Analysis
-
max time kernel
930s -
max time network
931s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
09-09-2024 17:12
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://archive.org/details/Minecraft_StoryMODE
Resource
win11-20240802-en
General
-
Target
https://archive.org/details/Minecraft_StoryMODE
Malware Config
Signatures
-
Contacts a large (507) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE 4 IoCs
pid Process 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe 5424 qbittorrent.exe 5756 qbittorrent.exe 4684 qbittorrent.exe -
Loads dropped DLL 7 IoCs
pid Process 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 37 IoCs
description ioc Process File created C:\Program Files\qBittorrent\qt.conf qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_sl.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_pl.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\uninst.exe qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\qbittorrent.pdb qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_bg.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_de.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_es.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_fa.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_tr.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_gl.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\qbittorrent.exe qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_lt.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_cs.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_da.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_hu.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ja.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_sk.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ar.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_fr.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_it.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_nn.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_uk.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_pt_PT.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_fi.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_hr.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ko.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_nl.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ru.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qt_sv.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_gd.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_he.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_pt_BR.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_ca.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_lv.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_zh_CN.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe File created C:\Program Files\qBittorrent\translations\qtbase_zh_TW.qm qbittorrent_4.6.6_lt20_qt6_x64_setup.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File opened for modification C:\Users\Admin\Downloads\qbittorrent_4.6.6_lt20_qt6_x64_setup.exe:Zone.Identifier msedge.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language qbittorrent_4.6.6_lt20_qt6_x64_setup.