Resubmissions
11-08-2024 08:57
240811-kwnd5ssgrq 811-08-2024 08:53
240811-ktthdasgml 811-08-2024 08:47
240811-kp4sjssflj 1011-08-2024 08:37
240811-kjelgawfla 811-08-2024 08:32
240811-ke9k2sscqm 1011-08-2024 08:29
240811-kdnl7awdrb 611-08-2024 08:26
240811-kbzxfawdlc 6Analysis
-
max time kernel
212s -
max time network
207s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
11-08-2024 08:57
Static task
static1
Behavioral task
behavioral1
Sample
MEMZ-Destructive.7z
Resource
win11-20240802-en
Errors
General
-
Target
MEMZ-Destructive.7z
-
Size
17KB
-
MD5
d91a65636b8d4b7437983e064e2580fa
-
SHA1
2bfaf387d22b7e9c1a54c35d8ab33fa84006ece3
-
SHA256
c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c
-
SHA512
0175a90f980354b6f9a0fb66be6672c18c03a33fb547a0a16d159f18745f59fc5f4d9dae69dfd4d3bcffbc1bd3bbc73901000931dc3c12b70dde6e4e72a92f9f
-
SSDEEP
384:CxpNbARMGzvkdrUUAhybY4GfheFQb4M4ecf3iQ/FF87u20VoDWXeQT:Cxp6RLzMtUUVMsFQb4ycfiQ/o10XeQT
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 7 IoCs
pid Process 2080 MEMZ.exe 2216 MEMZ.exe 2108 MEMZ.exe 768 MEMZ.exe 3908 MEMZ.exe 2160 MEMZ.exe 784 MEMZ.exe -
Loads dropped DLL 1 IoCs
pid Process 2268 Taskmgr.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 2 raw.githubusercontent.com 45 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\MEMZ (1).exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 9 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName Taskmgr.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Taskmgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{7A7576E2-BA8F-4D83-85CB-3A02FCC4CC49} msedge.exe -
NTFS ADS 5 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 471256.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\MEMZ (1).exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Unconfirmed 597515.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2020 msedge.exe 2020 msedge.exe 3592 msedge.exe 3592 msedge.exe 1196 msedge.exe 1196 msedge.exe 1824 identity_helper.exe 1824 identity_helper.exe 2540 msedge.exe 2540 msedge.exe 1192 msedge.exe 1192 msedge.exe 3272 msedge.exe 3272 msedge.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe 2216 MEMZ.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 2268 Taskmgr.exe Token: SeSystemProfilePrivilege 2268 Taskmgr.exe Token: SeCreateGlobalPrivilege 2268 Taskmgr.exe Token: SeShutdownPrivilege 768 MEMZ.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe -
Suspicious use of SendNotifyMessage 51 IoCs
pid Process 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 3592 msedge.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe 2268 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 1564 OpenWith.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2216 MEMZ.exe 2160 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2216 MEMZ.exe 2160 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2216 MEMZ.exe 2160 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2216 MEMZ.exe 2160 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2216 MEMZ.exe 2160 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2160 MEMZ.exe 2216 MEMZ.exe 3908 MEMZ.exe 768 MEMZ.exe 2216 MEMZ.exe 2160 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3592 wrote to memory of 5004 3592 msedge.exe 83 PID 3592 wrote to memory of 5004 3592 msedge.exe 83 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2288 3592 msedge.exe 84 PID 3592 wrote to memory of 2020 3592 msedge.exe 85 PID 3592 wrote to memory of 2020 3592 msedge.exe 85 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86 PID 3592 wrote to memory of 4144 3592 msedge.exe 86
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.7z1⤵
- Modifies registry class
PID:4616
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcdddd3cb8,0x7ffcdddd3cc8,0x7ffcdddd3cd82⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:22⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:4144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:2988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:12⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:12⤵PID:1172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵PID:480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5512 /prefetch:82⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4668 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:3472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:12⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:12⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:12⤵PID:2880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵PID:3612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:12⤵PID:2780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵PID:4236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:12⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:12⤵PID:2040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:12⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:12⤵PID:348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1648 /prefetch:82⤵PID:3308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3272
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2080 -
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2216
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2108
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:768
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3908
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2160
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /main3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:784 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵
- System Location Discovery: System Language Discovery
PID:4820
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2268
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4924 /prefetch:22⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6208 /prefetch:82⤵PID:4644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1268 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:800
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2880
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2352
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59af507866fb23dace6259791c377531f
SHA15a5914fc48341ac112bfcd71b946fc0b2619f933
SHA2565fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7
-
Filesize
152B
MD5b0177afa818e013394b36a04cb111278
SHA1dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db
-
Filesize
174KB
MD5d4d64c6fa9ef000d20b8128647613eb4
SHA1692d6a0e94639561f4ba4eb5edeee8cc42c95f3f
SHA256026fa13ac8e1a4b1d2245c6108020e96fd46da63c02c47fb53f3bfd5cb8b0dac
SHA512a2db6daf5a02a7696d2fbf1aca7a352f8f15f05b0d5e5abd79596bd145c499d2a380b352c5dcdd977f5f0f11383ecda7ac87f607ff80e3023a15258c4fee3cae
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
67KB
MD5a074f116c725add93a8a828fbdbbd56c
SHA188ca00a085140baeae0fd3072635afe3f841d88f
SHA2564cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6
SHA51243ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28
-
Filesize
41KB
MD5a7ee007fb008c17e73216d0d69e254e8
SHA1160d970e6a8271b0907c50268146a28b5918c05e
SHA256414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346
SHA512669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD59f8f80ca4d9435d66dd761fbb0753642
SHA15f187d02303fd9044b9e7c74e0c02fe8e6a646b7
SHA256ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359
SHA5129c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63
-
Filesize
43KB
MD5209af4da7e0c3b2a6471a968ba1fc992
SHA12240c2da3eba4f30b0c3ef2205ce7848ecff9e3f
SHA256ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403
SHA51209201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35
-
Filesize
73KB
MD5cf604c923aae437f0acb62820b25d0fd
SHA184db753fe8494a397246ccd18b3bb47a6830bc98
SHA256e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4
SHA512754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8
-
Filesize
27KB
MD5c3bd38af3c74a1efb0a240bf69a7c700
SHA17e4b80264179518c362bef5aa3d3a0eab00edccd
SHA2561151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8
SHA51241a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e
-
Filesize
25KB
MD542e84ebcf5470237abd1f9e322b751fe
SHA1a828a45804554507d9e8521c36109e8bc3d5eca2
SHA256a9fc7baee3689f0331e46617f60d6e7c3ed631209b7211e7dd09cf20d22a64c1
SHA51236606d42aee5689819dedf221af3c6c0da06aeb9997b9ce84b42db42ab80a0926352219f1e47f2287dcc850fcc96e4eefd5e487e09e1f1228102eced11271e25
-
Filesize
37KB
MD5a2ade5db01e80467e87b512193e46838
SHA140b35ee60d5d0388a097f53a1d39261e4e94616d
SHA256154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15
SHA5121c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8
-
Filesize
21KB
MD5a6d2a865e9f16ea305950181afef4fcf
SHA1082145d33593f3a47d29c552276c88cf51beae8e
SHA2562e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2
SHA5126aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9
-
Filesize
37KB
MD593acf02790e375a1148c9490557b3a1d
SHA178a367c8a8b672dd66a19eb823631e8990f78b48
SHA2564f2513f353c2cdd3177e3890f216ea666e4eb99477a56a97ff490f69a9833423
SHA512e6354f4e4d35e9b936a7ddaebdd6527c37e6248c3f2d450c428903a32d77439cab78020a45834379cf814a79149c3dddf4e1280b9d06a7f972e5f8e61c463d6e
-
Filesize
20KB
MD5c4b8e9bc1769a58f5265bbe40f7785ef
SHA107ff14df16d4b882361e1a0be6c2f10711ddce50
SHA2562786986a3139e9722e667f81b4902609a4cf458e1c16206cd11feceee0254192
SHA512a39157460b523ee2b9e1eacccf7aed99ff002767a8f87287c1c4662b6711b97f7d4955df64a86a882417fe71e598719e3934e14f787c1e6b3348c8a4c813e3ad
-
Filesize
18KB
MD52e23d6e099f830cf0b14356b3c3443ce
SHA1027db4ff48118566db039d6b5f574a8ac73002bc
SHA2567238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717
-
Filesize
17KB
MD5109a8cceba33695698297e575e56bfad
SHA12b8c6dce1ccd21a6eea2dd9aef2a8a6bde389053
SHA256dd82d9ac034f0a06524fc1d5ef884c29a7e4d586a1e7db66e339dc54fac3636d
SHA5126d51ed30c45560838df921212370a0044640a8e3c0433922106225cb6fec8cc115ac6191c753da13def21c4e0db4deb5782fb7a75ada822ced1db7c7d13beaf3
-
Filesize
19KB
MD5f5b631335f170065edf1b148e10b34d4
SHA1ca34f82af577fec763ed38f0436d20f1cf766f62
SHA25699be964ed51ca453ccfaa264a1ea9490da11e32b53765919172b6d3749a9f846
SHA512c66791cbdc7c0d12e7295eb26eb583b26e03692c8986ab7d5dac0e6a561b8b68a8a9e33814121efc700ff6b472aa4f685162b0c75439b144f12286c9e28c7cc7
-
Filesize
57KB
MD5919d13ecf08e3da7e9f337e7b60d6dec
SHA13d9bd4aa100f69cf46ad175259edd6ce9864830c
SHA2569d4575044d2efd5e90503beda65571b5158a3f32d999191ac1f82d1a5ee62ad0
SHA51298d8236ed1c44826b4489b9fb7b76c62502a032547374446c53dcf2eee2f5fe3548c6587fce66df9d075294bc2ab6be97c3cb21457bc899451ebd3b476715985
-
Filesize
53KB
MD5cfff8fc00d16fc868cf319409948c243
SHA1b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA25651266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA5129d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b
-
Filesize
137KB
MD5a336ad7a2818eb9c1d9b7d0f4cc7d456
SHA1d5280cb38af2010e0860b7884a23de0484d18f62
SHA25683bdfb7d266fd8436312f6145c1707ddf0fb060825527acfe364c5db859887a3
SHA512fa69455b3bfc162ab86a12332fe13322dfd8749be456779c93a6ab93e1d628e246a31a0a55cdba0c45adb3085acd62ba0a094b2115529d70cb9f693f3b1da327
-
Filesize
23KB
MD5bc715e42e60059c3ea36cd32bfb6ebc9
SHA1b8961b23c29b9769100116ba0da44f13a24a3dd4
SHA256110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745
SHA5125c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD53e1fe5bf89ff9fb0850f5b316392fce7
SHA1147ccb5b5136ea6f1bacdbce8d0371bbf6e7d219
SHA25684c11342bdff5c2cd1d21e1130ad999a0e1615a007601fca26eb80ebf5200ec5
SHA512d1b771b362665448d2adf669afd5562251abb9e8793cbf2a7bb16fb4da4564032eae7905f406174413e47781d8ce8c7ba401d72ccc27ea697912615a27902016
-
Filesize
1006B
MD518d7e7a6c74afa02f68f885d16bc87d4
SHA17519617e493e045265ccb02692a32e8cb9dd1255
SHA2564e104e7e1ac7330ebe375a5497999dd73f3f3724e3ea36c74d17f5a93b67191d
SHA5122fa025815f6fff6000e9a0c14e125b9d627dfb2ebcd3372936bcf1f2aa078696e7c1a0c5aa3d60e3ec762d7a49d554046336593a5aa51038e141839916179e92
-
Filesize
1KB
MD5b75bb4e32d8f5e2f9243f4d91e1ed524
SHA1117dde5355675a806356f81d20948c57b94ddfeb
SHA2564b4e5fe5665d1bd0ccc7416c2e60a86c00e596cccc67ed6a25d5fc4e8f596b53
SHA51258ca4ee030ecffcd88ebcd3572b871dfcec0a3d0fc2b9aab236f132eab7b6c75fb76a2c6a0d6c9250b718ad180695b6f7db4adb55bda270f4ffd4a2c0219017b
-
Filesize
6KB
MD50afe463acb5bbee409d5cbeeb3cefe69
SHA18afd746cc6d81b3178907f46d4582d34203c9801
SHA2567bbf35162625237f9ef4ff066be7325d737d8bc50ca87d1b582f309561cb9a45
SHA51266df7196e6181bea4703a77425f6dcb3b756b9a5bb0dd7be47020c14963c104609abd4266bb659624c7bc7e019979dc25407f35271fa16bb5164c877ed134510
-
Filesize
6KB
MD537018aa53caa52ff6a7a5f069cc37f14
SHA18f0eb64cb9cd343be657b503061c2bfe4fcc618c
SHA256d15f2004560bbea550598ae61a68c388141cddd46e96c61315f77361784009dc
SHA512ce892c96ed494f41695d8926d4329a10b5fdd5b4637f6bb8c883f077e3ad294d5fdfcd2e499cb408209d200101a51c522e1631bdc36ee7873dda5aac4be21fbd
-
Filesize
6KB
MD5e8c6092ae6cdee3b3f539a406a3103ed
SHA16e5d41b0f08c8f22c3ee772665436df0e8629484
SHA256ae0b62bcd39d227fc71ac86cff0bf26c8ced1e5458fa942653acb185398654c7
SHA5120c3669901b38e1910172650b2adcd868836ddb4c9e0e10aee0884659859afa613ab5644837fea2ba92f3da84a504a7a390e3ce545f1470cf3e12ac9fc75a2425
-
Filesize
6KB
MD5f1b24170f49ee6a2b1e6597edea9d8db
SHA1d8113fb368b0b771bdfa2c5965af4c10bc3a610d
SHA25649e38d22840717a05f5576ae7cdb509c8042e2818a17792ef1f6527e8e996a84
SHA51225d98a7ed3817cc8272a0a6c9597846511e9f154221e7c47cbfca80c58a124ff213b491b0bdc88a7625aa7ddabfe3b5aa3c910f5010a09cac2a2fdb73cef6b84
-
Filesize
6KB
MD5903d67a94b7e59bd10beb103abe72737
SHA1c14d8bad42ad7d51e533b85526b34a11326f319c
SHA256f88438ffd10388fdbd49e3fb20cf3e2737de5bc9707b1d16336472a981477e51
SHA51264635270d0f5dc7dc3aa90a0215bc1c4315d67e385aa34268f6bb9bc1a7438dce5c46ecf5f1664825632d4781b7a6541d2b57af3282838f41ac8b4162d8b7592
-
Filesize
6KB
MD51278428245b7f98c76938beca97c6ff7
SHA121eb6a8cc20c9e0e3ac3669d9df8c6f9cd01f9ba
SHA256a05e7f875787a1eaeff4cfa8dbf3f160dce8435739d0c5dadded5ed699666d58
SHA512b20e0910547ecfefbb41dc7a047db3ca19629d96968ce6868f2b662dea4edc8d8e8c56ecba2d56d2344c7c00eefaa1906eb7a0b87592babb8155f19e5f01c0ac
-
Filesize
1KB
MD56d297f832e0bf3a42dfcabf1ecd9d0d7
SHA1d12a988513c4d26ec6ce4611cfad5ba1feae7945
SHA2563f60d88832982537e80b4f74a9285d09233b23b3d034844132e8c418ad563d54
SHA5126742c172a236602eb0af835a751c70dd298f5fa9b964b02665ee8202852d15b7a00f07266a24f820b0f3432434658819ed48801795da66b2b9d0c3d65afc4d26
-
Filesize
1KB
MD5597a5fb9a717c25392f605613a70e90e
SHA19f4651d0dbbaa595487c07c7884e23d8c9fcd080
SHA256c3dc67c2494417ef406a1b6d4494087c6318304e22ac4e591144a1134f654480
SHA512caa97bc406f487fab9b180f9c36347158115aaadeb0ef9bb781e287b9027850d822d8624e9e9368176155408f9704f317bbcfa775bf28a33e5f9b27cd12927db
-
Filesize
1KB
MD570f5da32f498a8e7cda8c1b833f35c41
SHA103fafd5f7c1743613ee529d4b3ec3a6be6348550
SHA2561d09eccc0a015db5c1facc63149e87deb8c472179908a12bb2fef13046fd70c1
SHA512d5d1692c9180ea1528ace295cb8067910e3db0779e5d1823553221433ead513faa94a8e6f5217f83007390beb4fd2524a82e7023d090e6dca2af1775a4024c31
-
Filesize
1KB
MD5b20dcd77f2641d271ea0636187a63baa
SHA16d61f4edfa199bb28950d27caddf33ab92334a42
SHA25607331c8b63873512779418b8a818c99e92ca04c6a75d20c8117218674c15bd8d
SHA512851dbf2d0c87ffda3efac189516295141ab9b77b84a7725950f8883d4bfb736a8da1dfe9348788937f8f663ac6d0bf0000d7e75946751b0e4aa67321dcfe1d6a
-
Filesize
1KB
MD51c826a0737451d03578dd63fb79b3a59
SHA17fcc90061716e1b2b762e55398a31619cf182538
SHA256265a0c980616a4eb12597df954034a17635b924ef843ae17c949c4b65f2472cd
SHA51228c424ea885a31c88dc466534b3a5033f1629afe32e74b1d4f895e252f69eb5ed603c1edd775c69b9be24139bac11abd3b760de9b20445832f66fc0f7aa93196
-
Filesize
1KB
MD52e121c02e26784790bb7fe8fb7fbb4d5
SHA1fa789fe75750c90af8bf5053de095dcb55a0adc6
SHA25602b5192637f90a7395b32af84e78af1655c7fcea16237ed7b64f2ce86ba8dd5f
SHA51277ee36ef98839675b5e19563e5286bd7c9f557ab837efe364a825d22b99331d56b958146469d8848de5c1a5dddf7aa1c502d88a25ab3cb7d3d46f45759782dcd
-
Filesize
871B
MD51ce57528f9e4ffad1ec2b70a6e0bc243
SHA1e3d135403d3e90ba935729edf5c197e589483d28
SHA256ccb49e77ec525519e101e0c6d85e61c1a15cc6ad598029f6f990f8cc21cf14b0
SHA51264ae8be2f45c8046f3a45e106e76d7cda58191b5c29179afb8547af3d7f8b80ee9b4a8b08ce54eff4e57db12bca89338441f93e0abce7550e97113643bef996b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD55169e845db0f74807437785af4e1e37f
SHA18e98cffe33a97c62256bfe8ab69eb134eb3c5895
SHA2561d020e5a51e762e101467940f71185b69ee76c91981f7a59ed359a4a160c4a7e
SHA512554f926b7f0d8dc3c5c29b90ab259c90278de2cc58dde650889622e85f6539c7a4bb710ccbfa4380612e00084aad8e3dea82e4e8ca8a2b53ca9c48c75f827b42
-
Filesize
11KB
MD59a85bf1f8c0b0198bdf858645d0ab2e5
SHA1e990a258d134abad8ca0df96e9af60d0e84a537c
SHA256752761c55aa1acd0cd78526b9906e57509dacc6d0ea848ec90e9a026cff2a26c
SHA512681186837d47b89760d53acafe15ddc0e5b12c1ff8e8073f47bbe6da11930012de69530b06d588698acb5ca54247561acd4a3968603b831c5d0b82312d8fea0c
-
Filesize
11KB
MD5f7f989aa93f3f14ba8c6668508634844
SHA1e0663ea282446176819c975fccf67295186ae467
SHA2569610c212ddfa149e27fd39c0b6ca5acd404bd53d11afb5500fcaab2612491b73
SHA51243701ec85f3656c1c0536cc2db08bb44843325ff421e6fc55ba417960190cefeacfcbbe5416ef8b5ac0f539672db6b6b500bcb2a96c99f8bcdfc08ef28d99ec9
-
Filesize
652B
MD53667d3cca11bf1bd0751a692123a83cc
SHA18831c5c8e6e0d201ff11558a32b0a3dede919dd0
SHA2565c788021bb99057a22ba210cdef4567ddce023d4a02985fce497cd149b5db734
SHA51244839fe41012b223798a92a4f29e13c965f04019a465a94d766872f09857cfaa730d51c9969423eb4d436c6e2a37d4b1a363600a34e003f0f1482b6a50381c65
-
Filesize
16KB
MD51d5ad9c8d3fee874d0feb8bfac220a11
SHA1ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA2563872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
Filesize
55B
MD50f98a5550abe0fb880568b1480c96a1c
SHA1d2ce9f7057b201d31f79f3aee2225d89f36be07d
SHA2562dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1
SHA512dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf