Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
338s -
max time network
346s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2024, 02:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cuty.io/0YBsYQv1
Resource
win10v2004-20240802-en
General
-
Target
https://cuty.io/0YBsYQv1
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 13 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language RdrCEF.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language AcroRd32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\PhishingFilter iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = d18dbe0b12e5da01 iexplore.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{01E4E850-7AE8-11EF-98CC-5E50324ADEFE} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\RepId iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{E9690623-BE2E-4EE1-A68D-DBEF3913F746}" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\DownloadWindowPlacement = 2c0000000000000000000000ffffffffffffffffffffffffffffffff100100003c000000900300001c020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{EF757182-7AE7-11EF-98CC-5E50324ADEFE} = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\MINIE iexplore.exe -
Modifies registry class 5 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings iexplore.exe -
Suspicious behavior: EnumeratesProcesses 32 IoCs
pid Process 748 msedge.exe 748 msedge.exe 2000 msedge.exe 2000 msedge.exe 860 identity_helper.exe 860 identity_helper.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 660 msedge.exe 3620 msedge.exe 3620 msedge.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe -
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
pid Process 3624 OpenWith.exe 5056 OpenWith.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
pid Process 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe -
Suspicious use of FindShellTrayWindow 44 IoCs
pid Process 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 180 iexplore.exe 180 iexplore.exe 180 iexplore.exe 180 iexplore.exe 180 iexplore.exe 180 iexplore.exe 180 iexplore.exe 180 iexplore.exe 1972 iexplore.exe 1972 iexplore.exe 1972 iexplore.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe 2000 msedge.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 3624 OpenWith.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 4012 AcroRd32.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 4012 AcroRd32.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 5056 OpenWith.exe 180 iexplore.exe 180 iexplore.exe 3472 IEXPLORE.EXE 3472 IEXPLORE.EXE 180 iexplore.exe 180 iexplore.exe 4668 IEXPLORE.EXE 4668 IEXPLORE.EXE 180 iexplore.exe 180 iexplore.exe 4364 IEXPLORE.EXE 4364 IEXPLORE.EXE 180 iexplore.exe 180 iexplore.exe 2852 IEXPLORE.EXE 2852 IEXPLORE.EXE 1972 iexplore.exe 1972 iexplore.exe 2292 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2000 wrote to memory of 4552 2000 msedge.exe 82 PID 2000 wrote to memory of 4552 2000 msedge.exe 82 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 2624 2000 msedge.exe 83 PID 2000 wrote to memory of 748 2000 msedge.exe 84 PID 2000 wrote to memory of 748 2000 msedge.exe 84 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 PID 2000 wrote to memory of 3492 2000 msedge.exe 85 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cuty.io/0YBsYQv11⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2000 