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 48 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\.torrent\ = "qBittorrent" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\magnet qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\magnet\DefaultIcon qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\Content Type = "application/x-magnet" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\ = "qBittorrent" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\.torrent\Content Type = "application/x-bittorrent" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\ = "qBittorrent Torrent File" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent\DefaultIcon qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\"" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\.torrent\Content Type = "application/x-bittorrent" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\ = "URL:Magnet link" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\URL Protocol qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings OpenWith.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\ = "open" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open\command qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\shell\ = "open" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\shell\open\command qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\magnet qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open\command qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\"" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\URL Protocol qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\shell\open qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\shell\open\command\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\" \"%1\"" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent\shell\open\command qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\shell\open qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\.torrent qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{FB6E527C-A3CC-4BA4-8BA5-F01C4B7DC80A} msedge.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\FriendlyTypeName = "qBittorrent Torrent File" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\qBittorrent\DefaultIcon\ = "\"C:\\Program Files\\qBittorrent\\qbittorrent.exe\",1" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\.torrent qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\Content Type = "application/x-magnet" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\magnet\shell qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\magnet\shell\ = "open" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\DefaultIcon qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\shell qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\qBittorrent\shell qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Key created \REGISTRY\MACHINE\Software\Classes\magnet\shell\open\command qbittorrent_4.6.6_lt20_qt6_x64_setup.exe Set value (str) \REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\magnet\ = "URL:Magnet link" qbittorrent_4.6.6_lt20_qt6_x64_setup.exe -
NTFS ADS 3 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 158844.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\qbittorrent_4.6.6_lt20_qt6_x64_setup.exe:Zone.Identifier msedge.exe File opened for modification C:\Users\Admin\Downloads\Minecraft_StoryMODE_archive.torrent:Zone.Identifier msedge.exe -
Suspicious behavior: AddClipboardFormatListener 3 IoCs
pid Process 5424 qbittorrent.exe 5756 qbittorrent.exe 4684 qbittorrent.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 1568 msedge.exe 1568 msedge.exe 4856 msedge.exe 4856 msedge.exe 1040 msedge.exe 1040 msedge.exe 4428 identity_helper.exe 4428 identity_helper.exe 1104 msedge.exe 1104 msedge.exe 4660 msedge.exe 4660 msedge.exe 5876 msedge.exe 5876 msedge.exe 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe 1916 qbittorrent_4.6.6_lt20_qt6_x64_setup.exe 6024 msedge.exe 6024 msedge.exe 6024 msedge.exe 6024 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 5424 qbittorrent.exe 4684 qbittorrent.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: 33 5424 qbittorrent.exe Token: SeIncBasePriorityPrivilege 5424 qbittorrent.exe Token: 33 3144 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3144 AUDIODG.EXE Token: 33 4684 qbittorrent.exe Token: SeIncBasePriorityPrivilege 4684 qbittorrent.exe Token: SeManageVolumePrivilege 4684 qbittorrent.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 4856 msedge.exe 5424 qbittorrent.exe 5424 qbittorrent.exe 5424 qbittorrent.exe 5424 qbittorrent.exe 5424 qbittorrent.exe 5424 qbittorrent.exe 5424 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe 4684 qbittorrent.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 3880 OpenWith.exe 4964 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4856 wrote to memory of 3796 4856 msedge.exe 81 PID 4856 wrote to memory of 3796 4856 msedge.exe 81 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 2736 4856 msedge.exe 82 PID 4856 wrote to memory of 1568 4856 msedge.exe 83 PID 4856 wrote to memory of 1568 4856 msedge.exe 83 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84 PID 4856 wrote to memory of 3892 4856 msedge.exe 84
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://archive.org/details/Minecraft_StoryMODE1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff80bd23cb8,0x7ff80bd23cc8,0x7ff80bd23cd82⤵PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:82⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:4108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵PID:3368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:2448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:12⤵PID:2092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵PID:788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:12⤵PID:2364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6556 /prefetch:82⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6564 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:12⤵PID:2320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:12⤵PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵PID:4988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:12⤵PID:3064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:12⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:1844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵PID:4456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:12⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:12⤵PID:1544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:12⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:3544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵PID:3380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:12⤵PID:4980
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:12⤵PID:2160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7556 /prefetch:82⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:12⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:12⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:12⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:12⤵PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:12⤵PID:3496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8380 /prefetch:12⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:12⤵PID:4796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:12⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8028 /prefetch:12⤵PID:5752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:12⤵PID:5772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9332 /prefetch:12⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9328 /prefetch:12⤵PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8244 /prefetch:12⤵PID:5448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9504 /prefetch:12⤵PID:5420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:12⤵PID:5748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9684 /prefetch:12⤵PID:6000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8548 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:5876
