa76f1a5c68429
SHA1b54a83173b03270666164787a9d9f976e25a65d0
SHA2564b94f0c98a93bb2e4822da47032e279b64fc10a7c8bab5faee256f7d8a1177a8
SHA512fb5332053ce38226a4796795536732a75c0197835622056bbcd7e87503c563208b70645e33e2af25edde2c68f113ade5f46e21773c9f4172dddc030b285dd62b
-
Filesize
11KB
MD5abd2e3fbf6ea8213ecaad0e64fea53f9
SHA19b54af8e324428d0d5da715fa3bf317333313389
SHA256da54834f78c1540f5072c48c6168a12a150d1f9d0b38c33db4e9a4421f420bdc
SHA512518d9d48135cad15e811f8ed47334916acd3f15aa90c3a0451ab6342ce787e936918e6eb89b7f2d13e78c46e36a25f253b10e6f7c81fa63592dee611d60b0cc4
-
Filesize
11KB
MD52149f110c7e511fca7074ea97f8d4980
SHA1e0f0a3c5c271f8c2aee9dd1fff1ebe17dfe3438c
SHA25652892da1e678e1f0f948d5154cf5610cca055f625cda0afb10679043e9dcb0c2
SHA512b029a46e2101999e7cd808f29bc986e2ea92b04ac51de95fc920ec27ed8b4e23ea9f6752e705ecd8fa38ee931a9e4a38d9f22de26a4560f691968dfde355c539
-
Filesize
11KB
MD5f0a7c4b57d6ce571e983bccfc58b7ed4
SHA1174dc84678603a35eff25049a3b6e9aa177402a0
SHA256c2f8cefaf61a9b30c0fc02376944c6e7ae4a1012996405e217fd214270413696
SHA512fddb1ae9bfdb28902d81bcfad88a0d2d6dd4f72bec6c0e9446b66b6443cdbce46f80ec96b7f0e40748a3eb187a6c9ca8bbcf48f2e147118c871135e98895d4bd
-
Filesize
11KB
MD586c2cea5a5b747bc9cf90dd8d5cbeffe
SHA17a92c459537eb0812dcb67c8b17689a222bcc34c
SHA256d8d61d98f1d21fa8cac655ae193b1a7818094c037adfd13f157fe56717aeb9a7
SHA51250e5e0ee6433c90272aa79fea739c4202a1f82c5b0f993d6b7af565757078a2ea3cf3674986d54cff6abb5220d28171aebb466f21f41e648cecca7dd5e583161
-
Filesize
11KB
MD5069bc3b66d80db74fff0a0be3b193181
SHA1bad5a47fc0e666c890e08b36ae4295a637c62287
SHA2561f45f4786c077dc611824062955c79663e7be5310a00b94827b8edc15e849507
SHA512e1fc42baa203b13b5e74308b47bd1303406571a4969e60dc6d699766228c34f41fd57c7145c77a268a18bdf41b94e7b99f2d122fb7afbaecad8d08b2d7182f31
-
Filesize
11KB
MD52f9536a193dff508b584c2674009141d
SHA165cd256a223cc391e0a07f8cdb8f0d2c54161489
SHA2562949bf57d39753cad5d845d9f3d990f8031fb3631a8c5a94a1e64328028f7773
SHA51215b5854851b348f5b209af8719c53cf03122455319dccff7872a0c8ab556ed7ccc7eef0896c33790928b7a0fc289813103c9e2c0294164458957f2d6f0c5ae95
-
Filesize
12KB
MD5167e5536acb626a5f3f9241ad381177b
SHA15f941b98fe56375193f9e5ccad29d7b3d8833df4
SHA25675b6447edcc018e24a588f5aed3a1365a5887c6c3540ae63c4d60a08b865e1b6
SHA512bbba2447b7d647a589e0846d20391b12187dcb5dbde44b019d84b0de18cb2a38b796de09e53f619ee1b808e2bcae09873b154fbec3811a6aeee21423cdff12cd
-
Filesize
11KB
MD5236b8bb31e520c725126fbab8b1a8291
SHA15db2500db72dd4da437c1ac6dc514917ba9ff015
SHA256a098cdc7bd7129ff9cc2800b0856c7d3219084b2505708368c49c22e5c370abd
SHA51269176bc3fe5a6e638617b762646eb559d8b0bd75eeaf993cf6aa6e9b19903528a515b0c42c0350e4ba5641f26523b29635f88f6ee9d99ba3e96667587acddf7f
-
Filesize
11KB
MD56a3e408b0d4e38656f64d068e9eee7ec
SHA1df7155ad6ff7f8ba63b0eac785e4bd31ce8e6f6e
SHA2563968448de685a0ce8bbaca3dbecfd103171b12bda73af67796374430b80e0ac3
SHA5120f3019d433afcab1dd0a954771a513bc9fb64f5851d5452c989f28b824769307f95117ba90f70a8a9fae1a863058dec056bf16dd08da7a017e5e388fdacce7fe
-
Filesize
264KB
MD5f5b4f37c5ebdd8fa0b77c14d30c57ff3
SHA142ab0c2131effb0c1b76eee01e71b647508c650c
SHA256719e0ebcbb613acfb14302b8c0feab7ca53658c1acbff1f3016728ea9d0ddde5
SHA51277641012093a70c1edd74c9169dfc1e8253d04e731a966c7712a36926fbdde729353655d100a7786e1c35e89d3a9fd18b7f589d4f56cd502df97743df0f5be0b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD54d17f60f43ffcff2f1a7224227570dc8
SHA14afdac536ba987de8d32e63766327845e44c75e5
SHA25699d224383ea4b8fedc22e2e9b62b2778f1e54c7f1191b939253dad041cf0d6e8
SHA5124de1aafc21336ee106ea2dc134ee44a1ffd1e1b43f4b01ea9eac3ae2edd1c03c2168428b84a9cc5fdba6dfa75e613eb063ab86aa442526f973ade71495d07d56
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD5b3103623d1b1b545078108bd520bf0f0
SHA14c61e5038e8f379bb0ff5c9ac4e237ecd6007fa4
SHA256cb747d485eacdea6d8374ef9697a5d44c9b8f8601af26f8beaa2d30489327392
SHA512714d504da7606e684567b43a4bf4831c5485864c51f703d33d40e3e87f60399ef3c7e806d9c60f64d8199765973022be3a60bbf108fb3fc3ed73b020d3cb2278
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD5cd89589b358746d8ed2866b6e27b02cd
SHA1bd3a690def44abe60428d76c9fe6e43254587779
SHA2562baa28a77a7425467f5be626ac26138651a5c414161e44a6dbd28563032ba0c0
SHA51253ea718b16b244c8e2fdf2dc41818f768120b424489a47776c8901d8d2efdc6f1b45b0934b74b99e60773c7075c48a7b911a750e731efea8dd731eb60d31363e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize11KB
MD524cf9be9c34a8fc18d390ce7a3852425
SHA14072a2d414b7d0ed7ff60dc26575ddb718bc5478
SHA25695983ea9f9a5682495d0d06f2e58352b8f75480b1b2b3944c603dd707d29242c
SHA512cd31dba96d2e62ea41059df69b856ea3b2c9b5a167a2b7c4cd72c6074ba8830e1bb2979c087d037deaa7d611b92f1fd9a36378cb6868fad2cb91313647d68a3e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize10KB
MD58e6a5fe9d33d3c185d1759e247d1a745
SHA113c7aa2cf2f5ce3e82523b5b2c3ed14200467004
SHA25681f01176a056c932e1fb9d8917fb793704d1ee671d524957675cd703e1544b08
SHA512054f88d17b91282375268fbdb6187a6e1a2ca962ce04c839161f9a81b08e8d6017b19d3145afc70e48ec54eabf23f053eff79bfb4da8e93ebd734e8149bf867e
-
Filesize
6.3MB
MD5a29fd1ddc8d3cb0d2a4bb897d863a5b4
SHA1e7a2fdfd0be839c3e145e8e8575fa8b6fdb85880
SHA256a18b2fd6294629121db173d60e709b3ff24eeae96f6ce33beba76383df8c45be
SHA51256de5450b013a90a9d2f6d792d392800d503d8b34acd4d5ab1063758d427996fee6a27844cfc05917d59a3f06f9c7256be5a3bae0b136824ccd155090f4d105e
-
C:\Users\Admin\Desktop\@[email protected]
Filesize933B
MD57e6b6da7c61fcb66f3f30166871def5b
SHA100f699cf9bbc0308f6e101283eca15a7c566d4f9
SHA2564a25d98c121bb3bd5b54e0b6a5348f7b09966bffeec30776e5a731813f05d49e
SHA512e5a56137f325904e0c7de1d0df38745f733652214f0cdb6ef173fa0743a334f95bed274df79469e270c9208e6bdc2e6251ef0cdd81af20fa1897929663e2c7d3
-
Filesize
3.0MB
MD5fe7eb54691ad6e6af77f8a9a0b6de26d
SHA153912d33bec3375153b7e4e68b78d66dab62671a
SHA256e48673680746fbe027e8982f62a83c298d6fb46ad9243de8e79b7e5a24dcd4eb
SHA5128ac6dc5bb016afc869fcbb713f6a14d3692e866b94f4f1ee83b09a7506a8cb58768bd47e081cf6e97b2dacf9f9a6a8ca240d7d20d0b67dbd33238cc861deae8f
-
Filesize
37KB
MD535c2f97eea8819b1caebd23fee732d8f
SHA1e354d1cc43d6a39d9732adea5d3b0f57284255d2
SHA2561adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e
SHA512908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf
-
C:\Users\Admin\Documents\@[email protected]
Filesize240KB
MD57bf2b57f2a205768755c07f238fb32cc
SHA145356a9dd616ed7161a3b9192e2f318d0ab5ad10
SHA256b9c5d4339809e0ad9a00d4d3dd26fdf44a32819a54abf846bb9b560d81391c25
SHA51291a39e919296cb5c6eccba710b780519d90035175aa460ec6dbe631324e5e5753bd8d87f395b5481bcd7e1ad623b31a34382d81faae06bef60ec28b49c3122a9
-
Filesize
3.4MB
MD584c82835a5d21bbcf75a61706d8ab549
SHA15ff465afaabcbf0150d1a3ab2c2e74f3a4426467
SHA256ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa
SHA51290723a50c20ba3643d625595fd6be8dcf88d70ff7f4b4719a88f055d5b3149a4231018ea30d375171507a147e59f73478c0c27948590794554d031e7d54b7244
-
C:\Users\Default\Desktop\@[email protected]
Filesize1.4MB
MD5c17170262312f3be7027bc2ca825bf0c
SHA1f19eceda82973239a1fdc5826bce7691e5dcb4fb
SHA256d5e0e8694ddc0548d8e6b87c83d50f4ab85c1debadb106d6a6a794c3e746f4fa
SHA512c6160fd03ad659c8dd9cf2a83f9fdcd34f2db4f8f27f33c5afd52aced49dfa9ce4909211c221a0479dbbb6e6c985385557c495fc04d3400ff21a0fbbae42ee7c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e