Analysis
-
max time kernel
1729s -
max time network
1684s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31/10/2024, 15:38
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://piratebay.com
Resource
win10v2004-20241007-en
General
-
Target
http://piratebay.com
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 3528 Process not Found 3528 Process not Found -
Enumerates connected drives 3 TTPs 20 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\x: xpaj.exe File opened (read-only) \??\y: xpaj.exe File opened (read-only) \??\e: xpaj.exe File opened (read-only) \??\i: xpaj.exe File opened (read-only) \??\k: xpaj.exe File opened (read-only) \??\q: xpaj.exe File opened (read-only) \??\w: xpaj.exe File opened (read-only) \??\t: xpaj.exe File opened (read-only) \??\g: xpaj.exe File opened (read-only) \??\m: xpaj.exe File opened (read-only) \??\o: xpaj.exe File opened (read-only) \??\r: xpaj.exe File opened (read-only) \??\s: xpaj.exe File opened (read-only) \??\j: xpaj.exe File opened (read-only) \??\n: xpaj.exe File opened (read-only) \??\u: xpaj.exe File opened (read-only) \??\h: xpaj.exe File opened (read-only) \??\l: xpaj.exe File opened (read-only) \??\p: xpaj.exe File opened (read-only) \??\v: xpaj.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PHYSICALDRIVE0 xpaj.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification \??\c:\Program Files\Microsoft Office\root\Client\mfc140u.dll xpaj.exe File opened for modification \??\c:\Program Files\Common Files\System\ado\msadox.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.IdentityModel.Selectors.dll xpaj.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_sr.dll xpaj.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Document.XmlSerializers.dll xpaj.exe File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_zh-CN.dll xpaj.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\en\Microsoft.PackageManagement.MsiProvider.resources.dll xpaj.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore.dll xpaj.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Runtime.InteropServices.RuntimeInformation.dll xpaj.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-runtime-l1-1-0.dll xpaj.exe File opened for modification \??\c:\Program Files\Windows Media Player\wmlaunch.exe xpaj.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\UCRTBASE.DLL xpaj.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\api-ms-win-core-timezone-l1-1-0.dll xpaj.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ONLNTCOMLIB.DLL xpaj.exe File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe xpaj.exe File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\SkypeProxiesAndStubs.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libdvdread_plugin.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libshm_plugin.dll xpaj.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\ONFILTER.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll xpaj.exe File opened for modification C:\Program Files\Internet Explorer\sqmapi.dll xpaj.exe File opened for modification \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll xpaj.exe File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\msproof7imm.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\PresentationFramework.resources.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll xpaj.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\FilterModule.dll xpaj.exe File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.6.73.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll xpaj.exe File opened for modification C:\Program Files (x86)\Common Files\Microsoft Shared\VSTA\Pipeline.v10.0\HostSideAdapters\Microsoft.VisualStudio.Tools.Office.Outlook.HostAdapter.v10.0.dll xpaj.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\mscordaccore_amd64_amd64_8.0.224.6711.dll xpaj.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\REFEDIT.DLL xpaj.exe File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_el.dll xpaj.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.hu-hu.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\access\libsmb_plugin.dll xpaj.exe File opened for modification \??\c:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\seqchk10imm.dll xpaj.exe File opened for modification \??\c:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ar.dll xpaj.exe File opened for modification \??\c:\Program Files\Common Files\microsoft shared\ink\mshwjpn.dll xpaj.exe File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Video.UI.exe xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_ko.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\de\System.Data.Services.Client.resources.dll xpajB.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\MSOADFPS.DLL xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_fa.dll xpajB.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll xpaj.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\api-ms-win-crt-environment-l1-1-0.dll xpaj.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\JitV.dll xpaj.exe File opened for modification \??\c:\Program Files\Microsoft Office\root\Office16\MSOHTMED.EXE xpaj.exe File opened for modification C:\Program Files\Mozilla Firefox\mozavcodec.dll xpaj.exe File opened for modification \??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Security.Cryptography.Primitives.dll xpaj.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\spu\libmarq_plugin.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\it\System.Web.Entity.Resources.dll xpaj.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.SapBwProvider.dll xpaj.exe File opened for modification \??\c:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.22681.0_x64__8wekyb3d8bbwe\x64\msvp9dec_store.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\pwahelper.exe xpaj.exe File opened for modification \??\c:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_is.dll xpaj.exe File opened for modification \??\c:\Program Files\Java\jdk-1.8\bin\api-ms-win-crt-utility-l1-1-0.dll xpaj.exe File opened for modification C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_uk.dll xpaj.exe File opened for modification C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\Microsoft.Build.Conversion.v3.5.resources.dll xpajB.exe File opened for modification \??\c:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe xpaj.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\Microsoft.PackageManagement.MsuProvider.dll xpaj.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\OSF.DLL xpaj.exe File opened for modification C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.reportviewer.winforms.dll xpaj.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\fontmanager.dll xpaj.exe -
System Location Discovery: System Language Discovery 1 TTPs 4 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinNuke.98.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language WinNuke.98.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xpaj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xpajB.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString WINWORD.EXE -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU WINWORD.EXE Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS WINWORD.EXE Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily WINWORD.EXE -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: AddClipboardFormatListener 2 IoCs
pid Process 3964 WINWORD.EXE 3964 WINWORD.EXE -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2280 msedge.exe 2280 msedge.exe 2968 msedge.exe 2968 msedge.exe 1348 identity_helper.exe 1348 identity_helper.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 2464 msedge.exe 4168 msedge.exe 4168 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3228 xpajB.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
pid Process 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe 2968 msedge.exe -
Suspicious use of SetWindowsHookEx 15 IoCs
pid Process 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 3964 WINWORD.EXE 4796 xpaj.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2968 wrote to memory of 3056 2968 msedge.exe 84 PID 2968 wrote to memory of 3056 2968 msedge.exe 84 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 1236 2968 msedge.exe 85 PID 2968 wrote to memory of 2280 2968 msedge.exe 86 PID 2968 wrote to memory of 2280 2968 msedge.exe 86 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87 PID 2968 wrote to memory of 836 2968 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://piratebay.com1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffabf6646f8,0x7ffabf664708,0x7ffabf6647182⤵PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:1236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵PID:836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:4812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:2752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:4744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:82⤵PID:1596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4796 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:2724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:12⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2712 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:12⤵PID:3304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2420 /prefetch:12⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:3164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:12⤵PID:4420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:3808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:1404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1940 /prefetch:82⤵PID:536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:12⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,1210832552011350552,16043269135038017713,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:1852
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2172
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:636
-
C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2456
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"1⤵
- System Location Discovery: System Language Discovery
PID:4440
-
C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE"C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3964
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"1⤵
- Enumerates connected drives
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4796
-
C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe"C:\Users\Admin\Downloads\The-MALWARE-Repo-master\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe"1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:3228
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
279KB
MD57efcf0111eb7a22aec8410d6a427b328
SHA1d6828e7c4fb2789da55899e69c6197eaf4017b88
SHA2567a83319f41c626818556e406b5b664aa4c102cb851269e9becbe3041bde4368a
SHA512c1526e7bfe3c9f5d9ea9ab0f18d555e01f107ec56123ab83b8677ac24da57e206fb02a0148d2ae08ceba6ec4c10f42a46b0093e2324c0d723f09ec1fd4f43d97
-
Filesize
613KB
MD5c1b066f9e3e2f3a6785161a8c7e0346a
SHA18b3b943e79c40bc81fdac1e038a276d034bbe812
SHA25699e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd
SHA51236f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD57ab6d4e019c1eff24aa6aeb55db1596c
SHA16f0a48b7d9132d8530d9dfb4d83df40343f7a590
SHA2568de93f0424e309c5b2779ab1cb842059ca702d8b0ead532c6bda2c40046ce83e
SHA512977ab2463b0fd972e6b27ebd26c4697ab7004edf4fa477a127039f137b2d1c9bcf6330508e79592feed4b586c89a4e9861db9b64bdd5f243e2bdadbe98d6eb73
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD582477d7f1942cfbe116284dede42d8a7
SHA110d1d04423e25c7177bf61032314f5e0e9cb8db8
SHA2560829c81b2940db6a9eb532a7ece8ae035039c484e00aa6525cb9ae6c8f054ceb
SHA512f7e4bb4410e78e1f0f90c80cb465e709b1f7773809c376ad510c249b76b936e56b0c73fc0dac5d6cc57e86602545d4fb41cd9fa192391c6e7ac03b7520383bab
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD556e7408bad7eb254033189403a433287
SHA1014ff955721aa2064265d671d96d657915338683
SHA256c1d56f7cc7c1f91fa6b1dd8c94b7a12ebbd5d44c66ed75ab7add04b44122f51e
SHA51243c277096b71b3350d030104b81bc01af5280cd18e88290e4fb8d005f5e488716375c648822746195b6bc1c4db4cc44d093d167b8b56c29e3cfbba304e3dbf92
-
Filesize
4KB
MD5b6a4306f42ed1c8fe2df6907d3d9f086
SHA1a45e28af17f9eefe83e2a6704782bb0c1ea0bc75
SHA25630056024c63eccfde516d81a4b864a20c5b0cd2075dcdc55515b1a5d703d8c4c
SHA51290f7494fefe72c122f47700bef1c44a37812debdaaaa562e0e6b9466e8d97383277bc2f67ae2c552b70976b6e2124474a73851c3abb1d8b2c3df40c0e1bb14dc
-
Filesize
1KB
MD5d91feeea9e04b6370b630633700c84fe
SHA16acc9678ce1e0c7fdaec8ba4321a1dfe2eb91f3b
SHA2562c284b3a410e68368ded04807073edc729412809054482e769163d4b863b3a88
SHA512b00ebc6408a2b7694e9754100b5e7fbc25344b92c688b92d8d37971489f80e58ab423673adf5eda021acbf5415d05efffcfccacdce97bc75cf1819b00e6dfca6
-
Filesize
9KB
MD5e3a3514c5a70d5679013e65113cdfd30
SHA14aa46a77efa25a54ba46211db91c046e06cf0596
SHA25633ecfc4039044f2984c7ff899f9c6923e047d1f9085677cfe4715a71efc7c94d
SHA512807e48ed27e6e3e329527f9dfcd4c0b28e3be941565765b491ee47ba144669da341186af8212c5687c80810dcda746ca71071d0896f3e9fe6dbaa8fd3b45691d
-
Filesize
9KB
MD5f61df0d5c6560c4142713de2f21a8e26
SHA1d49e4b65fa555b1f6d8fa56ac5bc1da0793dbcdc
SHA256d3cb0bcf2b9040e1c0cbe9112206722aed2c42ea73d22ae8ff2f3f3bdd378ea2
SHA5123eb73ec429d99ba356ac30c8cf75fc2dc4918d4e0d7e5f2405eea2cb575233ff85c6f1139c6fc688bc7ca35b8af4fa8d67cada29d794899ae5f2ddc5cf95e905
-
Filesize
9KB
MD5b380471fef7ce53838d137647da9f662
SHA1fbcfdccccbbcf486b7373b6ff2190ac234b72822
SHA256e11c47cce6c5fdc262faf7bd005b3431b2417c79b2017d0e9254143df434891e
SHA512a3710ac2aaee40ba8bff89f800f39ed806160e579de4cce59cd8a92bf56e90ce4fec53e3310711a872d8f76987bab6071b10c1cbda57dd6e7e47e3df413bf076
-
Filesize
9KB
MD59b19735bdc28e71de25fef1949597a41
SHA1e896005f93e3d8b949962a49abeb6c8b2c395c6a
SHA256cb850d63e269e0c8fb636226d00fdbdf3bbc6167cbf0ba6c756f2dc25d3e77f0
SHA512e213258668b343245a5e645385272cf8f3dc408403139878725ca3af4bfdf19963f09032f64d66d8048739495f1d0be0a53f2d0c627d4ee3ea034e09de99c999
-
Filesize
5KB
MD5c28e609b3a7ac965a58dae889339254c
SHA1b8147f6ff61394814ffd0699f796fa3811f255cf
SHA25674a371a43cb34defcfa341132a49cefd4717cf62d93774b23597013d003e6524
SHA51299ac73126d8482110a205a2c29d75a6d0341a28a341d1fbdc0daac7cd5a53e2820d88cb11347b7fa22dac22a15078d5829e05acfcdcb5bdb0cafcc1d112908e9
-
Filesize
9KB
MD5a5794fd782668f80541d27ece75daf2f
SHA169e92c76797c18e71ec18cc5d921112b4fc7c446
SHA256937c6ebe33d551b70efa983a6443e74acd1f6920099c1ad90e10c00de2c9f208
SHA512f6b6dd812a301b2e51a5f43d6a78c62cf4dd1bc98b9482f6c77cdcdbcb09849866dfaaaab26e7e0ec76e399844f30897b9119e974a3dbe814e370dba8624d02e
-
Filesize
7KB
MD59083d09e6ae1f21350ab6c7f0776f92f
SHA182e992a9664465799a8228519bca3ceed5e5f2cc
SHA256df92622337d89ca09e908586f174542fc2487055b8e7d91e869b406eb7472ae4
SHA512b7b4adeb3f7a2992e8923a54638443ce90ae0c0ff4cb67e29be7dfd52f609603c0050bc2a1a9c06b12b13273b49ce9627990bd0b4af0bd17cca4a7a7da0605de
-
Filesize
8KB
MD56c597599e5d44086c1943bdfb30c649b
SHA1ca3febe5660a6c2fe99a8554fd76f0d06b2fb584
SHA256df3e64919ff841b24cf0d2ad6626b238ec5519a6e7bc8ce29811b0c1697e8cd4
SHA512bba263e6fee1ce4a8b4bc155efc8d985b768f6859fedf51499eea6ca84f61f407e790a6335bcf0795ecf94095690e56a885d9ec43945c6263b53d4c85a25c399
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5c1b9a47fd9a1b102cdeaa90b6c787d93
SHA1472528698f9f58483e2fca0f7df04662c297cdf1
SHA2569ac4e3d957ff0bbb40593e8820d3d413babbc0b90f4899f8daa62dbf546ebe23
SHA512c5c99b4326a42fbe6aa7e09029688e3f02e8b4becca3d7b65d46a729314cd5e8f5393da5f55aac90f5ee80021ddb95d4cf6a72f8a4b691b7e3bd485f236ceaf1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d91a.TMP
Filesize48B
MD5c08ef55160501c9d2757ad84c12a9656
SHA19be7c7bab72b5bef053dcba855b2902efbd72ca9
SHA2567901af794db5f56c98ca947a3eb75bf2d363df0f845e7b283ae6297b99b9daf8
SHA5121acade82ffa5db04e9e57422c987935d4bcc359308694a343af2f97fa8e0f7e492ad899932cf0357ae463d99e044884f6f7ee1d52838c6e96f32f4d5820b3b67
-
Filesize
1KB
MD58a3da88fa1e6d24451105a614849b45f
SHA1858e31ac256e18e8ef5009e676407e8455821c96
SHA256f2dd3a53e195fd040da88d9a13b4afa02789cb1b2a353482bb6f19bbf9f29d5d
SHA5120212e8f06241bc7c8178079fbccee0d27c1c96fc71d2139d240658181cee8c249814e9a0bff024bd1d65c459eb7b3e3a4ad919c2616f3ba57b954bb8cc632eef
-
Filesize
1KB
MD5a16c66a05a579fb98429d20a80434f34
SHA166674db9ee7b76b9793f63fb7cf10992e9e395f8
SHA25657b5c7dc01843656095736880053b07c90021c55f740d85eff0fde32f2697a64
SHA512e23e4d25bc85a6a86a3ca7cd0d84bfe0b12368a28873978b39e846a4d89c4e3086c3e9c08e1b296f0fc580cbedec9d39165b13af380bd7aa13be4530ec080451
-
Filesize
2KB
MD5d5df7e3f94292e4099df786c918b25ee
SHA1808c30dd860cee2a4c43855de1fa0130a9f49e88
SHA256e03a176b5827c1b986dfb11b3520aded82859196afaa1be7ce02756f2adbed3d
SHA512941e49fd530ec690cebd94b1971503743535f1404acbea216644b1fb42eb4a4b3ace8d91a3876b125cd946ee65ad381d211dd7d86604159cb7f223a520b54a63
-
Filesize
2KB
MD5f98b088cc91e19b6ef6bbd49866d0351
SHA1145df19987404c62215f13e67c1dc1e3194e5c7d
SHA2560a756625ee68c26043ee9d36c10e97e644ad7461d895b3cf65edc4c051fdf035
SHA51262041ff8c9f1169cd1a4546b9b71e6e56cd7d638606e66708da0b712cdd75c825dd16d0744419baf103a0f11140985202d696ebf5d1771e7c3cdd2bacd07b270
-
Filesize
2KB
MD5edf1179d095e25654df12cc732afd3dd
SHA172f2a1eab416e15e9becdd3feb6daeb75630e690
SHA256223ff2e7c4dd4cc8aa434888a29689483007c30e3abb1aefe2a88714eefacd12
SHA512f73f5fa47fbe974fca9a06a6e7997af338d7ab7e1ef8513b8fb41680cc3d3518f44766cdd60b97047aa936b91e6ff6d8b8f4de599570834e0885c5f6acc7905b
-
Filesize
1KB
MD5d099dc5c1a422004f11f136f02bada3d
SHA14c884024274babb2d89893836e7a490fd0cf5904
SHA256d25ceff949f15deabb24cacfe6d58ca4d09b2868e3a9e9c0ccfdaeea373f813f
SHA51204e4cc012ac6eed4529fd89f37099d148f2ba556322634e02239e67c3f426dc8292d607904cb400f52531f96b6f28a84d546f017769e64f077021b7e61e8a562
-
Filesize
2KB
MD5dc1562b012c33b2433e2094cb657210a
SHA13f76addfa907dd7296915ea724d69cd2d6544468
SHA256a8a9bf223710b442b3af19b87319f81a392bff7c9995dc8060808203e3b02933
SHA5128943eb1348967d5b8a198ecec2b49142608c01fa9aafd39a406faa78230f8f419f662df96a1ef3df3b3cf09c07557faf9f3ec1f6a76451520110b6792d0fffca
-
Filesize
871B
MD5b3dd9faee3f5bfdc38f52f6b40ad0ef0
SHA1495f6705babd31ac4423cba19fbf5c024b314bc7
SHA2564004c49635b32b40f258386c52033f656333146c48863fc1823769fae5710ab4
SHA512b30db15d00e785062e6de652347ce9c3c95b0c2902fb3ca9f42bdfd5201a4bc2292a18fb226504e89dbf871dfe430278a9e00fb416168c9f441f4c6285df5049
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD56e83312f2e2ec413589d68341437b38d
SHA1bdcad27583c7be1fa465748c1d51d91b17a57f9c
SHA256b6932bfdfe1f48526c98343f19fe0c0b704092571dda8b5662434e2e73ef4103
SHA5128bce3239a07bce0c36fa46dc3ede7379affecfc80919b14df002e43d5717a2678ffb34b73ff6e9a3b83709491a00f4ac0c7ecc89544b0f5ccdbf6d46e518afda
-
Filesize
12KB
MD519409cdf00b2617f4df205bc0d5b64ff
SHA1524c8746475f54bf9d33d3eef70ef7535b743831
SHA25641910261de7c221aa934e4d728cdec07316b0749cb197b0088aefc0087342228
SHA5126537b18d3c2c1bf889059a65871c83e837c69e44bdecd55594cf112335473cd82d5a6c7a004442f5778f18e8f44ebe5d4ee49287296de32caf8fe300c3a6249a
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD585bc9ffbf16460866080b7aac62b6bcf
SHA136baf9ffa5f06747caa176472444e60fe82568bf
SHA25665df67ae9caa8b3e9ea48fc9fe00c8b3a63be1e91735e96326eaf8489d508b94
SHA5129bf3e268e43d38c5d98643ba78fc6276d64a7ad190799f8899d8784692e6f74157aec1c2258784941b8496bb4694726edddff01406724d1cfcbfa081f7985cd5
-
Filesize
262KB
MD551d32ee5bc7ab811041f799652d26e04
SHA1412193006aa3ef19e0a57e16acf86b830993024a
SHA2566230814bf5b2d554397580613e20681752240ab87fd354ececf188c1eabe0e97
SHA5125fc5d889b0c8e5ef464b76f0c4c9e61bda59b2d1205ac9417cc74d6e9f989fb73d78b4eb3044a1a1e1f2c00ce1ca1bd6d4d07eeadc4108c7b124867711c31810
-
Filesize
1KB
MD50fbb05432823aaceca558ab005e93189
SHA145c01e3f5436066268f255996e0eb48c1f85491d
SHA25686718caf6419b5cf0ca02c2f2ae68d79274471a04992ef1ddaefd6447d56ac2a
SHA5124c602d9b77d76f6aecaee5aae77a75b61863201cdd45ff983d39af2b9f5df3ad23a004d85e40e3b9598e3168125d64e922c55df9b8ac1a9780af447e6906f226
-
Filesize
251B
MD588039fa36d3bb14031e4393a8d56144b
SHA1971b66033cb3c80d3792642ca3e65722a0a46a24
SHA2561ef87fb6e0a2adfc8e332972ed73fb41ced8489bacebd1a9d63c03a4ec608dd8
SHA512526c4305d17989f9f4b54ce91a64d71e2754781fbe8124cde156b4291435f12d15bdda87e0dade8ff87b93110c1c307405369e6e81de2cbb6131aa76047fee26
-
Filesize
31KB
MD5e487fe5dee1cb0d667bdf606643811d5
SHA1b6dd5201212a19b2fe6c1cb723ed953482ab8690
SHA25652bbb040f29c755edc0fc86403c94908b568fdac34598085df39c66bc2c83329
SHA5120b7324cafdff79a7b426c50b6c75094a439e9f5cea32208c350f8ba0358e63c551b217bb089a72bf6d5791fd9be9f88eb23d84e0267102daff0b1230c694c9b9
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize2KB
MD53f7cb5f5cbad9a5bc28bf53d48fd4ae5
SHA1f49f0648c5c2bc50902abcf0a5e25039f9a28b4f
SHA2565161ccf6b53c1e323cc6d0982a59e3bc161476e95e7792b01dafb5f51a0efe7d
SHA5128c8171bfabdad7071e596c3f26cf1534dbf9863ac1019e3606c68656ae18087eac30754905a2f3e7c698a9e3f9054dd11fac3a6481d65691ec46beb031112bd1
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
Filesize1KB
MD5859d5358f9c81087e4d4c56d9f842cf3
SHA1db042637d86dacb22bf8bfa0f0fb366df92232aa
SHA2569bfcc359cb94922d2495b97f50e8b2af53dc8c4dd66b558e63d5ec138e81b369
SHA512c3bcbcaad6311b6899f6c1425da94cd5db8d8c35d6fcf8e874026a0516cd33113f73d60a9917c5d89073b3e3e342dc1969a7e46fb330887327ec5fed10e73669