-
-
C:\Users\Admin\Downloads\qbittorrent_4.6.6_lt20_qt6_x64_setup.exe"C:\Users\Admin\Downloads\qbittorrent_4.6.6_lt20_qt6_x64_setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1916 -
C:\Program Files\qBittorrent\qbittorrent.exe"C:\Program Files\qBittorrent\qbittorrent.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5424
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9376 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵PID:5476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9652 /prefetch:12⤵PID:4484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10136 /prefetch:12⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=9588 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:12⤵PID:5532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10200 /prefetch:12⤵PID:5316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:12⤵PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:12⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:12⤵PID:2480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,2660352815917893658,8797109697144174070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9132 /prefetch:12⤵PID:3132
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1104
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3024
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3880
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4964
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E01⤵
- Suspicious use of AdjustPrivilegeToken
PID:3144
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:5740
-
C:\Program Files\qBittorrent\qbittorrent.exe"C:\Program Files\qBittorrent\qbittorrent.exe" "C:\Users\Admin\Downloads\Minecraft_StoryMODE_archive.torrent"1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:5756
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵PID:3080
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\e3e6c2e4112a447bb24a398a528cb8cb /t 5336 /p 54241⤵PID:3012
-
C:\Program Files\qBittorrent\qbittorrent.exe"C:\Program Files\qBittorrent\qbittorrent.exe" "C:\Users\Admin\Downloads\Minecraft_StoryMODE_archive.torrent"1⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:4684
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
31.5MB
MD5d186300829792354288e1b3fe34dbaa1
SHA13b791473da8da5d4c4d9c25466129c926769a4e2
SHA25627e8a5f720b1e9bfe1a28d65509d6f07577322b0399a4c2490161ecefe08e30d
SHA51236d766b243963dc2522ded205a39c803baf633143397edf48192247810e8a01bada94bb6a2283495ec3e696657ebdc8c3623d16d6874642c97a180f657434c49
-
Filesize
152B
MD59af507866fb23dace6259791c377531f
SHA15a5914fc48341ac112bfcd71b946fc0b2619f933
SHA2565fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f
SHA512c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7
-
Filesize
152B
MD5b0177afa818e013394b36a04cb111278
SHA1dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5
SHA256ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d
SHA512d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
67KB
MD5929b1f88aa0b766609e4ca5b9770dc24
SHA1c1f16f77e4f4aecc80dadd25ea15ed10936cc901
SHA256965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074
SHA512fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07
-
Filesize
41KB
MD59101760b0ce60082c6a23685b9752676
SHA10aa9ef19527562f1f7de1a8918559b6e83208245
SHA25671e4b25e3f86e9e98d4e5ce316842dbf00f7950aad67050b85934b6b5fdfcca5
SHA512cfa1dc3af7636d49401102181c910536e7e381975592db25ab8b3232bc2f98a4e530bb7457d05cbff449682072ed74a8b65c196d31acb59b9904031025da4af4
-
Filesize
63KB
MD5710d7637cc7e21b62fd3efe6aba1fd27
SHA18645d6b137064c7b38e10c736724e17787db6cf3
SHA256c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b
SHA51219aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44
-
Filesize
84KB
MD574e33b4b54f4d1f3da06ab47c5936a13
SHA16e5976d593b6ee3dca3c4dbbb90071b76e1cd85c
SHA256535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287
SHA51279218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2
-
Filesize
1.2MB
MD58ca4b21869e8694918eeaa5ed8bdcd24
SHA17c4254c108be75f2035e01ab988685354f10f05a
SHA25624d082f372c405ff6f16b38c14b01dc2f105caf74a685221ac370e0f63b40545
SHA512606b6cf31417c1d16298b4589afa3ffea267e98b815f0e92f1ceda6e6d566bc1802fc21241e9dbe44b3eb9d62bfa8965c18310000bbc81dce85692a61bbbd3be
-
Filesize
251KB
MD57a4c6579e85e7687b7caeff56326b359
SHA1b39f533c843aaefbac0058eafc4e6b6b05d09aa2
SHA2564ae263098c462e6e6b2243f5a3a69df9de80d09c341c137dac3b7318b2038b50
SHA512686c78f37b70b6eb8ce3728208cfd280d784511882487284d53da9a34e6ed6e5ac366d0200629c9f77c84899166feeb976b95e8a095a13bd0191665a06b6d17f
-
Filesize
38KB
MD54150026d486bbe033f14b2574cec68c7
SHA17c673e17407d65d34b924d97f7af4834d231739e
SHA256d623501b0e750010b066c21a5e4473dc8a698825e4c1e9273848041b34ed0462
SHA5127e26535fb898eb8409353ec3c8b1a36b68cb1f1841e3c7195f699c8c3906a1a56fba25a5d598d695a29b346f059ff295f548883f37110f2e4ef20d011030d6b2
-
Filesize
202B
MD5e401306f189857173d5ddfa8f1dd6614
SHA1328f7c327ad71625c5491ed70c42784b22e1c5fc
SHA2562f85f38a772311f9c25334ff7d6adc5c40cf803db59d804f803d1bfddaea3b50
SHA51254d3d6c19e6060846fcde3765e5d9ab315a7716b14d2c3a4363a6f74a9015d86196c0a2e25c128ed25cd48a17fe4c67cb121cda86da9d3750540bf21c4d76014
-
Filesize
227B
MD5d7fe7621b0978ed47dbfdcc9f8c27f62
SHA1181dca1cbaef3193e3e00bed49561a5d978cceaa
SHA2563e06f3d68aa9a804c1f47fc929703fbdaf592c32cd742f4c4c63ac53e7ff7b10
SHA51237e43c8c5e8e89462016342f3aabe3810ea282eb00cab14c4529db061a32fae709542a29aeb18c438feeb0c8f69a1b4936d6cf212ca0ede73251b561f04ce34d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5703094cb71ea1e2e8749977126a0eddc
SHA1bbf247ed8aa0dc164f2522c9be5b3be9384cb7d9
SHA2561f3fe56f1a2425cdf4c9eb649e9ee42fd2ed99d08f3d74c4f3fca2f834d5233b
SHA512db85d1bc0a79674d0a281a6c91d14904f7aefc8c13626c21e1791bd5bfab6cc05d93c716257a736abec25fcaa370cb458d3dfe06aff6e9bfee4349820795d454
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD54b4a9676ebc135c2f267700cc50b7a26
SHA1d060e50af0d54f0108508a5da86845e17d9bf470
SHA2562c1c4b3a9c9aef26e27b110f8f80f401ea2a07e6c0e0af9659055c815d1d04cf
SHA5121a73e52e01f46e94662ac8ba655ab18368f8b3a15273ff8bb455479aaa2dee3064c8958b8a041d9b451ea41a0bc28b37ec625370c4173d2b0ffb46a09af93ea3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD50a76ae30404ceccbf9917e6b5a392fd4
SHA1686f5719eea589e06575f84ddd39eb34fd82e107
SHA256b9fa3fc1621ae865c6c37f4ff05aa547a6afd45d386a5e6904374aa5026e47bb
SHA512065f7d00324fafac116d6cebbd0a2d8c534d8dfadab59043b114f4b40528ce48d56570ae685ecbb36764c6cec22a0cb3cc3dcede09ccfaa74c42adbb2853be88
-
Filesize
11KB
MD55ea0f9265cba57db43409a062c2ce582
SHA132d52139c17914199d8640c928aacd7fb77acbb0
SHA256f4f2b92a220ee9f96dbbb4d3aa6b6d04738801d454c26b84da4ff666a35eec14
SHA51237e91a5fd5aff408488c299b8e0a5c4376b592f8fac0b8a5a2f565bf8ede36f6f9b5bf4fba63529232aee93daf80279e253a0049f481f3de6777663d0312e3b1
-
Filesize
5KB
MD542cbcf45af685de06a5dcc715341240b
SHA1a70d990d8148fa0ff571403ee208053cebb06423
SHA2565ed339f050d047f28d54c501fa3db6ff8afb00f2398920186089c97156f0a654
SHA512615a756ff12ef7810acf9cb112d79ab88c55b25da4954a81a6144e3e877839f9d123a75b01f557f8aa934fbf795a1703e4475f97c4dbe570013f23954f393c77
-
Filesize
11KB
MD5c52cffb57e9f07b3d7f94928e07c86bf
SHA14525152aa30ebc640380784e482db7881d49477a
SHA256027269fc4d554047d767046803c7b6b350cdd9b0e41f6b8b0ef59c2adae08e57
SHA512eee411b6e0da1751f63d6ab5617e4ba6e4912a2e68228bc24218f265c6e3d4c627d28c28ae1d656b1fa935e68ed13d5b5624c0843de059c9e9848ddacff49ea3
-
Filesize
5KB
MD5458d7a5a66fc7aa0a212e822df34a78c
SHA1e6f3785cb0e1745737df3543ba2d3eb43a400a3c
SHA2563f5a977f1638422d21a505618bef5d73f05e76ee7f50ceefd0d363370c4a85f4
SHA512997b22fbc002d72eaa731eb220685bcc59d43a87225a71dd1870ef9a20c32575bebdc30ce3dd324ae9cb6770d29ca6c69207f33069162874c5d90bb40da9ea6c
-
Filesize
6KB
MD51ad3d181b18b071efbd8174c1eeddc86
SHA114e7abb42e3489dc4028969cb52c374afcaf7d21
SHA256cb6398aceef78b573cde8d55708a0592fef6e5e659011a60cdb2d7a34e21e8d4
SHA512f2c0b38d1e4473f22b3fbd060174cfe811b560b1fb91aac7ca36e8e094feaad17f44e6051d6080552e5f3a9b315eebdcd15e602a30cc258871d676ed9f0633f6
-
Filesize
6KB
MD50908df913589aa46551a7e6e1a4ff8c8
SHA170fc6179b84dd779e157b37f727d0f2c3a485adf
SHA2566dd97a5ccfe9badf7277503290a3feb160680bbe0ad55d4ae50d0bdfba9a9c3e
SHA5121466441da603aeb4fa7c7acce979e937eb4a244f72ea5a8f985a6dd1e4e7cf440edce46120d37b1edec92deae4efb1b4dd846751067fc9fc681aa7b3b6ecf265
-
Filesize
9KB
MD567a358aa57750246dfb588e314630505
SHA194c0bee471d47ea8389719711d6b150dc265a070
SHA256f2eae881fbeda134f38ada92188b3fcdea9655858168ac31ec80476092e6d187
SHA512580ba952b135b56e68f8550b6b8a4bd9c3874f50ee34d2f1542ae2a9df3f8c167ea6f4186a9c2069df72e121ecc6703746fd63e83c23945695257f91593f74b3
-
Filesize
6KB
MD539e329ec87d3c8d6e0681561c31f9926
SHA1eb62e298863c06e8f941dcb46ffb796ef0ccdd01
SHA25691a8d075bbfa55a1595eab4bc399c13a4e281f24c0f04c481a475925cf863a73
SHA5122412f49c6ef24b93972324a713b1965d4b2c4e7b04634864b11d69b48efa09a5cdd656ff497b84c8fdae06c36c7f6d3f93f90aaaecbb6211925836dd18a9db91
-
Filesize
14KB
MD54ef7c6c35e2f3635c315205dbbad72c5
SHA19e0104566311cae1db5589a5905e2e5ed7c98c6c
SHA256ee92b0d0d327ef194627f8a7c4fbb33ead94a8e57c5651c0fe1e0c0a1987095f
SHA512e0065209ae4d7b6ae36546959ef7f2e1c53e2ec5d271bbfe2b21861eee4de5561df1ab94fddbedb852bb377ab6201d737a1b382a6807d55e8fb0ca869f83676b
-
Filesize
1KB
MD5c53286f477a04d5c542f8c83a0450d43
SHA162cdb4c29c14e7757aec5f1b97f0e73b9ce95fd1
SHA2563b701d6c7ec26edbe512a62ff962d86b88316f7d7b69a47712850c7b3ba3869e
SHA512ceb1b515e352627f5cc89949dfb7bbe2886330ab7a4b579f9072bf0282f4e3a6adcd0d20485a9db4f673e3b6bc97e2c15916f8213da593012f50305aebccc6d7
-
Filesize
1KB
MD5f35441138f2dea2c3f58f7b50502b1bc
SHA1dffe88ae179b06a5fcf27e600079d4590cae9317
SHA2567745d697e457cdceb9001e39a09f166752befd8341ba17d304a20d14e1e6b810
SHA512183b1f3d488fa2b67f976fdef21f27d99a244b69f390de399440862564ba5a32ce8e367e4539087fabc37ecc98d540365e143f8e07b784d308ed96182d4bc65b
-
Filesize
3KB
MD588e5977f9dfc2a256e817b65faa11491
SHA1dce422f0a07d20d199ce433f5088908fc919b470
SHA256522ba66b81a27db42004b949afeab30fc0df21ad49c1d6d1943047688d5e39a2
SHA5127b9006d89186a3c93146088a6fbd452ae1a535fa234d83163d89e3beaf6f64bd85332bf7b3eed635a60aa2aeb99d284d1e04a99408759630290cb356187a03f0
-
Filesize
3KB
MD545824c53aa344bc85a5bccf6b74e54b7
SHA12f842a3e1cb897004a7f1c05f16e1e3530354f3d
SHA2564979531d107580d3223a476e4797f13e881d176b22c11b88ef4d2267a57ed87b
SHA5128ca0120c637894f83d6ff28d5bf518e7b333e910148ba84e1c826a8fde1a3d2105c46b9c518bc805aa4a6547278474583952a5bd3cfa38892f9ffa3ee4effb6d
-
Filesize
2KB
MD54f7562c650e519c9c57823ee718ed800
SHA1235866090c570e4bc3e883627395890b9785aa52
SHA2566ea138c8cdb270e0a89123440cfe0af72783defdaf0b5d3675f6840ce25d7582
SHA512997bc0ee9758954d5cf39554b8a95647544129a8f951410b9717cd6791bd425ac8eef7d2e85064695ccec41777b15073c715bd3beb6624eebae58c5c4a23f9da
-
Filesize
3KB
MD5a913f9607d4f368bad69dfaad101fd7c
SHA14da08a50d2fe3c13315c4f3c36bccdac04c1e38a
SHA2562a955c2413ba1018e774aac99ad18b26df8649720683c96a27601a1086c5eea1
SHA51219e3cf246f3b2017f8fb57b82c330a1f76e1e0e4952bfa5730d0712216d19f180d4d879d047e358c6dce657f55b4d965e69c2e1a4b74892586d9c79c2040fd49
-
Filesize
3KB
MD503f8f754dd20e07639c92058de1e9b0b
SHA1bb1a7ec65f981cf827301e80726a4800b6cf690c
SHA2560f92b8aea50ce1b15b0013cebf79a69050b97a367f433e07ff8481ce7c619533
SHA51242157433f298c573f69374c377673c859ea152591bc34c45558b6352d9bf507107f8f95af08f21e7844dd282ccbf48efaa276fe5e37d408b33fbeadb1aab62b8
-
Filesize
3KB
MD52771947f8a04d9a6bbcfd4058353582f
SHA109236642869166f4660c9fe3cc49eee0892e38f3
SHA256bd5fbec5f5ea31b2c1f5604817b50e8fcace0482e2267f9e40d484104d9de5fb
SHA512eb20776957c6a4f7a75be1c77d02b71a8c9aec1a877a67a20d8d483a82b86bc8f137a35979fada8a30e1eb51057470c0d69de7a4a6f29bf3d31dbcf417cc4dde
-
Filesize
540B
MD566fe8a6db0b92eff8c623435ff768688
SHA17a55dda6c7debcb7316436ee7236c31aa00d0056
SHA256a224a2ccded629f38118c5d3bdeb8f9b7a879eea2cd16a94fc0575b92b599284
SHA5121062c7136cc636a3a7722e8f13e10f9479c2d0e901f7c5bbd6dcefb52c3cc3c2a0be4811aa69b127245094d1aebca1fa5718ceaed0cde3bc71f6ffa78b552953
-
Filesize
2KB
MD559610a4404d6767b5c8f6a0277315a0e
SHA16c6304600bcb7e5b71ad3147ae98459307752577
SHA2563a6896999e07b7b47a06a7078ce52b3d2c7549ac7a6bb185ee4df35d08717dd6
SHA512b13816f884470d4bdcdf49bf06b241aa843d2dc731ad7b08416682492788d6c1daf053b456f2724593339137f25539a84442d64a3efd81ee0947b02df3df809e
-
Filesize
372B
MD5147755eb00c8801953a868a1fe06cd5c
SHA1b46e7255c0f6cdde74687dd28440f0892def5956
SHA25678832b656fe9559a01f77f5bcd8e9863627ee43c9ec46c9905d3da3a36fdc240
SHA512efc41421840f7178bae22c9942393bf1d8c516a3a015d8621e5b89fa9bb2d4641da765a323330281b3e1a9904d6f27a3d25a3ae3213f52e46befc9fbcdb4555b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD50ca99ce7d9a530c15b51618f380b08c9
SHA11766fab75750eb0d2414a736c7ecf4bac1460e6e
SHA256c584f7adc629082f9ab28a351c0c94df13b38e9e4a1b503e7f3eb2df6a114d68
SHA51258efbc0f2f82d58e475818e3602ce1906893ff7b197395830c1c8316f60b6e44caccdd333d756eb6e5a8d5e568e7be120f4ca8006489cd41194a5bd537fc001d
-
Filesize
10KB
MD57eb0779f71bcc5bae572021a152633d9
SHA16b9195d3ccd5be0c9e2fca30335031bc4a9362e0
SHA2569929b24d5752791aed797fc040176328deb3afa5b41af39fe295342016cb56fb
SHA5123981a3849c2e2e3ee1fa82ebb9a59ccbbcf7d7ee6e025e619f2c975e31862672397c19ea577ae4c3513c90298fdba2287fb0459ff1f7724c846a2ad3a4248fab
-
Filesize
11KB
MD5ab99b704ea7fecbd7e47451b52b2d084
SHA16b6d5210408943ee7721d9bd05eaa10d55a87624
SHA25654d91bac66940987ef426514cb8ed2180b57c478d9f46aa1b1bf976c4ed74171
SHA51279a39790c0eebf55af454d170e937e14e548d2da55c2ad3bdbe9afa47a364be50a2baf96c98745757a56a0edc9d89db2a84b137c9f4189090bd3b4be09e96afd
-
Filesize
11KB
MD5c07c50d6cfd3d1384e7dd43805a8eba4
SHA1eedc1ed0dcbc547f38e91ce6c29e629c6e3ba6fe
SHA256499f2e9fed450bbc1576c7d485e2df64c1f1da1599fc4b94e9461168354da143
SHA51297088127b655dc62da28f69aa05d0d05e1705461704b4ea3c05a43cdb2adbce2b183e1229f8abcc405604f86362dbbaf0afa3b56f1eb06e458676e289a1858dc
-
Filesize
10KB
MD598f6f495bdedac636bd8ffd64e610b5d
SHA167a9abae8eed5edfc1e645a7fb3669f22d024861
SHA25689573b6faeb29b62aad97329be8cb7bfeb26d557883bfd04bd7a081722dd714a
SHA512e8743e4a212771b1143f9135de7e044b58de63f1bb43110d7c3e13d4ce5a6f8d17a1f27dc0009d200b0385c21316a5e184b2ee17407cbfd1b460d0625df72082
-
Filesize
11KB
MD5a36c406e748028a57daa5bc5b3bbb4e1
SHA152972bb13f40fca00122d5f12b59c1efe04cc3b4
SHA256985b5ba60cb4c102cfee6dc84d1f444555a72ab05bcf008d66a40ce278a2fb48
SHA5128ef86fbf12b4166d9eeed2fe157abc18d27e4f8d6a1183b39746d58c14ef20e2941adc1b3cf0cc05f5b09e742657b8a73e21aaf8cd8dd49665000a5be39c4588
-
Filesize
3KB
MD5b4faf654de4284a89eaf7d073e4e1e63
SHA18efcfd1ca648e942cbffd27af429784b7fcf514b
SHA256c0948b2ec36a69f82c08935fac4b212238b6792694f009b93b4bdb478c4f26e3
SHA512eef31e332be859cf2a64c928bf3b96442f36fe51f1a372c5628264a0d4b2fc7b3e670323c8fb5ffa72db995b8924da2555198e7de7b4f549d9e0f9e6dbb6b388
-
Filesize
5KB
MD550016010fb0d8db2bc4cd258ceb43be5
SHA144ba95ee12e69da72478cf358c93533a9c7a01dc
SHA25632230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
SHA512ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
-
Filesize
12KB
MD54add245d4ba34b04f213409bfe504c07
SHA1ef756d6581d70e87d58cc4982e3f4d18e0ea5b09
SHA2569111099efe9d5c9b391dc132b2faf0a3851a760d4106d5368e30ac744eb42706
SHA5121bd260cabe5ea3cefbbc675162f30092ab157893510f45a1b571489e03ebb2903c55f64f89812754d3fe03c8f10012b8078d1261a7e73ac1f87c82f714bce03d
-
Filesize
14KB
MD5adb29e6b186daa765dc750128649b63d
SHA1160cbdc4cb0ac2c142d361df138c537aa7e708c9
SHA2562f7f8fc05dc4fd0d5cda501b47e4433357e887bbfed7292c028d99c73b52dc08
SHA512b28adcccf0c33660fecd6f95f28f11f793dc9988582187617b4c113fb4e6fdad4cf7694cd8c0300a477e63536456894d119741a940dda09b7df3ff0087a7eada
-
Filesize
25KB
MD5cbe40fd2b1ec96daedc65da172d90022
SHA1366c216220aa4329dff6c485fd0e9b0f4f0a7944
SHA2563ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2
SHA51262990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63
-
Filesize
9KB
MD51d8f01a83ddd259bc339902c1d33c8f1
SHA19f7806af462c94c39e2ec6cc9c7ad05c44eba04e
SHA2564b7d17da290f41ebe244827cc295ce7e580da2f7e9f7cc3efc1abc6898e3c9ed
SHA51228bf647374b4b500a0f3dbced70c2b256f93940e2b39160512e6e486ac31d1d90945acecef578f61b0a501f27c7106b6ffc3deab2ec3bfb3d9af24c9449a1567
-
Filesize
8KB
MD5f5bf81a102de52a4add21b8a367e54e0
SHA1cf1e76ffe4a3ecd4dad453112afd33624f16751c
SHA25653be5716ad80945cb99681d5dbda60492f5dfb206fbfdb776b769b3eeb18d2c2
SHA5126e280a75f706474ad31b2ce770fa34f54cb598528fac4477c466200a608b79c0f9b84011545595d9ba94331ad08e2f51bd42de91f92379db27686a28ba351256
-
Filesize
4B
MD55b76b0eef9af8a2300673e0553f609f9
SHA10b56d40c0630a74abec5398e01c6cd83263feddc
SHA256d914176fd50bd7f565700006a31aa97b79d3ad17cee20c8e5ff2061d5cb74817
SHA512cf06a50de1bf63b7052c19ad53766fa0d99a4d88db76a7cbc672e33276e3d423e4c5f5cb4a8ae188c5c0e17d93bb740eaab6f25753f0d26501c5f84aeded075d
-
Filesize
28KB
MD558dfcc929bdfb5d691dc174f3ef65dc7
SHA1a8a3d7f720398b1c2d9a65626b3d1a34beef26c6
SHA25677b6516dd49827d691edd542c92c776e630aa5ad2b9d888ac13d1dfbebd59566
SHA512ba2f6d45370910921ecfccdb674ee82f19992c32e3898870f5a188182837f9322b56e1a1c98bdc3c801da395c8eddb25c5ff4783562faef441d9fd1889677379
-
Filesize
192B
MD530f56c5c29f6863e5bcd96d5cf6c1b36
SHA156d0eeb4d735fda4f1e57a905dbd401236c1fafc
SHA25637d45c64862610d2b85cefba48c3edd57bc38d755248d3fdd0afc6abd93d4959
SHA512eb352e0d9c2e0ab0014e72cedbe7bbcff10274f2a38d18634b4107915970f955974bc2efa95fea92f68330ecfb2532d45b244d56b261114e0a62108b8e87f246
-
Filesize
36.2MB
MD5fec8f0824337be2c6f53a694ddc8a1cc
SHA14d70907a19bdefaf58f640e5968b620d807df971
SHA25648fd2364e424c95f0f2df9df6f38c1805674933c62d6856329dcf6637496825e
SHA51208d570a29819b87ed67db34bd28340cc5684efefe28d51423e7cd9ae8dedd49e656cf7e5341000d4d13174cece6a581d3a2412798341f3abef05daf51dcbf094
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98