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd3eb46f8,0x7ffcd3eb4708,0x7ffcd3eb47182⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵PID:3492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵PID:2968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:3992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:12⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:12⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 /prefetch:82⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4568 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:4148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:12⤵PID:648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:12⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:12⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:12⤵PID:2888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵PID:1012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:12⤵PID:1548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:12⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:2224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:12⤵PID:2508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:12⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵PID:1472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:12⤵PID:508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵PID:4036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:4416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7300 /prefetch:82⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5744 /prefetch:82⤵PID:5040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:12⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6932 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,7010341971443584772,6249043034629201491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵PID:1628
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4084
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5064
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4e4 0x33c1⤵PID:3608
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3624 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Open・s͜͡etUp・2357・P͜aꞩśWØȓÐ✅.rar"2⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4012 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- System Location Discovery: System Language Discovery
PID:3780 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=889AA2C38FD0BB0783BD8121677A7AD6 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:5060
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=D9C675A9A6140A8F9F40FCD800C48B4F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=D9C675A9A6140A8F9F40FCD800C48B4F --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:14⤵
- System Location Discovery: System Language Discovery
PID:3664
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D2B770F42CAAEFDAAE808F5DA5A8A843 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:700
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2313EF74CFBFE0687311269F7C8D207A --mojo-platform-channel-handle=1812 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:4480
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=602FF3A31E16E2877BB552917BC72E74 --mojo-platform-channel-handle=2472 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵
- System Location Discovery: System Language Discovery
PID:2200
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4032
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5056 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Open・s͜͡etUp・2357・P͜aꞩśWØȓÐ✅.rar2⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:180 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:180 CREDAT:17410 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3472
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Open・s͜͡etUp・2357・P͜aꞩśWØȓÐ✅.rar3⤵
- Modifies Internet Explorer settings
PID:4656
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:180 CREDAT:82948 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4668
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Open・s͜͡etUp・2357・P͜aꞩśWØȓÐ✅.rar3⤵
- Modifies Internet Explorer settings
PID:1520
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:180 CREDAT:17422 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4364
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Open・s͜͡etUp・2357・P͜aꞩśWØȓÐ✅.rar3⤵
- Modifies Internet Explorer settings
PID:4656
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:180 CREDAT:82960 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2852
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4420
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Open・s͜͡etUp・2357・P͜aꞩśWØȓÐ✅.rar1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1972 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:17410 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2292
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\Open・s͜͡etUp・2357・P͜aꞩśWØȓÐ✅.rar2⤵
- Modifies Internet Explorer settings
PID:528
-
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1972 CREDAT:82948 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
PID:3276
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5179455a3ed9c1a6080715b4bca64510a
SHA1a7627ba5422d321e8ea6a4f592cb250493a5f6ee
SHA256c12392992d0f43c999fe27956bb2cb0fcd77b7f3282c91bdca660b563ab9f910
SHA512a1acc81ea284391148b004355b7d2a82ab3a3a30a3eb1affb5c3c26063bec9145041df819458d079d0712dc7e2a8a87fd4341ff3ea3f4d66efe75297fafee582
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
Filesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
Filesize
30KB
MD5db91c79c791a9249eed625269be04e62
SHA14b07596831e2c04f9c79c1f679b35435ea5084f4
SHA25669c54ba287ac48feef301cd5c6b5eab41eae5b90fab60465633ca5cee5a659fa
SHA512151fb41d7363c379e3e710621356e02da5e5981665431786ddd8ffb4d6f2d022193443d64cf9cdee204b3d3a38f762ee96ec4f3ecfa440cf14df8574d873b985
-
Filesize
31KB
MD5648c00aaa9da8603dea542fc12c57af3
SHA120bdf0936796dbe19e8a8ef1430c72a043714d5f
SHA2564c934373999e3e297d0d0196783d2bc93e65f73f01b1f2c3eb310ef16801e468
SHA51298d6f29be2e096e0eff0317f38d1d80deb2852e072499ba2bb5a105d05d958bfd09192abae686cc683a1da74288dc68dfbc0e013007b91e6b08ac279f5f128a5
-
Filesize
149KB
MD5a0e354237300e20f8a2ed723cea44e5c
SHA13b52e6a06189252563e4a79b1e80d777c8fb0ef7
SHA25664ef8d0fdcb67c8d1a2b0083f891f0a5f331167d3996d870730b6b21d6041f61
SHA5123e672ec98b6993427037c7a03cef0577c21b0887c8d9cb77b93b3c339cab0697ab6c39397c039431f6f47cf2c152a2c4547e90a6513ca5319c01d451ce7f0144
-
Filesize
62KB
MD56b04ab52540bdc8a646d6e42255a6c4b
SHA14cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA25633353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA5124f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730
-
Filesize
31KB
MD5c03ff64e7985603de96e7f84ec7dd438
SHA1dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA2560db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692
-
Filesize
61KB
MD558e6589c4d61244d4dee6ac4d9b447b6
SHA1ac088dc66986378b67aa79100fe1a914e7648a4c
SHA256c07024bad57f04c2be5d6df4a26cd3cfd3ff7df8b6c7bfa3c382580b999aba44
SHA5120d5ba9a909d63eb0b2ed6a300d3bcaf4442a0ac3a92aa336475c94541f0a83d837f00d3273249b5b383412ef005dde817d7d0b509446813e5a4d3d186571626b
-
Filesize
20KB
MD58aa3d963cc63b6df4e1e1815c36bc6b9
SHA1e0a3027e20b6a1aa9692aaaae97ec672e2b7a466
SHA25649e97ebfefeac34521b1b77161f5627915ae3d70b8a5ddf150e70ee22abbfd7e
SHA5127a25e4c3a880a9a50105fd54056bc69ae12d9b1bd5079fa665684452a4815cf7d6ae6e2b1f75a05c85636c38c6ae3afc0b2f3c6ac8f31ed8c222c755ff814a0e
-
Filesize
212KB
MD508ec57068db9971e917b9046f90d0e49
SHA128b80d73a861f88735d89e301fa98f2ae502e94b
SHA2567a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1
SHA512b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf
-
Filesize
10KB
MD50a514e67a92aedc74c017e62ef71c79e
SHA141f556f2d567a7765c9b9455cbbd64d8a3bb7f65
SHA2563c4bd9fef4c34355e5729dca2f14a44327d8f425ee841bb2c883b941123a4871
SHA512082df2683f66e4686a77d30d149e0766ed07ceff1997923d03d5054157f20d9ba8491275f6d7b4f547fb99d37cac50bff1f42ccc0f67934d4fe5402e674d655e
-
Filesize
54KB
MD56076beddb55fb9b87a2ba8bbb93a0a03
SHA12f8cff48fe3831ed0a8af1d7fa83587fd92bf0b2
SHA256bb06ac2f85a41e0106cf3491443c8e00595868e716b026da548281e447fbd152
SHA51250642609e09b059219e6fec1cf097d68f2991211f97e4aae4a7bde23d6248cb35098ed54a77487a403fdc4787cc9cb02a91e58401e69cc7f8f0ebb89bac5854d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize576B
MD53004c36e587c9733ac2e685fd274aca7
SHA1d23594cf704af8dfdee7dbf90361128ed5d2749e
SHA25622d46318ffbffd4edd547c947c81f435ff85a11ddb25005d957bbaef288b1d78
SHA512dfc89157cc322e35ac57fa87838f7d8ea3d86e12ff80ecef97bc02efda25f88e868efb6cbb11d690f46f98508b7e52c528f61f40afafa4e1806d7da41ef7b06a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD55ff42f48d8721616250cec523b52d89c
SHA1ffe4184699ff2408ddf85d7aee367f90caee3645
SHA256d3ca5f7ce2aae8e39e251a86a575bdfb61646c9e0c6cc2f71c9dd844291a2f6f
SHA51214ae956bc5849e6b24845a595f038a0956aafca5b2e87923d749ea3d9d071bad73c959e573cc4a19126e8414e1818ea609d89d42f0b77be6e1f6b7675b74285d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD512949ebe962654c8fd569e9ca8aa4465
SHA1ab555fb0162ab9d0b92272205882e6dd3e1697a6
SHA256cd788d345e29d69c75d9996221502466bdc661953173ad370934a361b3e0c1a2
SHA512fa3cf459b65bb112be95148cc92f86378797cf512bc9bae05358725624e5b9e9710799b857ef28c2334f42cf8d797c1bbcdcf54bbe89d0e73747b8037e934c2c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
3KB
MD5260aa1fe85156aa32120d9b9d67ab402
SHA13805724cb422e0cf9bed8768b2349a16e43291b8
SHA256a63f4a02aeed8ee0736348b5654890d8f90c4b674647dcd84427ed00fa33313e
SHA512915a4aab1772c567cf810cd3e6b153058ff19739c60125910248c1990b56c5eb785633cb6ce1434ddccf87fc6671f4981488d7c4ce4d654344dad5c974801e9a
-
Filesize
5KB
MD58894f3d7e4c3f712b06cafcadfe4f0c8
SHA16132f9c551b7cc1062eb87b3ba2b2b891d530d56
SHA256a1b2bf9e46cfd830c7bad3a230385608a6de97c8b63cce14a354551bf9df0954
SHA512f7fc03022ae84f6cf27d3826ae6e852cc8fd70e8c73876e4025348a02e92563ddaaa2f05e076df8abf78af83922b30b5ab8a136010df623c87265ab055e656aa
-
Filesize
5KB
MD508d7181404accf1c50af3df6f3c60505
SHA12041736aae9a3914c89e7f228e023f94cc777f16
SHA256bd296bda701bafe17f89ef63ea7cb71a288da929b4e5b2ca954d0c6811c703e8
SHA512c13ae549aee04cba1845f3888a6c0f6414e871333d42467be4bb4649e5752b6a18636a3eb25b7d6b1172e7652f2a06750cf566e38df2c9b16aae4b25b48cade8
-
Filesize
8KB
MD5b6bb974f96c58e3ef945a4c612fd8cef
SHA18bd9102f4690a2bcde8b0e65425312a940bbd852
SHA25621d85888a62036872f9c3eb30bf1429b352341f512cd5e3e0aeeeee1eaff6d6d
SHA512df565840c6f9cfad03a4df02479213095ee228bfd60600af8d17e67b963fab68dd58d65ccdcd8f72b93801d561bde2af1be69f2cee85679d042de60e1dca6570
-
Filesize
9KB
MD5de37f36dab87de8c672cfe2192f7772f
SHA1229a8ba79e73bbe24cacdaf941e5c3123bb8f92a
SHA2565e6b1ebaec07bc72adb4d9cf66537d56b38e6221ced06633576889ceaf69edf9
SHA512f6cc0e29b18d1b3f2f6de8897707ed4724600f738feb578133c966f16667c8a34c88e700966e3125625bfb289084d07f1bd7a1bae55be680592b42465b31075d
-
Filesize
8KB
MD55ab0bd623dd00c2f3730b5abc237fa18
SHA1146baccb448a0f45a9fd93110f39214c4fe32dac
SHA2563cd836ad7ea03bbe1c5bf9bf859a3251afd0c7a239c53cfef4d164b3b66cd596
SHA5125289b87ae374ad3023f1cc1144583cf7cf0a339431dbe1297cb7c1d803ee797ad04701315de118f180597c4470b2740da22ed3e592a822212c4893d6f3c28abe
-
Filesize
5KB
MD546061b3f3e93b6dd22545edf7065784b
SHA15a14ff414785fa1f84cc47eff4c08ee718a91cd1
SHA2569263e884dc9a84db341e57933e87961724ea476075c480d29e4088885ea9ba8b
SHA512bc5a78f041614edc30d5a1bc12917a269d2615ed6bd92d325a8214be2674d3199750ec15176b433968887c75ad60ec953972e94c009c3ed1f9ae850b202da261
-
Filesize
7KB
MD5dd776e8611fb961f0ae3ff8ee9d7a5b4
SHA1402e3b5451a1e06c0c89eb71ae669484b85cac88
SHA256cac7d7a6c24b27cbef8bdc4ff8cd6b757cf16eeb8ed45427ecdaf65ba011f403
SHA5129c1ba14454d4b10fe7a1f4fc0e5a187b1c6bdacf41ae6fe412be9e4a836b5efd64f04c820bfc27b7e7bc596ca3daad8e90e91004cadd7df876f6ca09c9814b2f
-
Filesize
9KB
MD58248d25ac3d916c2c64991c9eff7480f
SHA1ca4f72ac548f7ea909813c1425b826343d42366b
SHA2562a6961dfebd9429728d68c378fe2be944e597be6b00291c52510397784b93d6f
SHA512ab0f0dc1b710d8826536ed92b31f8197db06bcd0cc5641837035639b9614e5ab50a15354e674aef48aae1638cce22d0f19ee89387675c7d4d107c0bf4b5bbd19
-
Filesize
9KB
MD513513423fb2216b579d785c2fd6c929b
SHA1779c3b82587c07c65d87be2214d18e95bb0caa99
SHA256888b7242ff9023a50b040998ee452fe63135e860bc39b78038e2d3ea8b70f425
SHA51262c2f3265630c2083f71127b33536e445219bce5f7b081413f5f292f411393f430d712030f61b38ecddecc484aec528e6cca062c426a43dde3381c480793e56e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD53fc14b7f5695aa253bf754cf2fb8c420
SHA10540ec189bb1ea35a141d3d9274fe95149247cb2
SHA256023c586829612e7261734d0977ca9cb1c08c2fee67fa1ec1e657a15c2c0045b5
SHA5120a48bb0b7f5ea3a7005f68f5f88683b4962838bc93b3cf6920a68296bb197c24d76666e6b6b51b260caf4b50be93175ffae1bf6ca74e91f72c5efe1296af9ed0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5b9007.TMP
Filesize48B
MD561a20a883e23166509dce51d2a34f8bf
SHA1cf0420cfbcf3bf891f1688fa14365e4c4df2b913
SHA256e5f61755de82c04035d40448628b68af74548a84a2d3ed57c7b520c18ca5255c
SHA512f458d64af4f2090e7bdd7fafa1de8fff58c64512df62dc1ea53ae52b3b46eb91d8e2a2abaf5d90afdca8f3c629442d4ece2375147651c27befcc5a8cba302fd2
-
Filesize
1KB
MD5f9a5361992f1315773cdf8f8dcf1fe64
SHA18312051bc180ea81a97a55d7bf0347c173243045
SHA256868631770c9527e8d4cb72b25472e5dbdecb5f67c4302c170705e0c0f24f7800
SHA512e0ad26cf4860846378ca7da3982cfa23d627033fbda8ab2fdffe14f8375ffc1ce8bc41784b02a73663a42f3b4076974ce29f545e3d2e65a1b0d6356516dd8473
-
Filesize
2KB
MD57c1104b9ff8af2d3ae0451f5560ca391
SHA18bdebc6812f7fd76546b9113e6e9b2a26d8b64ae
SHA256012c1fd3b60eb78c74f76aa79f800fbf5be4bf9ef3e3c85b8db4e7d7faf1c371
SHA512811179f285cde03b2dc40a007491a5135ad26fe2753f637b23364a1891dcfbb377b0391c802310a1d75db36c44e3780a33f5a70c0823d9cb3df65dd548fec10e
-
Filesize
1KB
MD579fe0efd3241c49ea2a2a2fa5c18e105
SHA1404f0e6b6d04c76d12508373418ce4b8350108c0
SHA256d07ca8cd79c00c9287efe7c5a6026cfc573b54d0b2c35438844212c8195234fb
SHA5125b8fe6cfa1f9982ab94dc01768ea95c7a346dde3cb5a3f150f19b1dc73f32b7c01b53ef4377de0c1b92941dfadc38146fa05f0f14649378f48433f9cc67dab56
-
Filesize
2KB
MD565542ecfbf98260a72e1a8f4fd7cfa4c
SHA17fcb27a9547c3cbf2fa5b642aa7fabd47ab60495
SHA2564a6d199ed92cdb0a0d1564c0bde059f460e486bbeb0e499c319dd6dfe758c93c
SHA512caa16617ba73fd84f6cd4e656166cf80334e83daff2a5ca578d8325e2eaed2e6bff31d82b68dc5979fac3063105382f19d9fa1ccb565486b86bb3a5c3b07313c
-
Filesize
2KB
MD5bee513ef65f37ffc76a48a12316469fa
SHA1a291d721c58b5facdcf9834b00b9766ed008e2f0
SHA256710719cdc75fc79555d0679e2fc9348544977804138ccef5d26778b54531c115
SHA5125a601e2ecd1878bc97c7cb6b0a8896b5c3da217d8c2df77713aa6d28e16688c04388ae79891f06724c1f7b3de63eababb0783cd0b61bfedce141f36d3953ac9d
-
Filesize
2KB
MD50b95c58ff1c4a16efed06c3a7ff0e961
SHA15d075687ab4429423ed2f1059a873379f8b4fdd3
SHA256464e3a18813aef1ca3263630db5708ceae94872d3a4b6a6ce4442246ceee4301
SHA5127b7ff131c8a8781966d035398dbdab4a3680fcd14eacefdca1a9f4228f5c3fd962b8aa92872bfe322f38550b398052406d6683045e1e888fb5c95bb5a6a6a61a
-
Filesize
2KB
MD5b0c54beff20db2b1778256bfd032b0a5
SHA1364c9b03269a35a441499c43dbe2e9f0e13bda9b
SHA256a1342c8f2976e5cd5da35d596b6d1d9a11b72c13030e2370f083f790451b2541
SHA5129035b851fa24c8750abf33b55e5b3990f0cf33a965ddac6717bbf9216ad49cfef0a58b32a1d5e4145240e9a671bd2275cfc2e54c1a365b9ef1eb152a100460c1
-
Filesize
2KB
MD5e32d62c10924dae5e731104b3401760b
SHA130b31a8bef1b8116cc926084cfe69a7d60780fca
SHA256f8593d8879959abec287d4539b8d75b0c7c4b14a31e9ed5472e212ca47476319
SHA512bd97d630b26a84d0d370cc818e56318966178d94626d22bf003a55cf4ce96ede370c2a4750d6d34083eb9031c580786669ccf0c9a3f5b3be3238f1d40a6f3710
-
Filesize
1KB
MD5a746ff754c4b9b1d98a6e56ea1db3ae6
SHA1c2e751f76fdb23197d07d50b1560d6e71e57396c
SHA256c392c024243c8e99fcd158d03b0dfe7b3a7d96caa7c9ab630f4e06a68bf90e9a
SHA512488a43688f55c21f63c1d293fb62a1578931e2eb42ceafbbbaab78c9db9452e59e81cabf5435daaa1f1da74e0a12be30f9897ef5f12f39ff10a8f0649bee5049
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5fc702e9e18364a0a406671b165ee9195
SHA1961dcf36902559c56f21ffeaa879c8920b9bd3cb
SHA25602d09dd44368afbdd692dd253aa10ff3592fe54327ea121064806091025c7d20
SHA512ba6858a9594ba6e97b8d0ead1a4eefdfead8e06fc5026eb57e43e52073696c07543aa4a44144ce51af53a5f077517d7639105e96db17f6e5c5ac78d70e0fe460
-
Filesize
11KB
MD5d7bb5421ebb4a791523c8f7aff3b8d08
SHA156f1f65a2f52f36e5127282e5df641c59c5f56a8
SHA256ab87498771bafc0985c460776942d54ea9bef65bceb81d8653bcfb1cd3387ffb
SHA512bda9a71fb4b5022dad0ba2dfbab56281f8b9334a7a4a6d274b18112573ffeece22623927d0e7afff771a7cd5c1cb5422cc0463a89c1e6915ab4d1a02019c5a50
-
Filesize
11KB
MD50de88969c85e8ebf75ffccb923843440
SHA1fbb4455a9e32eff65f991df1a5c532a0c9528642
SHA25616f2c1670a938663840e9ed33fb1538a13c0117ac2080321064d552efd2e1363
SHA512d65e847ac31b68878fe07afa2eb4171907aae26f771c4594fed0f6b59d068be71e59739e6369f46fab641fbfbbde864a9de9482f37912f151f52817448ddedd2
-
Filesize
16KB
MD590fc7c8853b55c218e992a5e789a9dca
SHA119367ae3a833f5f38b3a84163915730e5e1c8565
SHA256842a1b1671bdcd60c791d95e9a348d534857ca7e94ea0759d5ee8c9e5222ec19
SHA5127f5b2440d28e395e94a799f6af17a268082c785babd076f2be744230d32cf75571c4322919bab27e6338b30a8feafb84f13a0f29febf945b49a487d15753cb75
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
21.6MB
MD5a572c8eac0fcb2fa3099ae5875a0588c
SHA149a33aa98fa306220baa8615c8cb894172fa4700
SHA256eef7751a4bf3768df48535c4521c3f64247e0401fc78255177367e4b2e4b92b2
SHA51239eaf78e8a4e75a695ff98032f155be2ede1ee49cb74d8bc75a93e3a741f6c8795be2899422a7285c54595a199d45965842338829282606546b18944f77e9fab