Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
8Static
static
3qbittorren...up.exe
windows10-ltsc 2021-x64
7$PLUGINSDI...LL.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...LL.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...em.dll
windows10-ltsc 2021-x64
3$PLUGINSDIR/UAC.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...gs.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...lW.dll
windows10-ltsc 2021-x64
3qbittorrent.exe
windows10-ltsc 2021-x64
1uninst.exe
windows10-ltsc 2021-x64
7$PLUGINSDI...LL.dll
windows10-ltsc 2021-x64
8$PLUGINSDI...LL.dll
windows10-ltsc 2021-x64
8$PLUGINSDI...em.dll
windows10-ltsc 2021-x64
3$PLUGINSDIR/UAC.dll
windows10-ltsc 2021-x64
3$PLUGINSDI...lW.dll
windows10-ltsc 2021-x64
3Analysis
-
max time kernel
714s -
max time network
706s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
02/11/2024, 19:04
Static task
static1
Behavioral task
behavioral1
Sample
qbittorrent_5.0.1_x64_setup.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/UAC.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsisFirewallW.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral8
Sample
qbittorrent.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral9
Sample
uninst.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/UAC.dll
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsisFirewallW.dll
Resource
win10ltsc2021-20241023-en
General
-
Target
$PLUGINSDIR/LangDLL.dll
-
Size
5KB
-
MD5
50016010fb0d8db2bc4cd258ceb43be5
-
SHA1
44ba95ee12e69da72478cf358c93533a9c7a01dc
-
SHA256
32230128c18574c1e860dfe4b17fe0334f685740e27bc182e0d525a8948c9c2e
-
SHA512
ed4cf49f756fbf673449dca20e63dce6d3a612b61f294efc9c3ccebeffa6a1372667932468816d3a7afdb7e5a652760689d8c6d3f331cedee7247404c879a233
-
SSDEEP
48:S46+/pTKYKxbWsptIp5tCZ0iVEAWyMEv9v/ft2O2B8m/ofjLl:zbuPbO5tCZBVEAWyMEFv2CmCL
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Control Panel\International\Geo\Nation MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Control Panel\International\Geo\Nation MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000\Control Panel\International\Geo\Nation MEMZ.exe -
Executes dropped EXE 14 IoCs
pid Process 2392 MEMZ.exe 2440 MEMZ.exe 1176 MEMZ.exe 1244 MEMZ.exe 1264 MEMZ.exe 4492 MEMZ.exe 4396 MEMZ.exe 3940 MEMZ.exe 4924 MEMZ.exe 448 MEMZ.exe 5004 MEMZ.exe 5576 MEMZ.exe 644 MEMZ.exe 4608 MEMZ.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 265 raw.githubusercontent.com 266 raw.githubusercontent.com 267 raw.githubusercontent.com 268 raw.githubusercontent.com -
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 MEMZ.exe File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in System32 directory 1 IoCs
description ioc Process File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe -
Drops file in Program Files directory 2 IoCs
description ioc Process File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241102191520.pma setup.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e067b6cb-006d-41d9-b6d8-f896f013269c.tmp setup.exe -
Drops file in Windows directory 55 IoCs
description ioc Process File created C:\Windows\INF\dc1-controller.PNF mmc.exe File created C:\Windows\INF\c_diskdrive.PNF mmc.exe File created C:\Windows\INF\c_firmware.PNF mmc.exe File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_netdriver.PNF mmc.exe File created C:\Windows\INF\c_receiptprinter.PNF mmc.exe File created C:\Windows\INF\c_fscontentscreener.PNF mmc.exe File created C:\Windows\INF\c_fssystem.PNF mmc.exe File created C:\Windows\INF\rawsilo.PNF mmc.exe File created C:\Windows\INF\rdcameradriver.PNF mmc.exe File created C:\Windows\INF\c_fssecurityenhancer.PNF mmc.exe File created C:\Windows\INF\c_fshsm.PNF mmc.exe File created C:\Windows\INF\c_magneticstripereader.PNF mmc.exe File created C:\Windows\INF\c_media.PNF mmc.exe File created C:\Windows\INF\ts_generic.PNF mmc.exe File created C:\Windows\INF\c_smrdisk.PNF mmc.exe File created C:\Windows\INF\c_proximity.PNF mmc.exe File created C:\Windows\INF\c_fsopenfilebackup.PNF mmc.exe File created C:\Windows\INF\c_mcx.PNF mmc.exe File created C:\Windows\INF\c_display.PNF mmc.exe File created C:\Windows\INF\remoteposdrv.PNF mmc.exe File created C:\Windows\INF\c_fssystemrecovery.PNF mmc.exe File created C:\Windows\INF\c_scmdisk.PNF mmc.exe File created C:\Windows\INF\c_apo.PNF mmc.exe File created C:\Windows\INF\oposdrv.PNF mmc.exe File created C:\Windows\INF\c_fscontinuousbackup.PNF mmc.exe File created C:\Windows\INF\c_fsactivitymonitor.PNF mmc.exe File created C:\Windows\INF\c_extension.PNF mmc.exe File created C:\Windows\INF\c_fsundelete.PNF mmc.exe File created C:\Windows\INF\c_smrvolume.PNF mmc.exe File created C:\Windows\INF\c_swcomponent.PNF mmc.exe File created C:\Windows\INF\c_fsantivirus.PNF mmc.exe File created C:\Windows\INF\c_processor.PNF mmc.exe File created C:\Windows\INF\c_cashdrawer.PNF mmc.exe File created C:\Windows\INF\c_barcodescanner.PNF mmc.exe File created C:\Windows\INF\c_fscfsmetadataserver.PNF mmc.exe File created C:\Windows\INF\c_fscopyprotection.PNF mmc.exe File created C:\Windows\INF\wsdprint.PNF mmc.exe File created C:\Windows\INF\c_camera.PNF mmc.exe File created C:\Windows\INF\c_fsvirtualization.PNF mmc.exe File created C:\Windows\INF\digitalmediadevice.PNF mmc.exe File created C:\Windows\INF\c_monitor.PNF mmc.exe File created C:\Windows\INF\c_linedisplay.PNF mmc.exe File created C:\Windows\INF\xusb22.PNF mmc.exe File created C:\Windows\INF\c_ucm.PNF mmc.exe File created C:\Windows\INF\c_volume.PNF mmc.exe File created C:\Windows\INF\c_fsencryption.PNF mmc.exe File created C:\Windows\INF\c_fsinfrastructure.PNF mmc.exe File created C:\Windows\INF\c_fsquotamgmt.PNF mmc.exe File created C:\Windows\INF\miradisp.PNF mmc.exe File created C:\Windows\INF\c_computeaccelerator.PNF mmc.exe File created C:\Windows\INF\c_sslaccel.PNF mmc.exe File created C:\Windows\INF\c_fsreplication.PNF mmc.exe File created C:\Windows\INF\c_scmvolume.PNF mmc.exe File created C:\Windows\INF\c_fscompression.PNF mmc.exe -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
description ioc Process File created C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier firefox.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 4936 3428 WerFault.exe 84 -
System Location Discovery: System Language Discovery 1 TTPs 13 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language notepad.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MEMZ.exe -
Checks SCSI registry key(s) 3 TTPs 23 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName Taskmgr.exe -
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Enumerates system info in registry 2 TTPs 9 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1361837696-2276465416-1936241636-1000_Classes\Local Settings MEMZ.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier firefox.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2440 MEMZ.exe 2440 MEMZ.exe 1176 MEMZ.exe 1176 MEMZ.exe 2440 MEMZ.exe 2440 MEMZ.exe 1244 MEMZ.exe 1244 MEMZ.exe 1176 MEMZ.exe 1176 MEMZ.exe 2440 MEMZ.exe 2440 MEMZ.exe 1244 MEMZ.exe 1244 MEMZ.exe 1264 MEMZ.exe 1264 MEMZ.exe 4492 MEMZ.exe 4492 MEMZ.exe 1264 MEMZ.exe 1264 MEMZ.exe 1244 MEMZ.exe 1244 MEMZ.exe 2440 MEMZ.exe 2440 MEMZ.exe 1176 MEMZ.exe 1176 MEMZ.exe 1176 MEMZ.exe 1176 MEMZ.exe 2440 MEMZ.exe 2440 MEMZ.exe 1244 MEMZ.exe 1244 MEMZ.exe 1264 MEMZ.exe 1264 MEMZ.exe 4492 MEMZ.exe 4492 MEMZ.exe 1264 MEMZ.exe 1264 MEMZ.exe 1244 MEMZ.exe 1244 MEMZ.exe 2440 MEMZ.exe 2440 MEMZ.exe 1176 MEMZ.exe 1176 MEMZ.exe 2440 MEMZ.exe 2440 MEMZ.exe 1244 MEMZ.exe 1244 MEMZ.exe 1264 MEMZ.exe 1264 MEMZ.exe 4492 MEMZ.exe 4492 MEMZ.exe 4492 MEMZ.exe 4492 MEMZ.exe 1264 MEMZ.exe 1264 MEMZ.exe 1244 MEMZ.exe 1244 MEMZ.exe 2440 MEMZ.exe 2440 MEMZ.exe 1176 MEMZ.exe 1176 MEMZ.exe 1176 MEMZ.exe 2440 MEMZ.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 712 Taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
pid Process 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 5716 msedge.exe 5716 msedge.exe 5716 msedge.exe 5716 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe 656 msedge.exe -
Suspicious use of AdjustPrivilegeToken 16 IoCs
description pid Process Token: SeDebugPrivilege 4260 firefox.exe Token: SeDebugPrivilege 4260 firefox.exe Token: SeDebugPrivilege 5208 whoami.exe Token: SeDebugPrivilege 4260 firefox.exe Token: SeDebugPrivilege 4260 firefox.exe Token: SeDebugPrivilege 4260 firefox.exe Token: 33 6000 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 6000 AUDIODG.EXE Token: SeDebugPrivilege 712 Taskmgr.exe Token: SeSystemProfilePrivilege 712 Taskmgr.exe Token: SeCreateGlobalPrivilege 712 Taskmgr.exe Token: 33 5508 mmc.exe Token: SeIncBasePriorityPrivilege 5508 mmc.exe Token: 33 5508 mmc.exe Token: SeIncBasePriorityPrivilege 5508 mmc.exe Token: SeDebugPrivilege 1944 powershell.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4480 msedge.exe 4480 msedge.exe 4480 msedge.exe 5716 msedge.exe 5716 msedge.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe 712 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 20 IoCs
pid Process 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4260 firefox.exe 4608 MEMZ.exe 2604 mmc.exe 5508 mmc.exe 5508 mmc.exe 4608 MEMZ.exe 4608 MEMZ.exe 4608 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4452 wrote to memory of 3428 4452 rundll32.exe 84 PID 4452 wrote to memory of 3428 4452 rundll32.exe 84 PID 4452 wrote to memory of 3428 4452 rundll32.exe 84 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 2544 wrote to memory of 4260 2544 firefox.exe 105 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 2904 4260 firefox.exe 106 PID 4260 wrote to memory of 1968 4260 firefox.exe 107 PID 4260 wrote to memory of 1968 4260 firefox.exe 107 PID 4260 wrote to memory of 1968 4260 firefox.exe 107 PID 4260 wrote to memory of 1968 4260 firefox.exe 107 PID 4260 wrote to memory of 1968 4260 firefox.exe 107 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4452 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3428 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 6003⤵
- Program crash
PID:4936
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3428 -ip 34281⤵PID:3816
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4260 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f8016ce-529e-4d84-8ca5-913b8299fa42} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" gpu3⤵PID:2904
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f94cfec9-7e74-48e2-8b7d-1c47c3beb07f} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" socket3⤵
- Checks processor information in registry
PID:1968
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3028 -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 3016 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9ad15cd-ab2a-4fa8-ae38-1cf89b95a54e} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" tab3⤵PID:2084
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4276 -childID 2 -isForBrowser -prefsHandle 4268 -prefMapHandle 4264 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a9fff19-9382-4bc7-9daf-cf998391a79b} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" tab3⤵PID:2496
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4980 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4736 -prefMapHandle 4760 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e422ca1-0058-4d1c-b60e-6ca62244007d} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" utility3⤵
- Checks processor information in registry
PID:4996
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 5308 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6851351-ed07-4c4c-a8c8-95bc1edbaf32} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" tab3⤵PID:5444
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 4 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82493b72-b38d-4cc8-94cb-f2b23f08536e} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" tab3⤵PID:5456
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5820 -childID 5 -isForBrowser -prefsHandle 5740 -prefMapHandle 5748 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d1267f7-95b2-48a2-9a87-f2d73dfcc8d4} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" tab3⤵PID:5468
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 6 -isForBrowser -prefsHandle 5588 -prefMapHandle 5612 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cb93d12-d148-4225-9b2f-11d50b43a1d0} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" tab3⤵PID:6100
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6500 -childID 7 -isForBrowser -prefsHandle 6492 -prefMapHandle 6440 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ec69ec9-1e4e-43a8-bdf7-58aa32014462} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" tab3⤵PID:5384
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4556 -childID 8 -isForBrowser -prefsHandle 6776 -prefMapHandle 6624 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1a14da6-c413-46d0-add3-312aa9ead996} 4260 "\\.\pipe\gecko-crash-server-pipe.4260" tab3⤵PID:1512
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2392 -
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2440
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1176
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1244
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1264
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4492
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /main4⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:4396
-
-
-
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵PID:1036
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:1352
-
C:\Windows\system32\whoami.exewhoami2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5208
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2024
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3940 -
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
PID:4924
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
PID:448
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
PID:5004
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
PID:5576
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog2⤵
- Executes dropped EXE
PID:644
-
-
C:\Users\Admin\Downloads\MEMZ.exe"C:\Users\Admin\Downloads\MEMZ.exe" /main2⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4608 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
- System Location Discovery: System Language Discovery
PID:5948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4480 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x134,0x138,0x13c,0x110,0x140,0x7fff25cb46f8,0x7fff25cb4708,0x7fff25cb47184⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:24⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:34⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:84⤵PID:1356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:14⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:14⤵PID:4668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:14⤵PID:328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:14⤵PID:5512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:14⤵PID:3752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:14⤵PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:84⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings4⤵
- Drops file in Program Files directory
PID:1404 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff733ea5460,0x7ff733ea5470,0x7ff733ea54805⤵PID:3252
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5540 /prefetch:84⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:14⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:14⤵PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:14⤵PID:4076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:14⤵PID:4752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:14⤵PID:4908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:14⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:14⤵PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,3346633194000884709,2527633271388706402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:14⤵PID:5268
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real3⤵PID:884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff25cb46f8,0x7fff25cb4708,0x7fff25cb47184⤵PID:4280
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵PID:3308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff25cb46f8,0x7fff25cb4708,0x7fff25cb47184⤵PID:1572
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+20163⤵PID:1876
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff25cb46f8,0x7fff25cb4708,0x7fff25cb47184⤵PID:4932
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5716 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff25cb46f8,0x7fff25cb4708,0x7fff25cb47184⤵PID:1772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,5023832172964110701,8931620295032154804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:24⤵PID:3516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,5023832172964110701,8931620295032154804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:34⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,5023832172964110701,8931620295032154804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:84⤵PID:1116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,5023832172964110701,8931620295032154804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:14⤵PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,5023832172964110701,8931620295032154804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:14⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,5023832172964110701,8931620295032154804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:14⤵PID:2432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,5023832172964110701,8931620295032154804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:14⤵PID:4532
-
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:712
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2604 -
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5508
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:656 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff25cb46f8,0x7fff25cb4708,0x7fff25cb47184⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:24⤵PID:5948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:34⤵PID:5800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3036 /prefetch:84⤵PID:968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:14⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:14⤵PID:5140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:14⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:14⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 /prefetch:84⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4508 /prefetch:84⤵PID:1696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:14⤵PID:3760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:14⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:14⤵PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:14⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:14⤵PID:5348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:14⤵PID:5480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3820 /prefetch:14⤵PID:2816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:14⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:14⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5658523726008654069,7207462901505640840,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:14⤵PID:3008
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=best+way+to+kill+yourself3⤵PID:2656
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff25cb46f8,0x7fff25cb4708,0x7fff25cb47184⤵PID:6132
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend3⤵PID:4980
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff25cb46f8,0x7fff25cb4708,0x7fff25cb47184⤵PID:1700
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system323⤵PID:5212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7fff25cb46f8,0x7fff25cb4708,0x7fff25cb47184⤵PID:4136
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5956
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3476
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x320 0x4ec1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6000
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3156
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2280
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5676
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4296
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1944
Network
MITRE ATT&CK Enterprise v15
Defense Evasion
Pre-OS Boot
1Bootkit
1Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5a134f1844e0964bb17172c44ded4030f
SHA1853de9d2c79d58138933a0b8cf76738e4b951d7e
SHA25650f5a3aaba6fcbddddec498e157e3341f432998c698b96a4181f1c0239176589
SHA512c124952f29503922dce11cf04c863966ac31f4445304c1412d584761f90f7964f3a150e32d95c1927442d4fa73549c67757a26d50a9995e14b96787df28f18b4
-
Filesize
152B
MD599273f03a5f58a70702412e746d88776
SHA1df2de508c944c83801fd297fea000706f05a0dfa
SHA256f19ffc899a80fbd6cbd4abc1f7b6331c48487249efc9af06d2a04920b1fd81df
SHA512e9856868f1e8915a448e0efe64f0eee0a5124fa772ffbab8fac728a032b72f68ee719642af699f0952e6540472bcae35804928b5ff8f6fbd85ebbc481c2cb7a3
-
Filesize
152B
MD5e1e9c520945b22b2da8354818b80727e
SHA1dd41649f79dc603a40d40724d659f1ef57d46410
SHA25650c4d9bd0d680bfbc4fef2a97ca7d38b08d75abb76a113bc1c8301d4a3465215
SHA51212352c071ae60ccdbbec5399e5a991934cbfbc312b8225047d8c35bc88ed4064ac9e8a953e538551341d410448f12cee4162e5ec6a55d17de9f4e2888575fdce
-
Filesize
152B
MD55b270d3751166bb1136235c2618abc64
SHA131199e508347b1ccf197c168a27c0631996f1a90
SHA2563c3e42a691c7a5aa07b82b9bb25f149e948a77ddf0f23a5437d01590462c18c5
SHA5128ebd1679affb001f43899d0b279a4cb350c3f033455c58c92825e71e2715fd69bc72db8916bb78a10303f0b92b99e61bdccee53174fc5730ad74bd591744b00b
-
Filesize
152B
MD578bc0ec5146f28b496567487b9233baf
SHA14b1794d6cbe18501a7745d9559aa91d0cb2a19c1
SHA256f5e3afb09ca12cd22dd69c753ea12e85e9bf369df29e2b23e0149e16f946f109
SHA5120561cbabde95e6b949f46deda7389fbe52c87bedeb520b88764f1020d42aa2c06adee63a7d416aad2b85dc332e6b6d2d045185c65ec8c2c60beac1f072ca184a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4eccdd11-e64c-43a9-b5cb-d19f6cd76486.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
215KB
MD5e579aca9a74ae76669750d8879e16bf3
SHA10b8f462b46ec2b2dbaa728bea79d611411bae752
SHA2566e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf
SHA512df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD50f7ade032d0e724b57f52b7f28dcaa84
SHA19ea3ecd54cda06de100d808a4aba704c8c022500
SHA2562f3afcebb2485e65f4969f4b50ed08524ca4e71b8b2fab337474a82906ebd273
SHA512afe92db56a55ddfe2c5209dbaecaae7aecac480ad500bc00d1eb0e9dfb4d609e5fcd4edb54339db4418871b43fbcd62ad9650350c34b522ee3ae8f72b50d2dba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5b373425cf0f899a26a08a9fc91e6289b
SHA1d6f8f06af1a47289d1e27bf6dc1922902cd9f2af
SHA256a534ce39ef19f8c4b11d4af8f1eaccc6b1f24c15500d1ebc60522ce1284040f9
SHA512db3e06f1b84457b471bd80724a617b4743b5f388ed0544db2c4f5f6e1b2574811d3c4943cc96182b1a884eaebe2c196847515eab94bd9c601d15030a4a0f5de0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD587dbcbacc3e9c5cbf0d574aa314b264e
SHA17a852ecc07a17a2e3dfab15804a1c053d3ea587f
SHA25663b8bbbb61b89924b592389554bd508243455c206e163feb593041a44f2a0eed
SHA512bdd9e8bc8b7ac3b316e93a709b552c2358c549ea647b8619cc8b06cd6e2e0d6afe0425b867cb024ec12e2e5c33933ed30dbfcf6221ad229a1cde175038bb3c32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5b6e48596269a1adb7deb8492199ecfc2
SHA1d54fea49b6ff2418cb305043872264601272ab6e
SHA256615c5522d99cdcb484f6a0bcd06a3d5df72b9d762ada7b15556439e8c7fe09d4
SHA512cdebd37c420eb9a9e4f6097fdb042f22cdd76ac514664e0b804d67477da86b01a0a23af6466842edafbf924b7c43e8d311eaef38fd0254dd603e0ddc063257f0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD5a1c6e55057a5cd74b7af372d837a453a
SHA1421cbfe7e31029062769cfef625151f019c69ecc
SHA25694e7641be6e03e0b3354601e12587172df6877ac72e62c05d23419bbcd188e13
SHA5120b8215186d2ed39d233b1904e605f96b95dc8f9486e7a0ee1f960671c472749fc1f3a253b24e6fda01285d36221340f45254aca52f56cf329759c8224fbd040d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD58b4b1dab11cced442aad93b5d98559ab
SHA1f5e8c12edf788aeb5fc5db1776d76afcfcb9306e
SHA2562991c8e0b9f5e58da90aa88b7bf42d84ce1b3c0ffaadce59c3e7f021c269d6f8
SHA512b7ec6f82e6cd89939c78261983cd60c5f2124765ea17f9debffa16b44d3ab9678708913fc2f847be6dbfb439d8fd2fed797a7df69dad26d1f21add7df25f8354
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD57e2db21d83c2b67c49472833a0486a6e
SHA1a52261e03e666172bc919a0bb9c7a07023afa464
SHA2564fadcc0d853c24d6dab299830401606e5bad963801dbcb9fe3192914ff7e8e42
SHA5128ed009a768badd46b9876a5480bcd5208dbf2cd710ca246d5918cc7b3d68a1a229d7344daf8e8c73b93aac64321d24ede621339362ee3ae305e44a2a8c88446b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD5dd2f43429e55e21ae128dbf875ffb89f
SHA18eeb170ceaf6d94420cc141d52c81f538405c283
SHA2568c9a38a00e24878aba7e406e422071f8c5c6414470fdd4998473877ce1c8dc9b
SHA5128bc4c830c8be0fdf1455aeb201dea0ce6d3e3e5849befe9a80512068196d128ecafe9c451adefe653f4da413247606564c2525f169bace27814085df3959a48b
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
20KB
MD500832d91c892d0948f709f3ef28cfebb
SHA1b07473bd8fe4eb9655b072045f2dbf06742be0e3
SHA2564f5ee9dcf8a03c858f20ec80c3cc0cc83dc899e1cb55cfaaf4e63372d22b7e3a
SHA512e933658b7778fec7f29d36c1c5e8c21883336ffde014fc1792d9581d869262ad8d5b0e88cd1006420809f2bec66dd41718b5fc393e0792fa5a3fc85fd4c15c89
-
Filesize
264KB
MD5d0f66602c746feaf4ff9f417ace35b43
SHA181e3ac1615ec9914c2741f299619c3dbdc136106
SHA2562a8e2d336828768b7958a63a0a153ddfe5b6353adbb8d1cdcec5dc1ce8570d4f
SHA5121b56abcddda78695c143d30429ee6b6c4ccdb8b01b38acfcc5465257ba13d911be5d07ccfc72d508829251be69df69d95e9964a7fd90cb1e185d75213e5c9427
-
Filesize
124KB
MD5b1999e2c36a0b04a8a283d9016991884
SHA142e80a46f2f26aa28e54545c18c818ce8f3ea647
SHA256baec917d52ce9f8b8969c0e000b1bf5eca65d31d71d9497c6130e7c0fe477be5
SHA5129788146dfdc708144b29a9153477d654613a95f1716bba628de85279bca8384d63ad1b2a75a4a86246d518f74e3352c7f2a0598221660ddc2f094d1865b370ba
-
Filesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
Filesize
815B
MD5d933ec9d991d7b1cebc2720f530bec5d
SHA18b1ee407897eaea7561b8250cd9ecfc511ac2dd3
SHA256020bbb7e4d82a19976cf7a6e56867a8bac6442b2d597ae08c21e4ba4fe09bbb5
SHA51293eb863babd28bb4f09ced1c77dc93572646bd15de6bdd713abe3bba739345224670679cc2c661d51506e0e15f70aeefcc53ffbb938343c8ea77ba0c5bd6c114
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
909B
MD520e986b7e53013cb620e8ff6f48937ee
SHA1bf07ce19786e4b444f886de9852533999292aa1a
SHA256e97c1153850f5be608848d5679df3461d8014ef4c5f063cdb9b3c22f4c48f266
SHA512a70ad3288e5080943bef6158843135aa3a3322701acff8280139a906f3284bd2b51162c035b7577451bb041a4050ce3aab6708f2acf927156fbb662a774c3aea
-
Filesize
909B
MD58de6f1e4fecef7da06e882f0220ae831
SHA197584ac3b949ee9ca6a8d1f4047ee891fdaf1577
SHA256ba85b9b5a7f804a2f2abe95b10364914a98bd2c2e978283b045b73fd53420a65
SHA512606b6ad752e3d59f3ff9ffc55e38a99463d4d11c83f52c83eb97cfee76b14a77f3f66b8657894bfe3c820a3a0443defb8acb9d2afcde21cda7e16779a56a9279
-
Filesize
784B
MD590e564d6a59c3718dc726ff98884cc6f
SHA1f93d0a271bdf28061697186962da8f4d8eb56cce
SHA25655a3a64083b876116aae88a0bce50f976b961d1377579975e45cd55b2e28b256
SHA512041106f3595cf1589a7554b05525dce09fca4cc0771d2ca77a359d74b4249a9d78f90199616dbb64a6d9da46c30b0eb6693f0ff58da0b4e7a38c22367fb95eff
-
Filesize
5KB
MD54adbc0e377486a71a42e5c5e0f1248c2
SHA183c95259472912caf552835dde642485b2c50046
SHA25623d39ef2864931499707acef12a043669f355b13a7df3067637e8dddd18351e2
SHA512f070a849f7e68ff82dbda2dc591bf8bd394e9a66a2565a20eb4dcffa7c19a40e56d7e27ea9cdb8fb50d44715dcfc3bd0aa2b981dddfc28199fac0ce776e5b58d
-
Filesize
7KB
MD51236cca3f30a7d197c3ba19c63c780c3
SHA1caf7df0fef2c19508d7d2fca9fdb5634581444d5
SHA256c571461a8699b4539ed3c8f401ee0064b156088c16368e080834ed38dbc4974e
SHA512a40a4496fac65dcc0fb2e93682d8b2e07b615ad73a003b1a13e618045f6818113bcf5d9bdee406577f256a1da29f34ef8de8b83aa6b36938fe4e734a7e46542b
-
Filesize
4KB
MD54abbe317acddb3187df295696abf51b0
SHA19022e3c8d94d0c7accccd5ea8e6ceaa7890cb7a4
SHA25609314e57e92e8d80d00c06a9362795c56dddf3137461244e61ca5f43bd2dce41
SHA512b5bc593e02415a3396f14e41ea2da5d1a344d3b1a2dd9d394bfa3c74f4c381095dfcfe89649627952a913188ebfa7cb5517e559206a5595fc0d3cfdcbe10d8cd
-
Filesize
5KB
MD50408d84462f48a34999e932343d947e5
SHA1899f5a347ea067dddf3512e5cc317d97254ac2e3
SHA256980589b6d4034448c1fbf5c25637a5fe2ca9bab7e0358826fb400f1b9290430c
SHA51245aa5bff406d86e930fd5619fdce2d79f10f006462d979ad5f19872e9af0711edf6bc81d8e9ea47d820b14fa3e0eb8db4adfc9f1d163dc6deba8a04ec5c1a2c0
-
Filesize
7KB
MD569c571d2be0ec4d76452bfa31915fb69
SHA133e2af9f26d23e9f597e64d7bf599de0ddd80c0a
SHA25629cca06119c4e8c84a53f1828c332c2b4cb1cc7e0192f324502486e0c2b8780c
SHA512f4da1baf4fdd9a905d6d6274e65d5211fffce7997476e85381c6a160f6ca1658cb390fe6a6870da768cedb865550e60ccd442dda76d0013aae20cce870af6e13
-
Filesize
7KB
MD515092f942fe2fccadc9cacfa7839d357
SHA157259f972f41a607abf905bacf92b7ddfd17f214
SHA256e38683561fa01001f85a7b69785fb1bcb7278e01252c239479666ae9a7d7444c
SHA512f4659aee1935b610515fd06aa19703344c956af19031e934c36765968ff0a58312952fc8b94068d7abfa90a9ccd8070a019bc0a295c73988ad2f9d7f3bc9254a
-
Filesize
7KB
MD5f4249a754f4227437c91218ea5a2531d
SHA184139d8fe95f3a061d1ee9e3dd91d2c24293d1ba
SHA2563ebe8cbaab5399d8cb7b5fe14da2933625d36b2b1748c1db262672dacfdd3895
SHA5127185abcdaeb67e210e1e305842d7125ee2f0785e5109565d7345420a59d0939b98032955d29e63e9018ea898d147ea6d982d92874d9aa912ebe41c2d6973b992
-
Filesize
7KB
MD5ddd13010136cd91f84d530897bdf1f29
SHA1f3c0983390f453866cf93c296c0d004b38451032
SHA256b4fa10e1947ee364840cecf718e9675d474b1007b7246ff0f0371638a3bdd627
SHA512cb24323a29bbade14b6ea3137d71777cc05736537af9085c893c2e285fcc7190109432189aba31a07cbaeee04bf840854681fcac4b3a4c2a8c8d0f1dca03bc2e
-
Filesize
7KB
MD51daa9a36b1ce0f657e6d8d74447bebca
SHA1663286a9c0973cf6e04366cd833d96d9b25efc30
SHA2560549e5c8dc8646bfca8c4a1e63867a646da08cfbd179a4b604739955b306de9c
SHA512165ea97a3e02f5ed71859828496b6e609712cb36b938d454b123928c7784cb51690a3ed821a44d1e27cb9ea2f6a4c6477af56ada18940b06a295be30a1b55692
-
Filesize
7KB
MD58e9a87cc75a875dfe0aa0728aa96dc0a
SHA1052308ad7a0b621d376e7fe2019293d848269961
SHA25673185a7d5229b27a588e1940d037581fbed3673f1599b223d2928a167babfd4c
SHA5123a1365177d7a20e8454c1858713d9c616642e188f1d9197e8e7a8963bbd2bd042e5b8d4f0dcb46dfa5ce585c3e0c2d1bf178e183a0a5c6a52db431114e3dff8f
-
Filesize
5KB
MD534e791933d9e350c98e390abaab17351
SHA1ff1b9605abd8eada48063f527bfabbe012583794
SHA2565e6620e7bc4b20a587354383f6b4308750144cab06fbd998f3161588df6d53c2
SHA51239b3debb032b413778d9b5585572c2cb51cc61319ab6c64952557465a57eb840574afe5310918726d307fb9ed90b49bd4b03bf6038d51c748aaa269464374d88
-
Filesize
7KB
MD5a99cb6bd4d4797eea75db51b787c54ce
SHA1ef1905cc14b0e3066594d22d449745d2fde27831
SHA2569171ee1b87e28f3fa9b779b50407b5617df1c16f34d2c877088b69807b6b6032
SHA512b9d8b4917f650e599cbc0118fffa84bc8ca3f653b81a85b63dcae5ed707c47d6c6812b16a6ba558b9da1b08004c26dbe9827a797dc639b27c54533b087f1c139
-
Filesize
24KB
MD59010fe212d7da97a4e9cf63a903ee7a4
SHA18f124a736d045eea3c50a9597d18c9af8b128e28
SHA256c2956b77f9af9f4d79e0198d8a7e0a5b6f880b4d597dfeee25a3f56c05d11834
SHA512f763ab3261592107fb19b7d6134c7f4d02e921258b1c72f1e0c69a95ee8ed9cc20498259a279cca9648bbd213a5234b965a9196865d465e1f975ee9242e36326
-
Filesize
24KB
MD521320325bdfc20c6f4e4d136228fc9c5
SHA17e96950811d7ddbc1daeb7341ddb9768980bf2b5
SHA2565e7ac2b978206a07d8b1841a2bd89eae4b466bcd8a0df3a62ae2ca0439b8bd5e
SHA512ee78316d5b8edffdc83e3431bdbd28ae05a481d2a445ddf3b7c58bf0f01c6c42aead46a4d91e7fc75519a5ca8a7e2bab78749d88476c7a2fa0a25e8b3592bd43
-
Filesize
24KB
MD5ba4ae8c34ebc5c0521a4f3da50ba2675
SHA1695080ca597f6a695b336153a84bca15aebf6586
SHA256529c7ba1d60056ce94192564dbed9ee6e1495b5c7ce3332db1c92b1cd36bf29c
SHA512dde34dc07db3a63ea93ea77a2d2636b6b5c0d165a03eacb68f96f303c86613fd9f3369d4f0fbf8b81907d0a388f6988142cf2881e43be3ceda29744bad26d334
-
Filesize
5KB
MD5fbd4decc6506deafcdbca79c4d37dc77
SHA160883dc6cf2752aec4a244bc7cfe38c49c59dcdd
SHA256fb988fef6a400380e06039719821c994e28042b20cf06310471e342b76813705
SHA5124811065d171599ba07e090580bd3c99474a3e73bb79fd8ecb049fecaa5bb3933e3fae10c899bb3482a890972b94652f5098de10eafb52bb67c77cc898ad36493
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD51902c5b27d6ab186feeabb026ce066da
SHA1588cd0b18d9a40542ad16e2dda2a49321495d4fd
SHA2563598d94db59292bc1ec2ea0971bf0de6dfb6481bec0750031996102ba898cd83
SHA512bd12c0d4b78715982f53cd381433ece8804fc165683433c1af5ade8b2bdb64fff44147b207f81c33343a6c4c66cbad339dfec7f274106a95d565e9ee876256bb
-
Filesize
350B
MD5693c39b1d11a6a892925c869d9a13da8
SHA1b9210bac59173f087edcbd4f267af5b19f2aff9e
SHA2567fe5992c555d4abc4a1ed91ac53c2b6f1833bb69a1af0dbc16148c57c307d8a9
SHA5126c54c48c9b0b0887d9c5fc5b1a6780d47f7316e3066e3eb4fd2aa7609c4ce79a87f7da330dc060763fb4e44db2bef04560bbb1a922fad7e7b491fa4f1ac8ecf0
-
Filesize
323B
MD5d088ca5cf16cf2076d66299f64e13a5e
SHA13d2fc857d70804e3f04e6b5adb9c78c658d84351
SHA256ae07a11371d3997278d91e635860a39b9ed845ba6a951cffcf7cd96b56faf795
SHA512d7ec2e6742e38ffca61241a8861d58dbd0d4972b024174046009d185fb0411a7cc5363984cce2e090c0966603c41b38611f83c1dae747ca1db864d183316a564
-
Filesize
20KB
MD5f44dc73f9788d3313e3e25140002587c
SHA15aec4edc356bc673cba64ff31148b934a41d44c4
SHA2562002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7
-
Filesize
128KB
MD5009162eae08e49b0d2ee6aaf36a8cac2
SHA1f18f63a56327278b763561e1656587a311f8fbab
SHA2566ec282f2e7aac120593ca2e5e77adf55608530a03822a370cd3256dd2518f4a7
SHA5127462a0af8e6072998d3bc478bb379bcd9ece7b95885a4481c35c68b7aed974aefbc1530f8bf009f4c926ca0d31b1dc9ee200645bc9938304b44cee9b356beba3
-
Filesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
44KB
MD5fdcb0b92c7fdf2e90ad6ba1eea2a79b7
SHA1f92de6200a4420d773fe10cb9b0471afaa1dcdec
SHA256568d7668a634aa92ae0b57ecb33643102651116699e673d99556b05b38d190f4
SHA512e0203b4e419b680e46ab628e64f6361dc2c91942daead40c1b1083e9c5c39b82b95dd7036b71e74d8b6afd280bd4d0c4647b61ce7d6a6c9416feaea879987b86
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
11KB
MD5445f27fb3026858e4b19ecb8e827facc
SHA1341a4f05d522d834aeb15b14bb3f430dd97f1eda
SHA256cd61125fe7e75f62958b70cf6670cf207925f7f1806c494f84076c0cb3b4b7cc
SHA51230e3141dded6f80771f0e9840f68bc0d2a14513ff105d2d4568049c6703c16797304f96fd9e8588764e2e67f7b498ad099fc954a331ff73478aea26d8713634e
-
Filesize
8KB
MD5d00d61b27592791dbf285adf83560730
SHA15eb7dc432835a4c76d73ab5a8c2c298e8ec07a85
SHA25625abdf66b98eacaccd51a17f0d789c683d26771cbacac0641d70b081f8a65acc
SHA512e2510ef66ad332a9ef95bca9f4d7b7a169b3cf9bcb024be45b12d20ee03a4fc86038d1bd73272c4239eef14442fa0e5ac1408ea7f86aadd7d98276c9f8714c45
-
Filesize
11KB
MD5fe6959397719c4914c7c72737741c483
SHA1fae32db9aed1d8821e20efa5f1156c95106dbf30
SHA2564fb46369b014412c7294dcb5ae0c1d99d1dd6d2a025d3a1e61cafe86b5ba491a
SHA5120ce54e9325b44f89e3e4b10e23da30d15177d0049a9b2d45770deceb915a1938ee0a6b948b9d09f5e799376d9f99dc271b7e4f6a3354689801f28682d9f8e027
-
Filesize
11KB
MD5ac89eadefdcb6adf210fdf9d7c9ad5b2
SHA10fe4c4388ff5b80ba5ff8964ab48875fe6632c4d
SHA2569b0025e5a2c4b2621d81094d9f37c095858392954770b7779ed0130a79b38d5b
SHA512d3bb5370efdd1cab27cada366948766842ebf804ac1d7a24694b3073c005dbd92904c01da8780ce5600c019d01b61d1ed0c8591e527451f9023aee8011d5da92
-
Filesize
11KB
MD522551d6225d80faafa47f6ef9e883e28
SHA1be3568f5f9ba1601032319b073d692480b4be6ac
SHA2563228c11caf964a57cc709e8176407d052ec6f1fe29af662a4126b6aa5f020345
SHA5120fd088d8353d5314f6c043f60287ff79569956b5277ec38663e675641ecf6484c2dd072bc7c71a3f78d22dffb6c712e23680468ccdc86d0a7080f606bf2d9961
-
Filesize
11KB
MD5856b8946216d78baaa74c1a1128f7cca
SHA1485b89e4b74a4807eb57a2da39fd3f68a29deb38
SHA256c42e36a348292ce828a0eb7c37626a93992358f81175ce80870a64eb5ba9aafd
SHA512f7b938a2980c3e0b74a92362dbc2e3de4bf443ae1ec1009187b95310b6fb395a215716bb34bde3aeb34393134ed75835cacdd0f263004232f591bf8f70d673f6
-
Filesize
264KB
MD5e073823fa3d858271a5db71384d11a2c
SHA1d7cbede1f0209d81fd878a5356495ea73fee150f
SHA25668538997f99330f75f0619d4d3b7281244ea98b0f321218d690fe6484ad3cc5b
SHA512b4d34b78adad0f20d7c1b698e7b6209ce168d09fda955249f00502e85f78f13826158b5332297bb089c7a1f6dd95a6ee2f290ef525991ff4489534e7a8ca0578
-
Filesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
Filesize126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
Filesize
40B
MD56a3a60a3f78299444aacaa89710a64b6
SHA12a052bf5cf54f980475085eef459d94c3ce5ef55
SHA25661597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f
SHA512c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468
Filesize57B
MD53a05eaea94307f8c57bac69c3df64e59
SHA19b852b902b72b9d5f7b9158e306e1a2c5f6112c8
SHA256a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e
SHA5126080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0
-
Filesize
29B
MD552e2839549e67ce774547c9f07740500
SHA1b172e16d7756483df0ca0a8d4f7640dd5d557201
SHA256f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32
SHA512d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982
Filesize450KB
MD5e9c502db957cdb977e7f5745b34c32e6
SHA1dbd72b0d3f46fa35a9fe2527c25271aec08e3933
SHA2565a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4
SHA512b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f1lggfg7.default-release\activity-stream.discovery_stream.json
Filesize22KB
MD52f2375105a7ece379932f15cb95b021b
SHA10cf6258102b5a5c898d8aea6d907a5136b09e286
SHA256c1e85ca55a999e380f41cce71eeec45563cc0aaf7e05af395dcfc128226ce8ec
SHA512ac5e691aebf842ef06794f755c8662f2c159a21c2009deebf65bb146bb70060a9000fdfb926753cb0bb8fb391f0617656c93c0e5ee35b5aea258b1f896b5b6e7
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD54ab25867d713f35c06e25a198dd283d3
SHA16364e8f22ed6b8d991f1527fce917587aba098e5
SHA2568e52da2083fa87008e1376b832b736ade7dc82e029fba94b424d3b71186616a2
SHA512afeff938ab44d8b324902db423ecb89a1db58e29c55aa99732e03838575e09a83413f069798566e12c0e2b3d44ee0e5e57c66052da23325464f5987adb4f0ff5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD52671cafa968b0814b699859d37e4ad20
SHA1940079608fb2ddae24133e8ab95dd59e72dce0e9
SHA2563a04511e1a9cd29e6bd35d5a54828d70bf8ca583984d2cdf689d7ec7852609ce
SHA512aa7801d29eac09fd137ed2cff16512481655ffe104978f37471450bdb44daedf11d56b51155b0e15c4c89b3cf5e88a6b98481965b2d34938d4d71e402efd8b9d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\AlternateServices.bin
Filesize11KB
MD53d7694bb5d9abbdb186b9d43a7836804
SHA144fc67b5f4397fdc4ce5563ad039c862f3ec4cba
SHA256b14aacea9be13b7e79be3e315883e9136472c4c4a9f7cbad9d0f106c4232d756
SHA51299890d899c41b847f083fffc41cf2642a9c8e7239d8fb502e42a6cd0107dd2410c8a3cee02ed780c7a6a76603b6fe1dfc4686b413d31dad106ebb92510fae107
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\AlternateServices.bin
Filesize13KB
MD5a3426d9dd2f568ab9dc31c5ee6affeba
SHA1c4f6029f63f8572bf79d847e0028b52bb329da81
SHA256549ee5683578f2f3f4f968811c1833e714d6f2ae1a3da7bbe2b2dd41bc0f6c61
SHA512d976594777da4547d028928faf00173992ec2f669e78f9fc983299773ede2c80b0df07eb0fbc5fc99a3974884a4426a2b63b257dd76c7c716c9b6339af412e3b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD51f9e4d4a17b1dfe3242e2660ed894e7b
SHA1d16c7b7275e2422931914f4fa205f0a47c20d34f
SHA2569c0b1f2ff2c6d7e949e0f6f2963dd2f7186d283c09181a7929d4c8bc0f2e489f
SHA512da2ef15c5345c2566f9e8deae1eec68c84ee77b036b29f27c0acf871a9af7a7b71b0ad71340aae5c97d4fd7338d1ccf6b0963635208be011c650a9ce3e3cc646
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp
Filesize33KB
MD5ef26699509d73c257a5fbeba24c6b9c7
SHA12edfc4766a4cc86bdd4480184d70518170d2c22d
SHA2569c2b33ddd7c46141b92f322beea30c63b7586154bb4f5520a8cf032f7f80a402
SHA5129849545ca4947861fded588cd714784d3187de13cd33a3e8a16c1a757fa117f0b455bbacf35faf4b7d85227de43abbd6668fdd09e0051439416f2a44dc21c589
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5c6b3a4d00c0c8711990f2b65821c4cce
SHA1a5585f2eb9bc06e981a1c65ce143626a59806dec
SHA256b02cee59e495378ec816cb1533e2d633d21de94c12340b2233addfef1fcf7634
SHA5123e0ab37133f27771aecbbfbbd34143b9e212fc6584c7e59eedaae0589f43cebe91af3e133bc7ed963b82a9c378bffff814146ee791b10193c86c9d41188e01dc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD5c0301e2b9a4e194c355bb662a670bc03
SHA14ad39ef3dd207d2dd0f8c2f8fe9d2f74430b6668
SHA2560c03839f1aed5c6beef1caa9ebc09686ed6a366081a95397a332640eb88f1a78
SHA51214420f5e079c2b0af83bd0e754fce8e78fb264f54edee179fe972e9f5a51e2fe904fd926ea93904baaa979a7a4a82727b20aaab4e4a5cd89cb31fc9f7fa85107
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5d396cf55abb7a0ee415efe6d59bd84a7
SHA1ca82e27b7e7c2e35c57ffd689f72bbf4acf02b30
SHA25646eb4bcb12faf447f4eec6db7fabd8c1efd6d10efa80e78be0fcd28f74367f81
SHA51223f1f15ef42dfef87bb000e15c7b703cc8707f15839ce600f5b1ee061d90e0a886591cda84d6db5e3e329960dea3d5f976deb97eebbab0abaa8441134f644ad7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\170551bf-c64f-462a-96b6-b2c372c2eac5
Filesize25KB
MD5b459791327beb2858767bee94bb0096e
SHA1cb1b1f89a1eeabd13c577516787cb665f7e63cc6
SHA25677798e690c12b9794f5c2bc9d3b74310f34615c5612a1f16d3c9e91297369a1d
SHA51263f6f9e433e555540f2df9973083d963a61ecb314b4313dd666c7dae03499cbefd53500de99a8db3fc5b87176995e0c96efd7599289fbaae56d4c5cf11ebd06c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\492b5f98-e95d-45df-af37-85aa93c82b4b
Filesize671B
MD5f4ee4f1661614980a1b561c215daae6b
SHA14e39ce44e1deaf5005da1e2f79c7e717a17ac293
SHA2566205931565f032775d3c98e7331e41b4ddd58994277114719f13f49544fbecd4
SHA51208c17948bb87cf5363d2d837ea74cbea1dff2c8da6d686fb1d9e4e32a4200c4186aa3467ec39fa6d26a83e7c05440ed956a232e2de3355309c9d53e5fc7ab158
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\92466561-c456-47d6-a3cf-aa51fa1e2e4c
Filesize18KB
MD50f4143e78de5ea722f545af7d47e981c
SHA10fa93961332f6ff5ff058ab2f24b8a9b3b3239e4
SHA256b42f5cb0eed52013aa1ff1ef6edfec48cc388da68acfd5d77e93ccaf21c645e9
SHA512d4329e75d8f521dc0cbcf22add8adbaf905188ed82f58240df053074541cd205e6bf4b4691b58011544bfbfae785ea6d87a941524209360001577fdf10325974
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\datareporting\glean\pending_pings\e2f44200-4905-481f-89ed-ddbbaf1b4288
Filesize982B
MD5f17782e8bc4ab658663333f7d2de8dde
SHA13600a05fd99742e0725bf1988ce36f38fcf7684f
SHA256a03766d623511b2d9433f5df89270aba0456e3104997ca5eb4c1bbcb4a167c7c
SHA512e05499a37b992d4b27d004f141116007d6bc06a478f69b110595da3ca5402fe057bcc5d000ef51a85fcd6616d84f49817696e783f2cbe1b10106374894b579f3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
12KB
MD58f47f696907d2b361d09258718ddde16
SHA18df3821b0ec49b1b0a5a3b7365c7524330e57433
SHA25606413978b22b1c03abe530198681e39d7147f08d3b1ef17b970f3b5cd000c06c
SHA5125bff6273fca2868bd8a2f50340cd28fa5f8b1c230a18dd300a0afa09274a7473f1aef381f448fad69bcbb0f05dab700f516204c2b3ea233fc77af6962166c37d
-
Filesize
12KB
MD558b8ab233d8333b41792793f2825b065
SHA1aed4a3f0f249432c58f24e8a2f617b4ee96651b8
SHA256ff89446543a33d045a8e02efe322197cd771f7e7d5fa816b6236c30ae3aa2f4f
SHA512071c2b475e12940a09c0431b1e4aa52d6e45730c2b325f6d5763d9e2d8b90ae12a3e1c1066d4150132b7c3debd66a60a963e962d5bc76fcf7cd5e049ce28d97a
-
Filesize
10KB
MD541658908981435b279b8f53204eb11a4
SHA1a4a9729db562cd216a1e1bdf1692be3d046e1533
SHA25627571e81a308065d9d68bf10f5c9f812432874637e43fdb51cab8af1e1249fe5
SHA5124a5ce747b5d92c085ecad4317f8976b67ff7abc0843d34ae16572861fcd6c7c22c7f3efe261cc54d5c149f62a349f3e2ef923694d55d266230b78a33fc225f39
-
Filesize
11KB
MD50a9e23ea3b1c2d3a85ce183b926725ce
SHA1962ad66d22961237790b936c114ab559137ab512
SHA2565644e9d5188bdb98c998dad4dc593d87a8c238b3fb0d4ff7f04406aa2759ceb3
SHA512c2215ef28201782097742a730c05d155afab3a0245ebc7d6d9c4382a53ee4b5aff7eca399829f80b1918209b73067693891927c03d3868e1413e690f8fae5a4e
-
Filesize
11KB
MD505c949a906b339d4de7c6c2581b0aca2
SHA1022e1f930113772511f2fd74316f564e72187bbe
SHA256491046c4cfea78c46f9ff4b03512f04fb82325818739113f1ff13aaf3877195c
SHA5122935385b7f237eec88d23fe63143661f7ea07e001fa8b3f04f0fb1f92b4890c7ec46fc64a813b2c4e93236196c2d3058dd6c5fb0629c76b8fed8059e8fbf7c79
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4
Filesize1KB
MD5d58a2b3bb57155e7b2093882f01b60b2
SHA13ee861a98131be0bed10f3edc3cfa1005979a1ce
SHA256c108d7a6de94c4d9fbb3c1f8087e87645ee9917026fa439ab0cd3790c93ea1fe
SHA5120269113ec0c3886a098f7734dd0944ae30e23dbcebbb701c02d08408a82439b30d5cad4ff37f2aeec545035c572d82dbde021fb56265ef0ecb0081158ab700e7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4
Filesize17KB
MD571e3d186066c997302214f5d04ba5224
SHA160a0def01182fb9715c439eb99b599a5bb7a4678
SHA2569328580fcca405e181601b3d7da164bcc08d19e374eb6fb6c8ef3835079b16da
SHA51252f2f6345ca65e3b8029da9c47194f40d47cd3ce9a7bd67f577b066a3f85c6e946acc90288da6986cf183502da6b895d0334c3b4a4224c12bdd681f8b7a76abd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4
Filesize17KB
MD55498d8139b1d5cd2acb8081170e0975b
SHA1cfbdaedfdb7302a1496e94ad1c109fb4a5a2bbb4
SHA256514665f0fb8dd4affec87677739387362a4d52b229d88cfc0d31fbb5c52269b7
SHA512242651b092b26659a55828b7bd9fa02b8588d4a45b19abd7c27090899a44ad8d57d7b90bef1247383cabcbbc0f5ab68ebdc8b0489f98c73cc1bf40d4a4793c8b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4
Filesize17KB
MD50c808a47d877785c12fdd214da18dab3
SHA1d6cf3802c289b7f8f649bbcf4208dcfbf65b5b19
SHA25646e37b078505403d93402fedad1c893df2f04b7ddbd6614171997ab98a034471
SHA5126e591170dfb6a846478b6d8c540ce2328b663a9729e4f3f3589ea2a08498bcfbc6944065f84ae03f4a5bc11f35f16064555494ad4564334d41411a797902c60f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f1lggfg7.default-release\sessionstore-backups\recovery.baklz4
Filesize4KB
MD5ba0cded6a631720f447f4ba075f6014a
SHA1348f2f4d70129b801ee16d5601167f0693c930d5
SHA256a5f07afcf90a078a0a0ca5795cda4bd8644e65c23fd5842a6b85abd30a0b688e
SHA51279d09c2fe95dc1bf50d678c9224dc032f44f95221344dc069c660383f25153e0be329ba4e630778611b040887fe2f850f78f0dc1cf9ce792bfdcf84fa48d5f60
-
Filesize
16KB
MD51d5ad9c8d3fee874d0feb8bfac220a11
SHA1ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA2563872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf