Resubmissions
11-08-2024 08:57
240811-kwnd5ssgrq 811-08-2024 08:53
240811-ktthdasgml 811-08-2024 08:47
240811-kp4sjssflj 1011-08-2024 08:37
240811-kjelgawfla 811-08-2024 08:32
240811-ke9k2sscqm 1011-08-2024 08:29
240811-kdnl7awdrb 611-08-2024 08:26
240811-kbzxfawdlc 6Analysis
-
max time kernel
132s -
max time network
137s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
11-08-2024 08:53
Static task
static1
Behavioral task
behavioral1
Sample
MEMZ-Destructive.7z
Resource
win11-20240802-en
Errors
General
-
Target
MEMZ-Destructive.7z
-
Size
17KB
-
MD5
d91a65636b8d4b7437983e064e2580fa
-
SHA1
2bfaf387d22b7e9c1a54c35d8ab33fa84006ece3
-
SHA256
c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c
-
SHA512
0175a90f980354b6f9a0fb66be6672c18c03a33fb547a0a16d159f18745f59fc5f4d9dae69dfd4d3bcffbc1bd3bbc73901000931dc3c12b70dde6e4e72a92f9f
-
SSDEEP
384:CxpNbARMGzvkdrUUAhybY4GfheFQb4M4ecf3iQ/FF87u20VoDWXeQT:Cxp6RLzMtUUVMsFQb4ycfiQ/o10XeQT
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 7 IoCs
pid Process 2300 MEMZ.exe 2308 MEMZ.exe 4856 MEMZ.exe 3196 MEMZ.exe 2452 MEMZ.exe 4560 MEMZ.exe 2920 MEMZ.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 49 raw.githubusercontent.com 1 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3761892313-3378554128-2287991803-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3761892313-3378554128-2287991803-1000\{6690BD9F-DC34-4162-ADFB-77E1F41CCA01} msedge.exe -
NTFS ADS 3 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 804290.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 989614.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1228 msedge.exe 1228 msedge.exe 3440 msedge.exe 3440 msedge.exe 3700 msedge.exe 3700 msedge.exe 1040 identity_helper.exe 1040 identity_helper.exe 5004 msedge.exe 5004 msedge.exe 4456 msedge.exe 4456 msedge.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe 2308 MEMZ.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeShutdownPrivilege 2308 MEMZ.exe -
Suspicious use of FindShellTrayWindow 42 IoCs
pid Process 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe 3440 msedge.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4904 OpenWith.exe 2452 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 2308 MEMZ.exe 4856 MEMZ.exe 3196 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 2452 MEMZ.exe 2308 MEMZ.exe 4856 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 3196 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 2452 MEMZ.exe 2308 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 2308 MEMZ.exe 4856 MEMZ.exe 3196 MEMZ.exe 2452 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 4856 MEMZ.exe 3196 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 4856 MEMZ.exe 3196 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 3196 MEMZ.exe 4856 MEMZ.exe 2308 MEMZ.exe 2452 MEMZ.exe 3196 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3440 wrote to memory of 1684 3440 msedge.exe 88 PID 3440 wrote to memory of 1684 3440 msedge.exe 88 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 2556 3440 msedge.exe 89 PID 3440 wrote to memory of 1228 3440 msedge.exe 90 PID 3440 wrote to memory of 1228 3440 msedge.exe 90 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91 PID 3440 wrote to memory of 448 3440 msedge.exe 91
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.7z1⤵
- Modifies registry class
PID:1840
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb3f893cb8,0x7ffb3f893cc8,0x7ffb3f893cd82⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:22⤵PID:2556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:82⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:12⤵PID:2764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:12⤵PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5132 /prefetch:82⤵PID:2828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:12⤵PID:3436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:4996
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:12⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:12⤵PID:1496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵PID:3444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:3232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:12⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7184 /prefetch:82⤵PID:2616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6896 /prefetch:82⤵PID:580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7316 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:4456
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2300 -
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2308
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4856
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3196
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2452
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4560
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /main3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:2920 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵
- System Location Discovery: System Language Discovery
PID:768
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,14959514810220833532,11132156135190968954,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6772 /prefetch:22⤵PID:5004
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3060
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4964
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5b98ca11a7a4966ea60fb3a8cdee2b677
SHA12d08367686544af425be2cc464bae37ce4b56b38
SHA256490d92402814d2f40735329bd187a88a2dd264cda2866b4c753e67b5385fd4ce
SHA512f355051cf46b06f105611593118d9a5916bcf959a44e8f53c9ecb4ba1e0650954544b6d09423e7b4d0cf41f6e7ce45c8bb183ebca354738b1fc3e19de0771192
-
Filesize
152B
MD54c3889d3f0d2246f800c495aec7c3f7c
SHA1dd38e6bf74617bfcf9d6cceff2f746a094114220
SHA2560a4781bca132edf11500537cbf95ff840c2b6fd33cd94809ca9929f00044bea4
SHA5122d6cb23e2977c0890f69751a96daeb71e0f12089625f32b34b032615435408f21047b90c19de09f83ef99957681440fdc0c985e079bb196371881b5fdca68a37
-
Filesize
152B
MD5c4a10f6df4922438ca68ada540730100
SHA14c7bfbe3e2358a28bf5b024c4be485fa6773629e
SHA256f286c908fea67163f02532503b5555a939f894c6f2e683d80679b7e5726a7c02
SHA512b4d407341989e0bbbe0cdd64f7757bea17f0141a89104301dd7ffe45e7511d3ea27c53306381a29c24df68bdb9677eb8c07d4d88874d86aba41bb6f0ce7a942c
-
Filesize
168KB
MD5d19c43fe51b1338cfa81525697f47645
SHA1ed02b32bad8eeea8673f66ec93b7c6d76a3168de
SHA25630785c827af31871b624c4e8b412f9d56cd0fe41e5726f1264d27ec2d7ea3b34
SHA5121fbe14121102b9b8a98d8422d5a2155302f82e4113b56a91f2a46bce4f43e103a2712848964c04cc28701576c99c54c3a1f20a7cece5877fc4ce5c25fb4f659f
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
67KB
MD5a074f116c725add93a8a828fbdbbd56c
SHA188ca00a085140baeae0fd3072635afe3f841d88f
SHA2564cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6
SHA51243ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28
-
Filesize
41KB
MD5a7ee007fb008c17e73216d0d69e254e8
SHA1160d970e6a8271b0907c50268146a28b5918c05e
SHA256414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346
SHA512669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD59f8f80ca4d9435d66dd761fbb0753642
SHA15f187d02303fd9044b9e7c74e0c02fe8e6a646b7
SHA256ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359
SHA5129c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63
-
Filesize
43KB
MD5209af4da7e0c3b2a6471a968ba1fc992
SHA12240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA51209201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35
-
Filesize
74KB
MD5b07f576446fc2d6b9923828d656cadff
SHA135b2a39b66c3de60e7ec273bdf5e71a7c1f4b103
SHA256d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496
SHA5127358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df
-
Filesize
27KB
MD5c3bd38af3c74a1efb0a240bf69a7c700
SHA17e4b80264179518c362bef5aa3d3a0eab00edccd
SHA2561151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8
SHA51241a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e
-
Filesize
37KB
MD5a2ade5db01e80467e87b512193e46838
SHA140b35ee60d5d0388a097f53a1d39261e4e94616d
SHA256154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15
SHA5121c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8
-
Filesize
37KB
MD593acf02790e375a1148c9490557b3a1d
SHA178a367c8a8b672dd66a19eb823631e8990f78b48
SHA2564f2513f353c2cdd3177e3890f216ea666e4eb99477a56a97ff490f69a9833423
SHA512e6354f4e4d35e9b936a7ddaebdd6527c37e6248c3f2d450c428903a32d77439cab78020a45834379cf814a79149c3dddf4e1280b9d06a7f972e5f8e61c463d6e
-
Filesize
21KB
MD5a6d2a865e9f16ea305950181afef4fcf
SHA1082145d33593f3a47d29c552276c88cf51beae8e
SHA2562e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2
SHA5126aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9
-
Filesize
18KB
MD52e23d6e099f830cf0b14356b3c3443ce
SHA1027db4ff48118566db039d6b5f574a8ac73002bc
SHA2567238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717
-
Filesize
20KB
MD5c4b8e9bc1769a58f5265bbe40f7785ef
SHA107ff14df16d4b882361e1a0be6c2f10711ddce50
SHA2562786986a3139e9722e667f81b4902609a4cf458e1c16206cd11feceee0254192
SHA512a39157460b523ee2b9e1eacccf7aed99ff002767a8f87287c1c4662b6711b97f7d4955df64a86a882417fe71e598719e3934e14f787c1e6b3348c8a4c813e3ad
-
Filesize
19KB
MD5f5b631335f170065edf1b148e10b34d4
SHA1ca34f82af577fec763ed38f0436d20f1cf766f62
SHA25699be964ed51ca453ccfaa264a1ea9490da11e32b53765919172b6d3749a9f846
SHA512c66791cbdc7c0d12e7295eb26eb583b26e03692c8986ab7d5dac0e6a561b8b68a8a9e33814121efc700ff6b472aa4f685162b0c75439b144f12286c9e28c7cc7
-
Filesize
17KB
MD5109a8cceba33695698297e575e56bfad
SHA12b8c6dce1ccd21a6eea2dd9aef2a8a6bde389053
SHA256dd82d9ac034f0a06524fc1d5ef884c29a7e4d586a1e7db66e339dc54fac3636d
SHA5126d51ed30c45560838df921212370a0044640a8e3c0433922106225cb6fec8cc115ac6191c753da13def21c4e0db4deb5782fb7a75ada822ced1db7c7d13beaf3
-
Filesize
57KB
MD5919d13ecf08e3da7e9f337e7b60d6dec
SHA13d9bd4aa100f69cf46ad175259edd6ce9864830c
SHA2569d4575044d2efd5e90503beda65571b5158a3f32d999191ac1f82d1a5ee62ad0
SHA51298d8236ed1c44826b4489b9fb7b76c62502a032547374446c53dcf2eee2f5fe3548c6587fce66df9d075294bc2ab6be97c3cb21457bc899451ebd3b476715985
-
Filesize
53KB
MD5cfff8fc00d16fc868cf319409948c243
SHA1b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA25651266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA5129d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b
-
Filesize
137KB
MD5a336ad7a2818eb9c1d9b7d0f4cc7d456
SHA1d5280cb38af2010e0860b7884a23de0484d18f62
SHA25683bdfb7d266fd8436312f6145c1707ddf0fb060825527acfe364c5db859887a3
SHA512fa69455b3bfc162ab86a12332fe13322dfd8749be456779c93a6ab93e1d628e246a31a0a55cdba0c45adb3085acd62ba0a094b2115529d70cb9f693f3b1da327
-
Filesize
23KB
MD5bc715e42e60059c3ea36cd32bfb6ebc9
SHA1b8961b23c29b9769100116ba0da44f13a24a3dd4
SHA256110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745
SHA5125c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc
-
Filesize
18KB
MD5f662a78c60c86e52644cb01ee6c3624f
SHA13c46ab6a02b6183bb62fb6b4ddbc1dd0ae4a67e0
SHA256d0c4541d943a8035ff4c52ac1d2f5fcec8feafbca7cfe99f71f6ab7b454a6dab
SHA512abe3298983e3956186e6c79b0b7d292232bfca20c7a2ee5e1d9c0e82ad5d2b42027e913237f27dd9270d3e9c7f3fcebaff1fd585f525b2d855d55aa0d89a7020
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD505b70b5c75100c44ab66e692df49c611
SHA1fb11fa8fcaa6679ce7073fdc460b83550abd57b5
SHA256d3dd6436acb9a15a350c3866afdced1686e00f635fc8b18c18a02c5b46fdb080
SHA512b0cc4d6097652ddc528535ff13ab28697e445c8d8d3e20686cf3a034e4be46027f4200c78ea7a0b6d1a2ef6f2d6b9e5e274e922686ed12c027d741d83d90780f
-
Filesize
1KB
MD57a54cd57a24a3a6ac9dc9e85f555165b
SHA16f108f068f70b2f260114e033722baa6963a2630
SHA256a3557d7ed21a6933b35ecce115c479bfa2798c9bc1bc42ccc66e541b9a263cb8
SHA512a35da6d348c7cd7ed5228dd332f9ca566aae55d15b60959350e647c36f877bc58b7e0451323a3f8915d30ea6159562a152c9f8519249d522e41fd3c85293ab2d
-
Filesize
5KB
MD52578f8e31117d0673f724396a1b0767d
SHA13dd4a996860d4e41c0aeffb0e249f4d9d2c946de
SHA256855a0ffb191e63304fd848f52e90915b0c65b07bae3ad8baecb5533203a34100
SHA51271bf73bef66314dda9437c65e7b9ce653328159b2e7a40faecc005ecbf42230913b9476dd8b49cac7383b291b458f0a3c2e4f178fbeeda087295d26445193e94
-
Filesize
6KB
MD558e57e001a69c0251d37d286146e1ee5
SHA1cd5f271d153ecb6f1b85027022940e206cad0efe
SHA256404c974e50dcd5acb8d4ba9a194a987e0c8bde5e49a6b1ccb154b1a7d6ff74bf
SHA512d852d0017dcac754494d036a06846268eac56829b309d38774dc2c1c58fdaeb16162a2329979704c5b9c521a879995fcde23cb0289aacb7226e51aff27681c2a
-
Filesize
6KB
MD59d54140966e6d6dbea9cf54895c61942
SHA103096063bce5f0f4d15dfdd7ce9e671359546e68
SHA2561eab96e83605c48486b1a297d2aafa00eab094e32095e8752c8fa3828deb157a
SHA5126de1d7df658ca0f00132de068edf37f0af60c67f0e009648fe23ac511417f2d79d156b9c29942468bbd3dcc0c1d1d58460073dee7a02c1af40fb8630c44050aa
-
Filesize
6KB
MD54c4ccae73fa29c29a53fcbc14af3e51e
SHA1f6034114daab87840fee46b9fd2617ff7620fd44
SHA256d892d7b7592a8f208ae8ffc1a68ac4191e45f365f536995a2c1dc12ff48f784a
SHA5120e967a7a508c577b509d840c2a5ffbeb89ae05d805c550742aa9445d6af435f82074299e12be6a5264aaed410f57e59c1c090971e71ce14e7e9e20b77adbc6bd
-
Filesize
6KB
MD55cd3e5ae42b53f16f244598c62880f14
SHA16b0e3cdf856ad6cb555f8a59130969911be80f76
SHA2568e53819148ba2cd56be8408acd3e429dd57e5019002a897d34b59d0abf4133ab
SHA512a756758b0e677bc2e983f46f05b228e7911fe4207de908813690d3274215aad5550d1f8a24a2bb9afdf6f72ffcd15591793e5d08148ed4560083219e9430cf19
-
Filesize
6KB
MD58c2e8f89d769f4e08354679568efcf49
SHA11b2087eec1917e5ba95eac6013883e3b197199ed
SHA25645a9927c4b435c099860cbe6802f9456971b56c9d6c6c0925a2fdece740b3e79
SHA5126403cf197ecfc9c949565f3fddfca0a71967370da63d3c660f3f9e4681b466ebe4f735dda18a1f67d1e444535ea435c38d70bd4b5171a971d6497e21dc272e2f
-
Filesize
1KB
MD5d59b4117f31ba1f89fce80f4aa6230bc
SHA1928da799e133a983ef03b7a7609810d506856371
SHA256f87bc845b6f995ca562b057bd98720889cdaf7eb9c677bbf86b254661e2b101c
SHA512b062fb76d9a0a6bb34475cce81a2a50fa43b7712ad6b4fefe387b99116c0b92921b88634125938694bde9f0fec8d55664f8b29af2e6750ffdb830909ea4c81c1
-
Filesize
1KB
MD5b27107374aa223100a7dd85d0aab9f8a
SHA1771cdc59bf7b6ee27af6bb2c2c8c69e9fb90cd93
SHA2566757a18bf64f4872f2967d42a7c7a9233e35678dd53f90c3f3456ff416b24c12
SHA51233c5aaeb9a001761226ce981d6135f6e02373b6690e70e3ff882c1a070eb0270879b8d7ac40cbcee6584357cef52c22a757b77fece40f91d02bd9399c6a2baca
-
Filesize
1KB
MD51108d9dcdb8b30493d1e9810bebd802a
SHA1f5d04a0f3364ee2af874a9c14bc25e6b4361c193
SHA256cde1e3a13db6ea6d1a36009b0be0e40933316e54328ce6fd841e7da7fe4f3cf0
SHA512961a40007f264ba14b76a792c90af24b39a0e23c7842816d9292cecca49e850dd7ce94f622a533b1588e34d5c29afaad4d0e77a9caa0be6698d971cb4883cd32
-
Filesize
1KB
MD5b5ae4bf2efdc52b298f637d8d450700c
SHA131b8ecaa0395b758078c7cfe9a8756b856e8e462
SHA2564c558393e1f6a48beb4f7e83c62455e214a12c6a2650fbda0d4cd63462d8e5ef
SHA5128011bf8c4ef6be8844d605fe551660cea328c20eebc9264f7bc008b342c886ae46ff75e6346975c5b78dc6d3db09b845f810247644fa3a7504837f007f6d06e6
-
Filesize
1KB
MD5bd1ed132af89d065c02136901aee945c
SHA1107b4606854c4203335a8b22490605d566fc8f00
SHA25655fbfc33c6932fb74da02e4a574add69032516fb00571c06c7b871bb4720769d
SHA5126ebd38f18bf05a1ead898733143515a744590f26143e1104408b661f3280c50718568e78139725868c9874ec2eb31fa37fd331cbec61b48c5a2e59a639955d27
-
Filesize
538B
MD5ed8db05aa25f39ee316f0a4ece823893
SHA1257bc40d580719d457842285e055069bfcf3afd4
SHA256e184066dc892c2968f972aa65849d69333aea30e0821e9df48542f48f647d0fa
SHA512d124044a213f44b0b4fe8052473fbb44df4e24006e2a7053c0f0a5f4e8b4f831736f75400d1ed96e51a7acb1e6a4acb8e5c3286cae0d9411457fb8ae6dfdc30e
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5904c4c0fe5e63bdd36f61f2f47f2e33b
SHA12de84bbdafd2ccd8b0ff6efd8ae314203bfc97c3
SHA2567383cafdcee489a0249278d91f3f26a9e6caa8aad036b1144e7e64f7fce09a08
SHA5128b8162d0ec94f00e68acb11e6ca5cab80102e5c4cf223204b372c6b6f7e4899f64e5026759f23a820902aa6decedc88a271e22dccc2cb37b96bc3c09ac679fbc
-
Filesize
11KB
MD5ef6417f9c5403ea90b501e6325a9eae1
SHA1e83d60bb47df674a50cc64540a094ff42bf4b6f2
SHA25649d65a11b76aaee0888d130a187a7cfc29c8fdab81b6d161d4d9aedbfcee42f3
SHA512d952464aaf2bc713a09b5b5f829991fe381a2905cce28d897cc3d09e03908fe3f487169a9ecd285f8d2e49b51be0004ba7b9ba47c7210189851dec654dd44549
-
Filesize
16KB
MD51d5ad9c8d3fee874d0feb8bfac220a11
SHA1ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA2563872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf