Analysis
-
max time kernel
198s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/10/2024, 22:49
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://malwarewatch.org/
Resource
win10v2004-20241007-en
Errors
General
-
Target
https://malwarewatch.org/
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 141 raw.githubusercontent.com 142 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 [email protected] -
System Location Discovery: System Language Discovery 1 TTPs 8 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language [email protected] -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: LoadsDriver 10 IoCs
pid Process 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 676 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found 4 Process not Found -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
pid Process 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of SendNotifyMessage 56 IoCs
pid Process 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 5088 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe 3664 msedge.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5088 wrote to memory of 1572 5088 msedge.exe 84 PID 5088 wrote to memory of 1572 5088 msedge.exe 84 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 1864 5088 msedge.exe 85 PID 5088 wrote to memory of 952 5088 msedge.exe 86 PID 5088 wrote to memory of 952 5088 msedge.exe 86 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87 PID 5088 wrote to memory of 2660 5088 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://malwarewatch.org/1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae47182⤵PID:1572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:22⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:4692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:12⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:82⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:12⤵PID:396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵PID:2356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:12⤵PID:684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5528 /prefetch:82⤵PID:2112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3300 /prefetch:82⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵PID:900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3372 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1360 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:12⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:12⤵PID:4368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:1968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵PID:4008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:12⤵PID:3740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:12⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9145812625331095329,4375182189913628026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:2516
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2220
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4476
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1524
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4180
-
C:\Users\Admin\Downloads\MEMZ\[email protected]"C:\Users\Admin\Downloads\MEMZ\[email protected]"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4100 -
C:\Users\Admin\Downloads\MEMZ\[email protected]"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:312
-
-
C:\Users\Admin\Downloads\MEMZ\[email protected]"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4220
-
-
C:\Users\Admin\Downloads\MEMZ\[email protected]"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1492
-
-
C:\Users\Admin\Downloads\MEMZ\[email protected]"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1740
-
-
C:\Users\Admin\Downloads\MEMZ\[email protected]"C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4604
-
-
C:\Users\Admin\Downloads\MEMZ\[email protected]"C:\Users\Admin\Downloads\MEMZ\[email protected]" /main2⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4464 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
- System Location Discovery: System Language Discovery
PID:2844
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b453⤵PID:1976
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae47184⤵PID:2044
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3664 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe7cae46f8,0x7ffe7cae4708,0x7ffe7cae47184⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:24⤵PID:5132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:34⤵PID:5168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:84⤵PID:5196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:14⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:14⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:14⤵PID:5788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,132625167760551918,3343673288534681461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:14⤵PID:5928
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5484
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5612
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3838055 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5444
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
152B
MD5295d62697b4b5903eb8c0ed78aba5d68
SHA18c2c61087f6c510def41af14af8106676dbe64a3
SHA256c00b3c2ad8eff1e136da0abda5b8c9e13de58ba2c4b86b7c18f0aae6ede15e46
SHA512d6b3f761cb0ed5bb0dc909534892806a65352f76c3838462d1a99cd1d1b044f628f106dac8909dbb666b09dcd87e0ff0ae3c9a5dcb65a257bae7acf1227a4abc
-
Filesize
152B
MD51ef050553514dddb1fcbaadf6156ffe8
SHA17ff6b2008e1be20aeff593c882317d409fabbf6d
SHA25634915336411afb3237119d72d53db2dfe51b19bcd3dac6b889b5695b49bf71bd
SHA512245357299eb76b4edf0028c15eb7107b7d17468e9d2caabbf0ef632dc9b1b1f92f4bc2201ba0171d66cbe076bf24b2458a925fdb5ef6f0bbe46f6a8023dd5ee6
-
Filesize
44KB
MD5db31e56907d568d4142e629e45dc699c
SHA14411317cdfa2dfff6a3652cd3d3a1859d44e2bf4
SHA2563a3bd7d634288d197080aa0f0d181b138817906f0e00e96a87bef2c44621f11b
SHA512a51ff1cc861a4c40dd3fd9354e1c2ecb05e751cea76209fa2879af28f2d29f48dc3dc7822d1b474d3a2b316a3aa31d6d5bb6da7f72c807ba06949d41014d2157
-
Filesize
264KB
MD519ca63722034ed47240ae597dcaeb012
SHA1d1fe491e497bf1e44394246dc4b8b210da294d2a
SHA25603761edcf26aa0d966068dd7bc5604c4636f9aa01908c1666ffbd395340b164d
SHA512f17be9da1f7bbbe6ecdb5ee135975c459d5552a967b1851f7adaa4153a564c34577bf01a5f15aa4da55a2a794175d71883f51d115b6ee50e5569c007c1a50a2e
-
Filesize
1.0MB
MD5fceb092acdedb430b5106395ecdbdc60
SHA16da83b39c14d8ff7f71bfcc437025eeb64098cc4
SHA25640d5939f7ab8ac41ddc559edc12d7b2fa977cd543abc959820ea0ed2f884dcd2
SHA512822c66f705441b80d276973137851d305d41f6329da330ce3fb8d5f5a8c74bc398cf807823e3afef34d171b595cd78ce836d39709712f68c87f3ed3a856ac085
-
Filesize
4.0MB
MD571601813f25361aa84c3c245c83b7949
SHA148bfaa854230cf7ff0969617d8524a8a66f184ac
SHA2563b2d3dd628e5cd0a9c27e8e13cd1369a05bd2d06f66960cc4f3c1bfacd1b7e37
SHA512cc7d8f37dd158c469112559bd5d00f3dab3c2e9402a6de245abad30fdb2033703a784b661c8452af1c950fca1aa25bdab6b9e6f1e2d800550f79209b88e9a269
-
Filesize
215KB
MD51585c4c0ffdb55b2a4fdc0b0f5c317be
SHA1aac0e0f12332063c75c690458b2cfe5acb800d0a
SHA25618a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5
SHA5127021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23
-
Filesize
2KB
MD5d1677a0d949e89c43f0ff76eebec2b87
SHA166f5841f3afcf24ddaec6c30e3da068ad6fa8b0a
SHA256a25c68582926060a5a74f6713632404823c4b9a08c09e9ed6b80c8e15a8f0547
SHA51292da2b78b9ce1cbc25ccdba6b7235666b810eb452e3f021d3844c9bf688beaaccc42a16ba67fa30f604c0cad44e2e9d4c8de4647c0b128bd29adcc3307e85360
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5c3d57d0edca44ec59bc4a5065593ea94
SHA1e2ddf4dc566c3f19834d603bb11d2cd9d2bbe6cb
SHA256ad213949769cb5adfe330b009efa6f8be85e5411a56bb8ba131b12b7b2cf6836
SHA51214012e0cc4e878bdd89de0312efbd5e1f7e2af6a9b8c25e2a95b60018ed8339e3f53f325a3ced4a2697e53225def1a184f07a37253de038c15c51707701ccdbe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5341b4775b3aba00206945eec71ef4fdb
SHA11ef2870445e843c11406ed0a507e36b0048f07f2
SHA25640abf8b285aa280c373fb3da63eb1b5d24a0479a935587e9969a36c21e9642e9
SHA5125591b9b687acc19ceae134d3fc5ce28a69b95831861cfc904c62ea2cbc5f006382337a574c0b1280c34e6cd3fb05edc30681f2d282aed55fb54237ca71218ce6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD58bf7aa00d6f746f22bcd11b3f887a197
SHA127a14c0966b39bf84defddf389613efaa891bdd2
SHA25617a195ed25a1454da8998a0b2c64afc3ea0be9538bf85ccda49b80a10d313e4b
SHA512be0aed252a0dbea70a70852e86bc5b69184e9f137e5352d3bc077ae8a57934af979b9fe8042bb8e378742e9cfdee240ed8d8612cdb9473c1ec8b075472ef29fc
-
Filesize
20KB
MD597167dca4cc9554a579a4b7d2a9d812a
SHA19dbec61eb82e8eb72d6d2d84743149fc0954934d
SHA256c9217ef225bf841bbaa1c45cc4268ce44b529b1303c93466fef4ba35a76349b0
SHA512d889b792d4c4d37057df4f8c2f3832f54f0a6b45044b123bd588e7e3307328fb52cbbe0ace341a0cbd95b4750340771468b183d11409b51acdd1656d3bc4f16c
-
Filesize
319B
MD5e217de56487c01c259d61101484f97a4
SHA14110a2032926685c768406b318607f1d05cf91cd
SHA256921932b925d4a9632daad5edc4d7a52e6919eaff5291ed97fe00e180c8fc73fc
SHA51276bfb3b098cfcf87ebaf1d83bf0d75e321296fe4dd3f2919c1a01f11e7f659faa78891f1f4d1500f0863a5504d45b23fb491e4300ad0fa262a0656745356a6de
-
Filesize
28KB
MD5a5cf1e93ab4ea4eb7e76351010913273
SHA10f9f4c75a32dc323fccd3e8a1d2345b18c0548dc
SHA256b7d07a89404ee305503ee8cda81dfd473b389a552bcced9991e3dc761b81ff44
SHA512a8402868193803ee526327da54cbdad7d36ed331732d9930a2de746afab54fe92fb55e5d7ca106f701b45b73cd1687a9cd5d76cd35830fcfd0d386cb5b8dc8ee
-
Filesize
264KB
MD5e77bbb9540236616d43aa45cfcaf5e55
SHA1e9fa276d997248cfa70518837a76111f5d5b9db8
SHA256d2a68a14fc67355d86faba0f0cca531b1361078fdb170f8cf30db68847ab4201
SHA5124204c7cb4301c878e50e7c55b84c1fd1ae35dfc88a90f901746ff3e6d90753adfb19776f6d53da514789a4eef35b1c0529f31c95302b18369ff08d5ad51e8b48
-
Filesize
124KB
MD5d73e7f8c5ca46dfef40c15a2aa6e1c1c
SHA114cb208c2291ef9e5d021ed25a3648bd466d42b5
SHA2562efccb565aea9f7958548eba052574de1f31e98856c96563ac8599b876bd9e01
SHA512958ec66f39206770a9293995f990305aa88c6cc1a3ee98a928d2eb5346791de8a5df40343c2547111e41257be20c0db4adf7498eec50f41524ffd34a7e562dab
-
Filesize
6KB
MD5d4078845bb71676f820c264423a14d59
SHA1c77cad77ab0fe83c2e2e3d136f2229f0ed0eedc3
SHA256f76ae37d1d4579227606aa33351859ec20461a584d8321acdafc33bd262b505f
SHA512e64198c92afc1c878fc69c58ee6342c7959b9d808ca01ba63fb94d2c9c55545b99c7cb8744dbcd64c0cb40bf1ffca0a30e1eee94eecae3fed6ae7c7027b3f912
-
Filesize
13KB
MD54b7acd85b82463dfcae9bfa87fb31f6f
SHA1dba1a3853d20f6a5102112999eb874fcc7ee4906
SHA256ac78a46aac7084a135732696303fcec1cb2e48a2f930900abc2de639dde532cb
SHA512344e88c1f1f41bc4ab0856b32487dc3e19a20a02001a4de9671e5ff564808c850a44a75f38b1d55e913abebe7e9ed9862d13056b6fcaf57419ca6bacc039bc0d
-
Filesize
334B
MD5d7f2228533e6c6b50021cc7177f649cd
SHA1be9fabc09e079cd76e33c6c0b2313fe1dad4a98f
SHA256ce8200b9c977a98b7b507c39de6467c87e5f07b2ef6c842c5b3bde2f4e843163
SHA51228b6acdc5ef15d999a95ba913f8cea312a274977d5972eed3fd4d4939cf12f57e655677289417387bc9259648dda0feb1a2561a67b49a07b841286b312fb7fef
-
Filesize
4KB
MD58840800b13d633d8669570eb502e89ff
SHA17d96521317bb27b0132d590153f0dcb158883675
SHA256bf052c04c0e2d7a5780020f388cea3aab1f935fdea18913260dade58c3cb1ca0
SHA5128c0fe44504f804a52e2a41cfdff4efe3ed656c7ff8c9eb4f27a94b2a5b11160bbc8436f478593ce27cdb09c48e670ee3edef2700041e33338065b22c4c7a621e
-
Filesize
4KB
MD510fbc902e1302a23d9134283f706043f
SHA1312ce0fe7111c87c751c8255e6e0cec03270ca07
SHA256c95792bc40bdbc08332be9bbbf143a544cec1ace526355326fc859a17322b6cb
SHA5125781ff8b62465e385e341a25865e5248bb2428b6bac12bb50b50694a7f7a26099c5249f1a86392acfa93775b0bdf88ad733917cf7030b749e62ed6a65255db29
-
Filesize
3KB
MD58bc00e11a418c3664cbf0a0184ae3f18
SHA1f2594973d62e2a9a573590ff6ed4c0bf18ef74ed
SHA256f10ce980db3a820894f2d1599e882a7517b9143daea0659dc0e8724afb454fca
SHA512e3d046e49e380d976281baa068386b11515c9580705ff3915109dab7b037054b67823372dc2dc56d460f3b5b48f31d9b29846e4d62547342c4a5e184564f3e33
-
Filesize
6KB
MD552a860d1e5d562de00cefc6b372f771b
SHA13b79d8ffcd3e844cd9e642de65758c9713e21aa4
SHA2565750eea464b7f9889f1bf7dc5398185d7dec9c0e107803d5f6881240307abe33
SHA5125c93eb248bdf9b091979b3b82985ab8f921ab7b1d62f0e17fd6836234445fd8333300ddc28deca13b3523aa5eb93ba91f85b71454e81380768e7ef1d9b18f70a
-
Filesize
9KB
MD5930763307ed8690ff92af03d52c7cced
SHA1ff5b2090a0f1f1f837cbb19cde28717117f4b874
SHA25682b93513c7bc31d69ffe17e8b983a23d63421be46f831d99a726e00c5ffb9605
SHA512f181a05e4ec5607115c6a3e8faa5f1ff8194382439d5f53c4036c9ee98a09c6f201c58a076be212b3ad2ae0a8d64d6d72ad7619acec752bdb7d673279a94af6b
-
Filesize
9KB
MD5a6a65e8f3d7999cccee42590ab52184c
SHA17362a9134bc3563100b9371a9870d81b3d02e7bf
SHA256bb31c6bc55b2b7ca0fa80eb6ed167de8b92bb0db08c3ee3709f59177acfc5034
SHA5121e9d2e3e8511d50919e0492c32404a3208a6ff896985fecfd163165e5dbe8db0f0154dda4aa4c3793bbf205f779b7a2c8504485d5d697b77683aef58281c534d
-
Filesize
7KB
MD558d53df4f69cebfc993a3aac3661b12e
SHA1de228683816434da655eba711657e6b81fbd418e
SHA256d2112f1cba3b7f68d74485505ea679b14bda089ec4d5c2884151575f2caeb63b
SHA512e3e1e559a8eae51b752ad841b6ab718661cdf0e6db6c870cce88cd041bd4d1e1666e031bf3a88fa4e238ad2857b2e1a0ebe744bfa5961125cfb8a1524f4e2a12
-
Filesize
8KB
MD562c0250aaa5c71e88f211ae26cc0251b
SHA18aef3e790f1ec6e2990c183411330b335555e6d7
SHA256aeea44464523c8fdd194206ff7e4f355016e6448c84edc1cefa6059c8bfcc8dd
SHA512dcd26fc2f4e23effaea9092086c9054c01f74f2cccdc77afc4c23c0b8a39de18da0762f9da27025acd49084aaa9bd4e34330b4ecf8d2edbe3a21ee3992640254
-
Filesize
7KB
MD5444afd3cd91dbd617bc759bae999ea51
SHA165e0ff82df4b5512117df9f3f57bf0daaed77d7e
SHA2563dbd30be8693c3f3e775e82bd0a6da254070ebc9db7c64b5b6b833173bd9c14e
SHA5129e27e36a9fa6c04b0d45ad98ce83d4f482bb5ec8f83d3b8bfb277580c2faae4413f33338583d1447b51a345c27e32f4370f906f1ce30e7ad89017c2413bb09b9
-
Filesize
9KB
MD53f0110d5122158762fd8199ff6aa1155
SHA19f2b3bbebc7db6a2444aefc1535ca585e334e3e9
SHA256541a73238b26488ca5b2941539e1c4d29c5bfdd2296ba74ef55b61385e08afe5
SHA5124c104573855f68f225386fab33f48ede73e846f95b0c7097476f763ff22dfdf95e6154fff4d93fd8c8169c519651832f2d411318574ef53e1758f374388f1f96
-
Filesize
1KB
MD547d7bb22a1132ebaad45ce137e6c9a58
SHA16e991199272f5064e611c1e8e502700c3444011c
SHA2561771574b5c4e6270949459bc79833d1199049d6c725c13291eab70ddcd8b0cbc
SHA512bb6188368e67f4ea4f1b03c53ceaad850f03a9861072b33fc3d402c207881ee7bf419c296a7463c6aad57ce042a6f354e70e6b70df932d9078d6fe7369aaca51
-
Filesize
322B
MD54accb0c7bc65a2427bb91798645123dc
SHA1c14b9519ae4c97aa354aec6deead5a58410f5c88
SHA25600d93d8f43bdb43767d44df850cf49c1c10bd5fbd330f1902633399dc23424f2
SHA5124273856ea5450ba10ac623f025c8086c049fb7e47a2e83c508c98edd9c490eb85c90cb84da884549c97bc76f99339b1ace9632994f5cdc53df5ba57d3842c551
-
Filesize
13KB
MD5d1a99fc085fbfab93906e75db298b624
SHA119da5ce678a7deed829d870938bab0da6489af49
SHA25677861fc3c16900c4364d707c0310a743e0d6372dca9380c82a4ae1bd13aa0407
SHA512f2c1391d0c8c06c41b4a31a855aaea838caf63569541ea6e746e85a1f03c8ed8494572d2dfbfb58eb0c1637e638c68ed67742b1956a96a88b0528b6d252801ed
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize244B
MD5a9de5803ef7696d6458cf9cb4130f152
SHA196a425e949764f4a9e91118b1a8af90566168f06
SHA2564a72ca25a5a2217b23276e2c913578fb54e49fc260556fc0a06382bce2170462
SHA51242f240e54c1003d9ace1a458e73a5958d20af7fc15499619a34128a931b723508db043bbe7d29347363396e7f4264f574b9f7898c5c567fab7ae2fba28420b46
-
Filesize
347B
MD51620821f532a59cadd6eb172fe81279f
SHA1d81c05a0e5dcafe804a00a98ae59a92b9edff6f0
SHA256435b400905e79c5a5d79337a47954672e7c714703b5d39cad62d32ae41c34772
SHA51275396dfe0ba2b85f4f26dc0ea507ae6807bd2c0a89fadce10549d5f593c89bcb019fdf4748f24b9a6c5250ee4600bc0773e65a2967378df5843e15589069df0f
-
Filesize
323B
MD5fd10518f1b2db288e3c039026cc28d81
SHA11ad55b66560706f44f09983b032b778bfe308eda
SHA2562464e1662899ca5a65d156ab8188e4f02b26cdccc7f56b7e09548190815843ac
SHA51236cb3183cf0b34552d3446b0885d4445aeb4227be1660e5e43bfd885dc877320457f6ce80a2e51107aed72fd3d8d2646bf6d23bc568db02fa7522bba969d8c8b
-
Filesize
1KB
MD597ea285f2f370ebeb980f2452a82fe8e
SHA16cefa096056b5b93f9cd228c23946430f2057157
SHA256e5ce4db4d58c487a8613d6642f9f8be99e214a01f7aea445157a2a7b732ff818
SHA512b8cfabda6d8375fcc4d45b01f49a92e3aa62d86950869ba7148d66af500bdc1f4ef6ab656887806579fefaa4a9cf0fc1819c80c91eb8025c1bef575d75c4aafe
-
Filesize
1KB
MD553a2732df1cc652770e378fffd842ae4
SHA1abc152d3c7f6590781b89ed5838e4b1d676d6baa
SHA256448399ab249cc8924cf3d6f08f93dad849995b40f1390a3e185c53557cea04f9
SHA512ba80bcf434d55afade2548682a3f90236dfff103bcc267fb3efc21bc740255821d3ee32084a16e01d374b26623a1ff84a4bebc22cdc6708692aa890ea5447671
-
Filesize
2KB
MD55b010572d6aa30a5c9655ef98b7586ca
SHA14a0a8b7943b033de602ea9d002fdbf5f255f8720
SHA256af2b32728c75e6ae8d74f0ec6bfd98cbede32bd94fe6e041a831874c10c04bbe
SHA512fadfdafdf05c1b2ff6a2cbe192e2953c044f630cdd50a9bf739af3f24ab0d6391ba84ce80676277ecfdccf04e62e29a2efb91876ef59bb36eebb75f2c05c0daf
-
Filesize
1KB
MD5b5608c90e56afe82b919cefb57a543ee
SHA1712caec795df10442c9465128c3ba6620298d94d
SHA2560e491ed92ee7b4385cfa5fa6d37b5dc302fd891415247b26264345d8cddb6059
SHA512926ea8de803b7a2ff74a18aacae1bd9036055f248de951f57a2edcf9f2f4f87fc90097fc9537058baa3468ee8e191d871bbbea16ba5af747f659a8fce08057fd
-
Filesize
1KB
MD572701bbd88082c9a67b792d216cc46f8
SHA1a41f5c044a3505de2469cb7e40f53c1fcff55046
SHA25614e0ebe8e86114fec020ccf277a7771416f58c57a3b95c566b2a83a0b095cc33
SHA512d15bafec5a5d1d4921be3ca34f7b1c1818927d8f917ad27915bf3a56fb40414d781b8eb3d813008ed017f1e7fa327022e07402869303163260492733637e7d43
-
Filesize
1KB
MD54b890ccf443c51353596aafc1837e364
SHA183cdd868c2087e0119a33d7f11b69813d76c8a1d
SHA256f834813dd657f1f1e6fadaf26d2c21b9e9fca85b24efedc9bc891d9c98b7b8bd
SHA512648fa8689bdc02d746babf18dc2ee55f8e6483a76aa8bd009286cbfc6ea41ccbf4ef4ab887ae5ab3e5ca32139cae00e4fd89dc5a9dff698b4639da28d8194ca0
-
Filesize
1KB
MD51538e7b94e82949f9bf80d2347a78663
SHA1147e1fe26c94f48562ec82041226d70bc1872cf7
SHA2567bca80fd89e2facd910cce0814172213b9ac7efc6ce3bcfa7dc9aa5a8a173ac7
SHA512a90bc3fc4fbb9708e94185b81f43d30721133c1fee33a5423e9a2bee727f5ffdfe705d2663501055b54d8904854d9e274310986a85b60d4be40adc59b20ec003
-
Filesize
128KB
MD52a9c65944a537ccb6f2d58695c361efb
SHA1715a3a4c2effb01f0192a972281af5c914cdfb22
SHA2564f49e56d57b85e127891696978251d20d8621b3dfe94d5cb437107ac24ee2b7c
SHA512e721248bdbcf9b5c0ec8f59aa36a01cf6e2eb763c427b3e4fd9116008edfe02ea4c73a5173759d1d09a5e67c5d023b41b112ae7562ef94b031b2f8ca5f90fc59
-
Filesize
116KB
MD50c0236ccd6c194568cd56e2db6c78f09
SHA1c75b36f942505545d73b478e211b6492bb19c6ab
SHA25694da596844f36b03eb9bd3bd122e2c27bc79dbe2144d01a4f359ed175b711df7
SHA51287ef4cc384b003bb298576fafa01fa5fa10f056c0f1584529311e30b887486b166321cc366be5c3c557a86a8d2483039b9ca943945200967ed057181720505a9
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
88KB
MD5f85fdec9ad2f5ea14e1ec07b6143c1d3
SHA15423a188110b8d0964a927b2e2c45f623a305e07
SHA2561058078764af89e18abbcf04fbf1d86ef4f0d05b1cac0027dab90d66ec54b7cc
SHA512a069351fcf7cb457816967cec329d39ea141080e6d8429ae20c846c47f2721b7d79fd62806057bba1eb460968e6897d5bd72c3c84bd3c0eb0372bd5060bd6d6a
-
Filesize
2KB
MD5df1b90ca9ac178ad2ddb923e90979502
SHA1025abf8159e1b10905440f119d46d9890ded6b19
SHA256b294bbfe0a989017400c73a3e2a154ebbc2d0c1a9f427fe121741504b29b7915
SHA51264622e2d72bd1c798fcb44392c5c8b216c8beb1ba93b09ba0f5cd6e5fda7a1e0879beb1230b2b1e949a1949a0b4841ff59b1ee7570096616fb92c512189939ce
-
Filesize
319B
MD5328aba71a0d6b45b0c056956cab3f0f7
SHA1186ddccac4aab2296944b46ef057626985a7d489
SHA256f8b7d2905655286a0cb95ed6a490036515b80e81db1efc6af9aeb6765a32963b
SHA5128d9e6e2590f32aaf2a9aa04cc5810b6f1b90cae3d829cd38a8a900387a5ab14ac0c518adecd37c0bc0b2ee0d7804b248510c58d9dcffadd639ca4bcf11d4e8a3
-
Filesize
652B
MD5503807a23b2f0ae91e9040ae3696d745
SHA1cce524056befe2aae327413aa740e51ab7c8fce7
SHA25606a1edcf54e26f0179ba3eee0ab930418d433b1249b546268362d82b93ef8a94
SHA51271765659cc78e7f14a522b6f143dcee9ff688e16790b2829a92cd0ec2a5e45eb6a9e28513137c79c3c9c6e19a5d6b17cc97139cf5f8d27136f9cd6852ac6d4e5
-
Filesize
337B
MD569dc2fa612f591d584e44cb26f17d11c
SHA1660d7767173582b2ac72662e6386e19b26478f36
SHA256f0a4dfde1cfa969b1b40f52a29ff7544f951ebc51f60fc4047a6386d62971249
SHA5128930a6897bb63a9d539eb7fef0f06e193236c30780837b9da9231ac7067ec8df87ab647a470eb8d9d4a14a3094d65065debbc8c330c18df1feec56e9eaf95bdd
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
10KB
MD5b98a48068e2af88f5659e944bbd46061
SHA1735a29c723cb43ff2b3c3c1ae52c6b6a313eff9e
SHA256ebea4f3f990bbce1c6c4fdd4ffa457beb614b2a7352c0dc18906b3c5c583b916
SHA512f49fd1cdaa0563e31d8eff14c3c6e154fb2f04fa60ae602be32ef2baef053229e3a6b7f887beb9b0cc027d9e4f6ebeab79b932fd389b238b7716638a85bfcbb4
-
Filesize
11KB
MD5f0d86a629b9c20076b40372787183c90
SHA1c5dfd9f41b5eee5d14e047afd8ac36f0b62423bd
SHA256fae158d5a5199b169b665e81eb2cd74c3f89a2b509da7772cf54e1dc800dc0cc
SHA512e93964cd7acfd19a2c0514f1210fd8fb950d3667f9164f526267be9aa13ea5e5463d39ebebf46202e7e146844125615c0e62a34b61490298671016fd11a178c7
-
Filesize
11KB
MD587def88e879192fa87c6ff12c2a0d273
SHA1a8e1aa9983cc86281cc94426794be0c22e81b875
SHA2569fc3d8baaed12bbf639691da9753020840f8a603ddb0a37464ce09835a2170cc
SHA512be7d9f843a57ffad0e5238be2b69aaad1e4f39d01af340a1b958a5e5a11ab85b537c2466a9aa60eccee0b07dfe583b2db0ed5f6464de020e4aefcdb66015afc1
-
Filesize
11KB
MD57dc9abec6ecc70614c518ab748db9cd1
SHA1b89a2630baa1a94c3757c1ff5635a3b41d5710f0
SHA256ef97ad81f6e6586437ad6998d96e5b69cda6dc666c62e3331fcd55a4503653f5
SHA5120cfd9a4fc53a7bef21429d6919853f04f45a595e8da071fbe543b2736ee1574606596074c0ea1ff4cfce9de0a3013f63b5e196ee29d6168c54fe65bf32a42b39
-
Filesize
11KB
MD59bae3c6d877647bfb3b6af5547e056da
SHA1ae23f22307c2bb5c5915bf7bb22347694135d1f4
SHA256279842290a81355906dff6fa3a9cace0e3b3c77e86f523627aca102a79cbf5b1
SHA512fb34aea96471ff6b39ee93591fcef5bb7dfb48d8767412776901c4e1715a1be6653ad9f42e4a0161a386ebeb44c07099e4a98739cae6d75bc491b6683afc46c0
-
Filesize
264KB
MD51ba02f709d5c7e68c170f732ef46bcec
SHA1ab0924df35ecaff699ed6c02634d55b04c9dd6a6
SHA2562f06d812e5d51ff3168dab2ff58ae96e10bde6e9999b2cd30a8dafb0e73f23a3
SHA5121147c87606d82a816250b20cd57ecea49e7eb6808f09c7fb485ac2a877c1db5210ab595b8f433b1bf53ba6278e7591feb7b40126dce0aef3fba6ceb8526b167b
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD5e8a082b28cc7c32002e665c010603bf7
SHA176d262d5de6723864f42d23bf629d2ecfab00b7e
SHA2561421fa55511caa644ab572a68763b653df48ef619171d626bdb49bfa3f9b9218
SHA512cb7ba96f80c84643b453f3cda62b4af80168da44e1391cfe802b83f917c5765be68283c88044794408c993971915f55b805453263f80608e92feb70a08f5f859
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf