Analysis
-
max time kernel
220s -
max time network
239s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
02-12-2024 17:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Worm
Resource
win10ltsc2021-20241023-en
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Worm
Malware Config
Signatures
-
Modifies WinLogon for persistence 2 TTPs 1 IoCs
Processes:
Fagot.a.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "C:\\Windows\\system32\\userinit32.exe" Fagot.a.exe -
Processes:
Fagot.a.exedescription ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Fagot.a.exe -
Adds policy Run key to start application 2 TTPs 3 IoCs
Processes:
svchost.exedescription ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\status = "present" svchost.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\winlogon = "C:\\heap41a\\svchost.exe C:\\heap41a\\std.txt" svchost.exe -
Downloads MZ/PE file
-
Manipulates Digital Signatures 1 TTPs 12 IoCs
Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
Processes:
Fagot.a.exedescription ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CRLs Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CRLs Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPeople Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\CTLs Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\trust\Certificates Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\CTLs Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\TrustedPublisher\Certificates Fagot.a.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Heap41A.exedescription ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Control Panel\International\Geo\Nation Heap41A.exe -
Executes dropped EXE 13 IoCs
Processes:
Fagot.a.exeBumerang.exeBezilom.exeNople.exeNetres.a.exeddraw32.dllddraw32.dllMantas.exeHeap41A.exesvchost.exesvchost.exesvchost.exesvchost.exepid Process 5512 Fagot.a.exe 6000 Bumerang.exe 2036 Bezilom.exe 3848 Nople.exe 2764 Netres.a.exe 5996 ddraw32.dll 6124 ddraw32.dll 1324 Mantas.exe 4532 Heap41A.exe 3204 svchost.exe 5992 svchost.exe 5644 svchost.exe 1680 svchost.exe -
Impair Defenses: Safe Mode Boot 1 TTPs 7 IoCs
Processes:
Fagot.a.exedescription ioc Process Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc Fagot.a.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power Fagot.a.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys Fagot.a.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc Fagot.a.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend Fagot.a.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager Fagot.a.exe Key deleted \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys Fagot.a.exe -
Modifies system executable filetype association 2 TTPs 16 IoCs
Processes:
Fagot.a.exedescription ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\PropertySheetHandlers Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\PropertySheetHandlers Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\DropHandler Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\DropHandler Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\tabsets Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\{00021401-0000-0000-C000-000000000046} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\IconHandler Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open\command Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shell\open Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\IconHandler Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\OpenContainingFolderMenu Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\CLSID Fagot.a.exe -
Adds Run key to start application 2 TTPs 3 IoCs
Processes:
Mantas.exeBezilom.exeFagot.a.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Manager = "C:\\Windows\\system32\\winmants.exe" Mantas.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\StartUp = "C:\\Windows\\Maria.doc .exe" Bezilom.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\dllhost32 = "C:\\Windows\\system32\\dllhost32.exe" Fagot.a.exe -
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
svchost.exedescription ioc Process File opened (read-only) \??\i: svchost.exe File opened (read-only) \??\k: svchost.exe File opened (read-only) \??\l: svchost.exe File opened (read-only) \??\p: svchost.exe File opened (read-only) \??\q: svchost.exe File opened (read-only) \??\s: svchost.exe File opened (read-only) \??\t: svchost.exe File opened (read-only) \??\h: svchost.exe File opened (read-only) \??\n: svchost.exe File opened (read-only) \??\o: svchost.exe File opened (read-only) \??\u: svchost.exe File opened (read-only) \??\y: svchost.exe File opened (read-only) \??\g: svchost.exe File opened (read-only) \??\x: svchost.exe File opened (read-only) \??\z: svchost.exe File opened (read-only) \??\e: svchost.exe File opened (read-only) \??\j: svchost.exe File opened (read-only) \??\m: svchost.exe File opened (read-only) \??\r: svchost.exe File opened (read-only) \??\v: svchost.exe File opened (read-only) \??\w: svchost.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Modifies WinLogon 2 TTPs 2 IoCs
Processes:
Fagot.a.exedescription ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName = "COCK_SUCKING_FAGGOT" Fagot.a.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AltDefaultUserName = "COCK_SUCKING_FAGGOT" Fagot.a.exe -
Drops autorun.inf file 1 TTPs 2 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
Processes:
svchost.exedescription ioc Process File opened for modification C:\heap41a\offspring\autorun.inf svchost.exe File opened for modification C:\heap41a\Offspring\autorun.inf svchost.exe -
Drops file in System32 directory 26 IoCs
Processes:
Fagot.a.exeBumerang.exeMantas.exedescription ioc Process File created C:\windows\SysWOW64\regedit.exe Fagot.a.exe File created C:\windows\SysWOW64\systray.exe Fagot.a.exe File created C:\windows\SysWOW64\wuauclt.exe Fagot.a.exe File created C:\WINDOWS\SysWOW64\userinit.exe Fagot.a.exe File created C:\windows\SysWOW64\progman.exe Fagot.a.exe File created C:\windows\SysWOW64\alg.exe Fagot.a.exe File created C:\windows\SysWOW64\bootok.exe Fagot.a.exe File created C:\windows\SysWOW64\ctfmon.exe Fagot.a.exe File created C:\windows\SysWOW64\dumprep.exe Fagot.a.exe File created C:\windows\SysWOW64\MDM.exe Fagot.a.exe File created C:\windows\SysWOW64\wowexec.exe Fagot.a.exe File created C:\Windows\SysWOW64\dllhost32.exe Fagot.a.exe File created C:\Windows\SysWOW64\userinit32.exe Fagot.a.exe File created C:\windows\SysWOW64\ntoskrnl.exe Fagot.a.exe File created C:\windows\SysWOW64\ntkrnlpa.exe Fagot.a.exe File created C:\windows\SysWOW64\chcp.exe Fagot.a.exe File created C:\windows\SysWOW64\imapi.exe Fagot.a.exe File created C:\windows\SysWOW64\logon.exe Fagot.a.exe File created C:\Windows\SysWOW64\ddraw32.dll Bumerang.exe File created C:\windows\SysWOW64\autochk.exe Fagot.a.exe File created C:\windows\SysWOW64\chkntfs.exe Fagot.a.exe File created C:\windows\SysWOW64\shutdown.exe Fagot.a.exe File created C:\windows\SysWOW64\recover.exe Fagot.a.exe File created C:\windows\SysWOW64\services.exe Fagot.a.exe File created C:\windows\SysWOW64\win.exe Fagot.a.exe File created C:\Windows\SysWOW64\winmants.exe Mantas.exe -
Processes:
resource yara_rule behavioral1/files/0x002900000004529f-906.dat upx behavioral1/files/0x002a0000000452b5-1174.dat upx behavioral1/memory/6000-1764-0x0000000000400000-0x0000000000410000-memory.dmp upx behavioral1/memory/5996-1768-0x0000000000400000-0x0000000000410000-memory.dmp upx behavioral1/memory/6000-1770-0x0000000000400000-0x0000000000410000-memory.dmp upx behavioral1/memory/1324-1771-0x0000000000400000-0x0000000000413000-memory.dmp upx behavioral1/files/0x00280000000452cf-1865.dat upx behavioral1/memory/5996-1874-0x0000000000400000-0x0000000000410000-memory.dmp upx behavioral1/memory/3204-1876-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/5992-1885-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/5644-1886-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/5992-1888-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/1680-1889-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/3204-1884-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/1324-1936-0x0000000000400000-0x0000000000413000-memory.dmp upx behavioral1/memory/6124-1939-0x0000000000400000-0x0000000000410000-memory.dmp upx behavioral1/memory/5644-1942-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/5644-1943-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/1680-1945-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/1680-1944-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/5644-1948-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/1680-1949-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/5644-1961-0x0000000000400000-0x0000000000486000-memory.dmp upx behavioral1/memory/1680-1963-0x0000000000400000-0x0000000000486000-memory.dmp upx -
Drops file in Program Files directory 64 IoCs
Processes:
Mantas.exedescription ioc Process File created C:\Program Files\KazaaLite\My shared folders\Christina Aguilera.scr Mantas.exe File created C:\Program Files\edonkey2000\incoming\Microsoft Windows 2003 Serial.txt .exe Mantas.exe File created C:\Program Files\gnucleus\downloads\crack.exe Mantas.exe File opened for modification C:\Program Files\morpheus\my shared folder\broken.jpg Mantas.exe File created C:\Program Files\Kazaa\My shared folder\hotfix.exe Mantas.exe File created C:\Program Files\Kazaa\My shared folder\Microsoft Patch.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folders\PerAntivirus Crack.exe Mantas.exe File created C:\Program Files\edonkey2000\incoming\Brittney Spears.scr Mantas.exe File created C:\Program Files\gnucleus\downloads\Nero.Burning.Rom.Install-halo.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folder\Grokster.exe Mantas.exe File opened for modification C:\Program Files\limewire\shared\lesbian.jpg Mantas.exe File opened for modification C:\Program Files\limewire\shared\cum.jpg Mantas.exe File created C:\Program Files\grokster\my grokster\XBOX Emulator.exe Mantas.exe File created C:\Program Files\grokster\my grokster\serial.exe Mantas.exe File created C:\Program Files\Kazaa\My shared folder\AOL Instant Messenger (AIM).exe Mantas.exe File created C:\Program Files\gnucleus\downloads\serial.exe Mantas.exe File created C:\Program Files\icq\shared files\help.exe Mantas.exe File created C:\Program Files\limewire\shared\cdkey.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folder\PerAntivirus Crack.exe Mantas.exe File opened for modification C:\Program Files\gnucleus\downloads\blowjob.jpg Mantas.exe File created C:\Program Files\icq\shared files\Registry Mechanic.exe Mantas.exe File opened for modification C:\Program Files\morpheus\my shared folder\mantas.jpg Mantas.exe File created C:\Program Files\Kazaa\My shared folder\install.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folder\Windows XP Service Pack Cracked.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folders\serial.exe Mantas.exe File created C:\Program Files\icq\shared files\GTA3 nocd crack.exe Mantas.exe File created C:\Program Files\edonkey2000\incoming\diablo2.exe Mantas.exe File created C:\Program Files\icq\shared files\DivX.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folders\winxp serial.exe Mantas.exe File created C:\Program Files\icq\shared files\kazaalite.exe Mantas.exe File created C:\Program Files\limewire\shared\Christina Aguilera.scr Mantas.exe File created C:\Program Files\KazaaLite\My shared folder\Norton Antivirus Crack.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folders\hotfix.exe Mantas.exe File created C:\Program Files\icq\shared files\Nero Burning ROM.exe Mantas.exe File created C:\Program Files\Kazaa\My shared folder\maphack.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folder\XBOX Emulator.exe Mantas.exe File opened for modification C:\Program Files\limewire\shared\mantas.jpg Mantas.exe File created C:\Program Files\limewire\shared\setup.exe Mantas.exe File opened for modification C:\Program Files\limewire\shared\child porn.jpg Mantas.exe File created C:\Program Files\KazaaLite\My shared folders\install.exe Mantas.exe File created C:\Program Files\icq\shared files\SnagIt .exe Mantas.exe File created C:\Program Files\limewire\shared\winxp service pack.exe Mantas.exe File created C:\Program Files\morpheus\my shared folder\PerAntivirus Crack.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folders\Kazaa Media Desktop .exe Mantas.exe File created C:\Program Files\gnucleus\downloads\Trillian .exe Mantas.exe File created C:\Program Files\limewire\shared\Nero Burning ROM.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folder\rom.exe Mantas.exe File created C:\Program Files\edonkey2000\incoming\DoomII-Install.exe Mantas.exe File created C:\Program Files\gnucleus\downloads\DVD Ripper.exe Mantas.exe File created C:\Program Files\limewire\shared\Msn Hack.exe Mantas.exe File created C:\Program Files\morpheus\my shared folder\winamp.exe Mantas.exe File created C:\Program Files\grokster\my grokster\Direct DVD Copier.exe Mantas.exe File created C:\Program Files\Kazaa\My shared folder\DoomII-Install.exe Mantas.exe File created C:\Program Files\Kazaa\My shared folder\Norton Antivirus Crack.exe Mantas.exe File created C:\Program Files\edonkey2000\incoming\command.com Mantas.exe File created C:\Program Files\limewire\shared\GCN Emulator.exe Mantas.exe File created C:\Program Files\KazaaLite\My shared folder\install.exe Mantas.exe File created C:\Program Files\edonkey2000\incoming\lesbian.scr Mantas.exe File created C:\Program Files\morpheus\my shared folder\Msn Hack.exe Mantas.exe File created C:\Program Files\morpheus\my shared folder\ftp.exe Mantas.exe File created C:\Program Files\morpheus\my shared folder\1000 Games.exe Mantas.exe File created C:\Program Files\gnucleus\downloads\cdkey.exe Mantas.exe File created C:\Program Files\gnucleus\downloads\Mp3finder.exe Mantas.exe File created C:\Program Files\gnucleus\downloads\rom.exe Mantas.exe -
Drops file in Windows directory 3 IoCs
Processes:
Fagot.a.exeBezilom.exedescription ioc Process File created C:\Windows\NOTEPAD.EXE Fagot.a.exe File created C:\Windows\Maria.doc .exe Bezilom.exe File opened for modification C:\Windows\Maria.doc .exe Bezilom.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 1992 5996 WerFault.exe 196 -
System Location Discovery: System Language Discovery 1 TTPs 12 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
Bezilom.exeNople.exesvchost.exesvchost.exeFagot.a.exeNetres.a.exeMantas.exeHeap41A.exeddraw32.dllsvchost.exesvchost.exeBumerang.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Bezilom.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Nople.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Fagot.a.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Netres.a.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Mantas.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Heap41A.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ddraw32.dll Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Bumerang.exe -
Checks processor information in registry 2 TTPs 10 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
Fagot.a.exedescription ioc Process Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor Fagot.a.exe -
Enumerates system info in registry 2 TTPs 64 IoCs
Processes:
Fagot.a.exemsedge.exemsedge.exemsedge.exedescription ioc Process Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 Fagot.a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 Fagot.a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000 Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2 Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController Fagot.a.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1 Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus Fagot.a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key enumerated \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus Fagot.a.exe Key deleted \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS Fagot.a.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0 Fagot.a.exe Key queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0 Fagot.a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Processes:
Fagot.a.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\Software\Microsoft\Internet Explorer\Main Fagot.a.exe -
Modifies Internet Explorer start page 1 TTPs 1 IoCs
Processes:
Fagot.a.exedescription ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3495501434-311648039-2993076821-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "www.blacksnake.com" Fagot.a.exe -
Modifies registry class 64 IoCs
Processes:
Fagot.a.exedescription ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C093CB63-5EF5-4585-AF8E-4D5637487B57}\ProxyStubClsid32 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4CA8A94F-6526-4B64-923E-89244AD356BA} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C038A-0000-0000-C000-000000000046}\TypeLib Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.obj\Shell\3D Edit Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C0379-0000-0000-C000-000000000046} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B1AC486B-FEB5-4F91-AB5A-674BD3C93FF7}\15.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\MSTSWebProxy.MSTSWebProxy.1 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Charset\windows-1251 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9B7DE9A9-BD59-11D2-9238-00A02448799A}\ProxyStubClsid32 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{D7FAC39E-7FF1-49AA-98CF-A1DDD316337E}\ProgID Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.mlp\shell\Open\command Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.3ga\shell\Open\command Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{0B580D11-A02E-380B-A0F3-38F026E0A0F1} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Charset\cp367 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}\2.6\Flags Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{305106E8-98B5-11CF-BB82-00AA00BDCE0B}\TypeLib Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.tta\shell\AddToPlaylistVLC Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.dv\shell Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\audio\shell\Enqueue Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{BED7F4EA-1A96-11D2-8F08-00A0C9A6186D}\2.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00020811-0000-0000-C000-000000000046} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C0312-0000-0000-C000-000000000046} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{7D29BC4B-8FBC-38AA-8B35-ED4539A1CF8E}\4.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Windows.PrintDialog_cw5n1h2txyewy\SplashScreen Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{000C0399-0000-0000-C000-000000000046} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{00000507-0000-0010-8000-00AA006D2EA4}\ProgID Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.rec\shell\Open Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{FB066093-3DFF-4C61-9AE6-6C76C635FD55} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{87A9A6EE-10D5-41C4-BD53-FDCA6EC7E139} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Microsoft.MsoASB.RemoterTrusted Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.OPENFolder\DefaultIcon Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{1C72E0F9-FA29-3C15-ABEA-794E2D17834F}\15.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.avci\Shell Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{FDBF0369-D278-3320-B9CE-0E0719380C0F}\4.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Package2\protocol Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{27634814-8E41-4C35-8577-980134A96544}\ProxyStubClsid32 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{15b32966-4c46-43dc-b10b-9256c2616409} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.bik\shell\Open Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{CF74C856-E2F7-33DD-8E45-D8C0F8FAA4A5}\15.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{9B957340-ADBA-3234-91EA-46A5C9BFF530}\2.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B5E8C11D-EC7B-491B-96E8-AF57A773EED2}\15.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{B47743D0-B1EC-3BFE-944D-183B51D50FB5}\15.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{852C7D42-794F-43CD-A18F-CD40E83E67CD} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\InprocServer32 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{000209F5-0000-0000-C000-000000000046} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Windows Media\WMSDK\AudioDecode Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.669\DefaultIcon Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{8F6D68FF-81A4-3F8A-AD32-8E8DDDA7FC41}\2.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\MIME\Database\Codepage\50225 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{00000205-0000-0010-8000-00AA006D2EA4} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B3B9F9D0-EBFF-46A4-A847-D663D8B0977E} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{3050F3D0-98B5-11CF-BB82-00AA00BDCE0B}\InprocServer32 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.tts\shell\AddToPlaylistVLC\command Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Record\{E9E3CB7C-052B-3808-A4A1-1DDB096DE50C}\15.0.0.0 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Slide.12\Protocol\StdFileEditing\Server Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\E2A4F912-2574-4A75-9BB0-0D023378592B_10.0.19041.4239_neutral_neutral_cw5n1h2txyewy Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{e4dc9cfc-f462-5afd-856d-04ace229d00e} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{CBA61194-67A5-59A7-A551-544F81088916}\ProxyStubClsid32 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{A7224B82-30F6-497A-BE79-58E991488B67}\ProxyStubClsid32 Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{35D02186-5127-5E8C-B130-B37AAFBB9545} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\.jxr\ShellEx\ContextMenuHandlers Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{120d7198-1ddd-52dc-9279-510cb58ef581} Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\VLC.nsv Fagot.a.exe Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\SystemFileAssociations\text\OpenWithList\WordPad.exe Fagot.a.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeidentity_helper.exeFagot.a.exepid Process 1512 msedge.exe 1512 msedge.exe 780 msedge.exe 780 msedge.exe 2884 identity_helper.exe 2884 identity_helper.exe 5204 msedge.exe 5204 msedge.exe 1764 msedge.exe 1764 msedge.exe 5948 msedge.exe 5948 msedge.exe 6056 msedge.exe 6056 msedge.exe 5608 msedge.exe 5608 msedge.exe 5760 msedge.exe 5760 msedge.exe 4388 msedge.exe 4388 msedge.exe 6124 msedge.exe 6124 msedge.exe 2348 msedge.exe 2348 msedge.exe 3488 identity_helper.exe 3488 identity_helper.exe 384 msedge.exe 384 msedge.exe 1432 msedge.exe 1432 msedge.exe 5428 identity_helper.exe 5428 identity_helper.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe 5512 Fagot.a.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid Process 3816 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs
Processes:
msedge.exemsedge.exemsedge.exepid Process 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 1432 msedge.exe 1432 msedge.exe 1432 msedge.exe 1432 msedge.exe 1432 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid Process Token: SeRestorePrivilege 3816 7zFM.exe Token: 35 3816 7zFM.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid Process 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exemsedge.exepid Process 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe 2348 msedge.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
Processes:
msedge.exeBezilom.exepid Process 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 2036 Bezilom.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 780 wrote to memory of 1532 780 msedge.exe 81 PID 780 wrote to memory of 1532 780 msedge.exe 81 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 2684 780 msedge.exe 82 PID 780 wrote to memory of 1512 780 msedge.exe 83 PID 780 wrote to memory of 1512 780 msedge.exe 83 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 PID 780 wrote to memory of 4384 780 msedge.exe 84 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
-
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
-
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Da2dalus/The-MALWARE-Repo/tree/master/Worm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:780 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe958c46f8,0x7ffe958c4708,0x7ffe958c47182⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:3504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:12⤵PID:3736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:82⤵PID:4404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵PID:1636
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff75f7b5460,0x7ff75f7b5470,0x7ff75f7b54803⤵PID:1760
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6024 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:12⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:12⤵PID:452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:12⤵PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:12⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:12⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7200 /prefetch:82⤵PID:5476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵PID:5516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:12⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:12⤵PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:12⤵PID:5728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:12⤵PID:6028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:12⤵PID:6136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7988 /prefetch:12⤵PID:5304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4312 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6952 /prefetch:82⤵PID:5280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7288 /prefetch:82⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7268 /prefetch:82⤵PID:5888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7832 /prefetch:82⤵PID:6072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7204 /prefetch:82⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7284 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7240 /prefetch:82⤵PID:5724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7268 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2096,16976546278546291791,14850972279974968838,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7132 /prefetch:82⤵PID:2608
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2132
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe"1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2348 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x128,0x150,0x7ffe958c46f8,0x7ffe958c4708,0x7ffe958c47182⤵PID:5784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:22⤵PID:1424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:6124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3016 /prefetch:82⤵PID:5692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:12⤵PID:5600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:12⤵PID:5444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5524 /prefetch:82⤵PID:4124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:12⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5968 /prefetch:82⤵PID:5548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6004 /prefetch:82⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6016 /prefetch:82⤵PID:5460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6028 /prefetch:82⤵PID:5704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6536 /prefetch:82⤵PID:1624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6012 /prefetch:82⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6560 /prefetch:82⤵PID:4384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,14855146833647003152,13877907157220606512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3488
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3008
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4044
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1432 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffe958c46f8,0x7ffe958c4708,0x7ffe958c47182⤵PID:5940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:4316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:4120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:5436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:12⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵PID:576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3536 /prefetch:82⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:2136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5388 /prefetch:82⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5740 /prefetch:82⤵PID:5408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5752 /prefetch:82⤵PID:5488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5764 /prefetch:82⤵PID:4184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 /prefetch:82⤵PID:6076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4200 /prefetch:82⤵PID:5984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3452 /prefetch:82⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:82⤵PID:6052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,8706649277601257692,9357058679618839208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5428
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2672
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4408
-
C:\Users\Admin\Downloads\Fagot.a.exe"C:\Users\Admin\Downloads\Fagot.a.exe"1⤵
- Modifies WinLogon for persistence
- Modifies Windows Defender Real-time Protection settings
- Manipulates Digital Signatures
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
- Modifies system executable filetype association
- Adds Run key to start application
- Modifies WinLogon
- Drops file in System32 directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:5512
-
C:\Users\Admin\Downloads\Bumerang.exe"C:\Users\Admin\Downloads\Bumerang.exe"1⤵
- Executes dropped EXE
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
PID:6000 -
C:\Windows\SysWOW64\ddraw32.dllC:\Windows\system32\ddraw32.dll2⤵
- Executes dropped EXE
PID:5996 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 3603⤵
- Program crash
PID:1992
-
-
-
C:\Windows\SysWOW64\ddraw32.dllC:\Windows\system32\ddraw32.dll :C:\Users\Admin\Downloads\Bumerang.exe2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6124
-
-
C:\Users\Admin\Downloads\Bezilom.exe"C:\Users\Admin\Downloads\Bezilom.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2036
-
C:\Users\Admin\Downloads\Nople.exe"C:\Users\Admin\Downloads\Nople.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3848
-
C:\Users\Admin\Downloads\Netres.a.exe"C:\Users\Admin\Downloads\Netres.a.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2764
-
C:\Users\Admin\Downloads\Mantas.exe"C:\Users\Admin\Downloads\Mantas.exe"1⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in System32 directory
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1324
-
C:\Users\Admin\Downloads\Heap41A.exe"C:\Users\Admin\Downloads\Heap41A.exe"1⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4532 -
C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe"C:\Users\Admin\AppData\Local\Temp\MicrosoftPowerPoint\svchost.exe" MicrosoftPowerPoint\install.txt2⤵
- Adds policy Run key to start application
- Executes dropped EXE
- Drops autorun.inf file
- System Location Discovery: System Language Discovery
PID:3204 -
C:\heap41a\svchost.exeC:\heap41a\svchost.exe C:\heap41a\std.txt3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5992 -
C:\heap41a\svchost.exeC:\heap41a\svchost.exe C:\heap41a\script1.txt4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5644
-
-
C:\heap41a\svchost.exeC:\heap41a\svchost.exe C:\heap41a\reproduce.txt4⤵
- Executes dropped EXE
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:1680
-
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5996 -ip 59961⤵PID:4388
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Privilege Escalation
Boot or Logon Autostart Execution
4Registry Run Keys / Startup Folder
2Winlogon Helper DLL
2Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Change Default File Association
1Defense Evasion
Impair Defenses
2Disable or Modify Tools
1Safe Mode Boot
1Modify Registry
8Subvert Trust Controls
1SIP and Trust Provider Hijacking
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58d047c096b2fffac5d2d4a156c135946
SHA14858e6cfc3e5fea64f885260c9152682de97f181
SHA25607de1a0937485a56de61ae80e2e51cce10574c3a3a1a2d15c403546404b5c8e3
SHA512ec140ce2f6112df09c21bd013c199fa916839f22e367bb3a56127cf8e17f43d371a73049cd0d885e09f5994b412ae1f687bad5aeb120ce1bd6ba1c5711c748d8
-
Filesize
152B
MD51dee980583329005043f1a073b2ff6aa
SHA142fbc8720575f511dcdc3a75e8622812d4c79656
SHA256fde9345b527f8ee6c228d17c7b8269d8860e7dc8175ddcf8661bfbd94a612dab
SHA512cdeae1245dd3f96b260220713a468d09d54ad0429d1af2289363fb42f0c7f65a55c8a367a2e1ab5734b36b70128d9e4f763dfd6bc4532498e3cff921dfaf5e17
-
Filesize
152B
MD55bdcd0f5ee2754ca209c281e4ffe8f5d
SHA1d5e2ca73f3f561993d6700d4d9ea0296199523a4
SHA2566e65f3804a58ee222e0f2409dcea7af542acf05550ae9566cc0a680b8a5d4db5
SHA512e136bb1dbf9508adebbb6da6d88620e350f3e26872c75ea5ff0dcdce6d28477990d0ea3088e7940795f9ee0f6bd2eb78a539c17494a61a65073882e29428719e
-
Filesize
152B
MD55d9c9a841c4d3c390d06a3cc8d508ae6
SHA1052145bf6c75ab8d907fc83b33ef0af2173a313f
SHA256915ea0e3e872d2b2e7d0e0ca30f282675139c787fec8043a6e92b9ef68b4f67d
SHA5128243684857e1c359872b8e795a0e5f2ee56b0c0c1e1c7e5d264c2c28476e9830981bb95244f44c3b2ed334c3e1228f3d6245cce2f3d1f34cdbce8e2af55b4c85
-
Filesize
152B
MD5e87625b4a77de67df5a963bf1f1b9f24
SHA1727c79941debbd77b12d0a016164bae1dd3f127c
SHA25607ecc7bd328990f44b189112a1a738861b0f4528097d4371e1ab0c46d8819f4e
SHA512000d74220ba78628b727441c1b3f8813eec7fc97ff9aa6963eb2ab08d09525fa03935b32e86458c42e573b828a22b0b229af02b47eee511dc83de4ed3b5e726b
-
Filesize
152B
MD50903db66b25c8761bafaf4584cc2538c
SHA114824b188d7a2cd2e2ff17fadb86638dfacb93d2
SHA256fcdfe286ed1200c211ebf2aa2ae900ebb04f64f69a9e30a8c879088fb9a3daf2
SHA5128780a9e4bdcdc3aa1de68521afc70b4e04699fa9a20d48c473966f7bba4050591711e07d4e0c5e3923a2006dd36897d2f1198f01aeab152fb58528ff4f05c8db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5a0e34b5-f816-40dd-b6b7-be61d3020fd2.tmp
Filesize1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
44KB
MD589d857c4b258286a8013c7ed345e640f
SHA158e04120c332c798f53ff62207335f6452f43804
SHA256302d3916288cc7914aa4781a74a6543ab48fd53864b4d2f62116e62a98ae5005
SHA512d6d0534d3a8986996fe5f1b647c221fd137cda9b9f41a4ac9a2502c42e5e9f9207dd34a35a736a9536bbdde7c941fcfc01c1354457f53896ae4565c2864fe4bd
-
Filesize
264KB
MD59ff50966bfe0d17202185977758aa1dc
SHA18c25c94dce7be892fc1813ed6b117dd5406a2f53
SHA25645f614f57066b145520304198f84508dd421601d04dd85cdc8931ff2aadbc9b4
SHA51204ca1f434766d9fd516018e08f4b2ccdb640224f14a6b957a3c14a2cbdb9c6745456d36be7ee056f86db193c4f1ef23741259ca46a0483f53b07dd58aa06ee46
-
Filesize
20KB
MD5dcc13e096885e2192da2ddae75ba5b26
SHA156bf42f76e81ebdc98f418788d239e7fef36326a
SHA256dd359fd72402c351b879f263e6fd703008e6d641776ee6bb46a853199173f725
SHA51215a357ecefce6278417d0d7dd6359a39882178226dcae1bd6514594837be7fde8773fa944c35764cd0f6cbeb43303158a5cb0aef9e9445718eb6cc49b10676da
-
Filesize
37KB
MD5a6dd8c31c1b2b06241a71e43a49a41a6
SHA1dc871c551fa802ed8dfcc0e754b3d4d373fddd88
SHA2560def324bda1cf4872a205e006d8fd6aafddb19880c1678bf66f18b304eeda99c
SHA512f3437729f25077e830e5381e4468ce8222dc893ece8527159721f07e5f85977acde921af3d47ae07ac9f35e3ad06ae06faaa23d715a207d76ba6746c55aeddbc
-
Filesize
38KB
MD54a6a239f02877981ae8696fbebde3fc9
SHA15f87619e1207d7983c8dfceaac80352d25a336cf
SHA256ac546e02b937ee9ac6f6dd99081db747db7af6a4febf09cbe49e91452d9257b8
SHA512783cf2ae4ba57031c7f4c18bdac428a1074bb64f6eb8cef126ad33f46c08767deeac51917bef0f1595295b9f8a708cb297b7cf63fc3f7db0aa4ac217ce10f7cf
-
Filesize
24KB
MD54b3e8a18f156298bce6eda1280ff618d
SHA1c929ff9c0cb0715dc5ab9fa66a469cb18106ed0e
SHA256eb8429f5918f8dfb14c7f8b32620f3516303c812869e9e8d1059e759a1550b49
SHA512e51a54976d11fe25486d35ba92f99b8de28222a7dca8c272dfc43d8f0bc1d34b6259797fd5a7aad9c1553c0881772875ba90e7d99f6175d16ffdd00586fe8ba3
-
Filesize
18KB
MD52e23d6e099f830cf0b14356b3c3443ce
SHA1027db4ff48118566db039d6b5f574a8ac73002bc
SHA2567238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717
-
Filesize
38KB
MD5f6c1297fae3fc10f55d4959d9dc771ce
SHA12df076464b94b7b06d771f3ef68e7a1403ec3d82
SHA2569aa5a405e664c215a315b794668de2faf252ee0bc0694596d82a1c0e91564ae3
SHA512d0d3e4a6fda2f9abb60d05befceaec9f1dec9d5dd4a31df5eeb94f0c1c545cfdbf70b862d0340a460e6d0cc62b8df16d3ea839683fa534c67030e70a181659db
-
Filesize
59KB
MD56f70a26c82d4b5552c25449ec9818dcd
SHA153597fdbd4e5d42ed15d7b6683cf251dbcdfe690
SHA256ed100f2dad52246b6d2d7e463eedc2bcceb2db39ef695014ee507eefe2175f77
SHA5128d6f9ccd89f3ab05f3723fcb1535437dd5317f55c7af608d18fedfc761befef48c935a66db1dd83c4f3677bfe8c1c9b25ea59f04815f79fceb47cfed6a896e3a
-
Filesize
53KB
MD5cfff8fc00d16fc868cf319409948c243
SHA1b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA25651266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA5129d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b
-
Filesize
88KB
MD576d82c7d8c864c474936304e74ce3f4c
SHA18447bf273d15b973b48937326a90c60baa2903bf
SHA2563329378951655530764aaa1f820b0db86aa0f00834fd7f51a48ad752610d60c8
SHA512a0fc55af7f35ad5f8ac24cea6b9688698909a2e1345460d35e7133142a918d9925fc260e08d0015ec6fa7721fbeae90a4457caa97d6ce01b4ff46109f4cd5a46
-
Filesize
19KB
MD5923ab2519b04aea8cba5847f455b1f36
SHA162c1484e3932dd60bee7aa0b745c677bda617524
SHA256f7e6eedbd48abc94e3a45b163d4a383109ea030c44d79087f696cfb0ab6c0564
SHA51290a7f94d71372ebaa918513252b0df68a760c63f471609fa45d8b5b7ce48ffa9d36302f0dd0fab0564567c913a33a1e078687e687ca01fb6e6b26b47c0ff8575
-
Filesize
65KB
MD5e81f055c10892eddd3fd973596e9a9ff
SHA1a2c3296382a43100657ab17189b88c25cc97f185
SHA25622b6db87c201ca14929a599b51f2b0f6d72c62c0fd4d19498d83ed6982b96165
SHA512bb8fed8a8e15b3c7f30dfdbeba23dbf33d0190a7920010a7019f1f870d30ace937ba63031a30f217f7a9da4552b1878a8b372a1b05c3d97470c6b0ccc248f055
-
Filesize
101KB
MD59a861a6a772b86aaa2cc92e55adf3912
SHA185156e7eaf0d3bff66bd6119093610e8d9e8e5d2
SHA2566e7cc83f3b23d5f48bafdd934321de60485eb8d9ced04c6299e07dc6bcbc0d1b
SHA512b0a051e2e703227a55674fe235a97643ab1478af2384a5a974605cdd0e4ed79916d65e2adf61d19f59779da920699e74ac72cce05ec078f22f9b6678c5022a26
-
Filesize
19KB
MD55d3fcef203db1b268099c036c99d2c00
SHA1c430cec145006131ef1408e832b98499880dfe8a
SHA25630949228cfa1131893900d7c3f7bd6f7b1b07abd64b51fd913809145b367e82e
SHA5121fac46d1905de1fdb9681638d33589b4eae1f285722942c08161787b5078cb59a51d64bab8f31c2db884baabbdc7d52bd08d16ddc9dc524beca5190c66b13415
-
Filesize
451KB
MD54f30003916cc70fca3ce6ec3f0ff1429
SHA17a12afdc041a03da58971a0f7637252ace834353
SHA256746153871f816ece357589b2351818e449b1beecfb21eb75a3305899ce9ae37c
SHA512e679a0f4b7292aedc9cd3a33cf150312ea0b1d712dd8ae8b719dedf92cc230330862f395e4f8da21c37d55a613d82a07d28b7fe6b5db6009ba8a30396caa5029
-
Filesize
1KB
MD598e764fe0885aacdad92585310f8321c
SHA1760f38737deb54570aed936d6edcf87faaefc773
SHA2565d199dd0040b17e50b62c54efcdde4225d0684d1ed8b602e479863179b4158b5
SHA51297b3dd0d12c49342d537c92991ef1909a73f28a2a131f7d74f58776e56a40c46c9ba030c0690a1bdf1ff60d1e65affe89b51a6b40b408494428b4443b4484dec
-
Filesize
7KB
MD539e20a79de52da682d10493834c17482
SHA1d65dda648421226d6efb6f206f3a521e7a8ce96b
SHA25649fdcf96c0eaf4f9f73b355f0afcab885fb5f7f9c23fd973421184f270f1ee8d
SHA512e168d61a0c523f11921b634173a91020f9866e4aae3b3516d9afa1ef263c826cf92133cc02041f02474791faf846c7d2d9107778fbb8fa74296580915bf72f66
-
Filesize
2KB
MD5629de6ac6a4fb81cd34ca384fd80327c
SHA14d8a33f52d68813e59700c99557fa76fa68bcb1f
SHA256d6dca52547eb0bc6b008e25723753e3b60aabf24c42103d75ffeb7c64f93154b
SHA512ed0c7772ba913ef24beb32e17162b6fbfe78ffda36877d2d0a2f2a671d7f2c01fdc4a671b3c929a26ee565c07a09894ea4702fe6ec9180409c67fd1188d11c82
-
Filesize
1KB
MD5f2307e48529aabdbed6110038a82b6d8
SHA1dfa434306b046cbff6b2d9618260050b2c832b10
SHA256c4620326685c32012e5982513558cc8b4671fc9051dd18923b97e12317adc3ba
SHA512b262b544ae3e921d486cb19edf0db2f07a666ff1791cf8053b7e1b41415916d36ec5c3eca46bc6bc7c08e36b8f0f0c1fb8fdd12d19074226cb436776ca9361df
-
Filesize
2KB
MD567a222c979e219efa07001e0bf7ceaa7
SHA11ea86d7a022a771de4978de711f9dd6aea36b263
SHA256f20d93a76133c62e36d936e0d9554bab62c7464a4d5f29a2f7bddad292d5fde9
SHA51279e70046b67fcc78e8c3a630dcf37c1386bfa9446f4299f81a2dee0750281d2d5ab65ababa2f61e0f183af804f4f569f44f42fd49e3b3841025abaaffe13d850
-
Filesize
5KB
MD5868636d760ce428935aca2ef2366ed9f
SHA1d3f66a0986ccfed851398c25a654cf1fc18480a6
SHA256b9f4b38f4964bc8ccf6d64cf1d7c3abf3bc4f75b8201be6ef5708b70f5a9549e
SHA5128fb025f4012eb5a8157dcd97f005fa0433f467515c5208c3f6f0043ed867646dc3099a4a70f00429d326f8039ce24b9ed86ce46e1acdc634a005c73d5888c3c2
-
Filesize
1KB
MD51ef1733a28fab0fe9cb7d28d31376a9d
SHA180b5bb643bcd5d1a5f04cfba05ad79c88b26b30b
SHA256899732c214c72687eb0d75f3e334f4044f29642ee18f84d19d695cad3b378619
SHA51289db009842d6aa8f80fe4630bc0f443b04210aa5a7c3b2f63402c38ab4b148607877559264d577b479687a1c175722564b79a6d01cff1381c49d14e3b0cf1773
-
Filesize
1KB
MD590cef60504ba9d9d10301d7935df289b
SHA1130bcc865a6ade8f0f12e91163413bf380a7a48f
SHA2562994bb17ca61e07772c0ac6dcdce07d973f2bfb7ddb3458fb6b22f643464e3d1
SHA5125a351c5d17d17995f46a27b31a3145f3033200865d7f96375f735c14acc4be2b9ca04505b934c23a7363f9adae728409e662d895af6afd58fc9c34fe45228711
-
Filesize
2KB
MD5498a9ba37303351fba5176afc0181291
SHA120c5bcf7ba378cea2dff210d6ac89595349fb3d3
SHA256d9332315fd79535bcaffbee1519a67ca34bbf28ff4c71d1c72852c1c11d1bac9
SHA512fa8b1b3c16a935ec5c75d61aa8aa10b10a755da1590a35a93043e8383acc424968c40041e69dfef0ed1759d7debad9c832db50a789489768b3f5498b369b0e12
-
Filesize
1KB
MD5ac6f924bf8ac4670ce38c8128daa54bf
SHA1fb2104015a5ff06d792ba73ccb1330fcbda94605
SHA2566be84440298410b19f333269e4ff1ca607208a58fd862bb11890899068e67a38
SHA51200a7a3e948890e47ba91c2846af6a32984f6b398b26a669a2795b166e38a1455265bdf22e2807b53ee6119cccaaccf857e973bd15257f20c07c0554d36f21bb4
-
Filesize
1KB
MD584493e93c79c517bf5fda967b0790147
SHA17598b54815484e6e35c186660f66e0659bb3da3b
SHA256d4b4dd509dfa4f8740c445457baa166e99678fa53f205d59bfbcd8ea81d361a2
SHA512920b897848ca648ad9bb47770f934db2efd4be386a776a451d1fc515d082d7bdd5922fc57d1faeeafb8d94a09f6d2b844724e71294d02557ca6b6f05b7240133
-
Filesize
1KB
MD555ef7a42ab4997d5ee8de561783cc5d0
SHA112668fe939705d9af8940f9d344c4fdcd565f97e
SHA256ac6c5aae60eb4904a48450259de28ce50b518c8db18e8f2f244293beb7d3c12d
SHA5121cd9764d16771a2d61ac383985b51594aa490c90af55cdb2253934653267a68cb5ea2866818b304b8a798fa29a4964061091f6af5fddfc61569352d4e9bb609b
-
Filesize
1KB
MD50ef9dc29e65306500aea33de5a131d20
SHA1a70a77b3526293141b3e044c4b0c2b7f09397f72
SHA256b2f24a65ad6be5558094dbb4e82a648953c7e635d57e6707189bf40fdcb45cc0
SHA5127bd2323e4a93bfda35a7859f3ea7a257b8571f4b73af8f25ebefd805803b5c5200e7070350f0a3cfa549c7aac81501f440c65f7952e04f5db174c6f497f1cf0d
-
Filesize
1KB
MD5fb9dbf62ec1f9c711e06b4cd2c06dda9
SHA11af0fe6d982a94f9969a414bf890872d69a1a3d4
SHA25613b967cce557a4ff14d43b743a68fbc45316aa6321e8ca8a903ff999718edd2a
SHA512419096995f0d2c0beab7121d99ba588281e45482b8937795c93564b8cdb251b2ff86d5716d095a6e09e0b8059984b23624ab58c79b9982ab3496ac190398ff40
-
Filesize
1KB
MD5a80ac0f8a47dc955f49ae176982a0901
SHA1d6a107008ca7196d3cb410e89f1170601e543aba
SHA256c1ea650f6f81e4dc8ce0389580abe468eb225f3a7fe18f1662f0c656f59246bd
SHA51264fa579a00bbbb099d94b1400e068cef4a5530feee7a303e9bb52e6d128098b805f2deae68952c5856e1773a75cbcf9b372ae93ed2d8d71d1e8680d04019665f
-
Filesize
25KB
MD5c05c9f0e50d3f870b5c9bbc510a55330
SHA1a150ebbec002fb6d5c564f2f20c8ecdb97d54106
SHA2562fbe62a060acc3692832cbc5c0be802ad13b83df8b79c38692cf064ff8e581e5
SHA5123eb9085f0c8cf2dda7f5238a2f08e769357f202ae870e365ef0c37ca62a6cac7be3133ffbe41831de4ad237be1a249ecc69212d6882decbfad81c88b44b5a4a3
-
Filesize
1KB
MD531ca0c72a5c9970d506ace0baf97f0a6
SHA1ed565bd368c83c6109825aa82db8eafa77af2478
SHA256506a75e86ea2747dc060de6c84b43fe33b6a1ba4299eaaf1ff45d1a238725f85
SHA5122b49a236b61cbab47d13d7964f187b44bfe8d7d75a21ba01ddebf778e433f5f90ad47871b98a84e36ffcbecf88c20529f9122a6dd758999941dbdb3598195add
-
Filesize
6KB
MD54f33b5e25310a280ca7f64dc42851d90
SHA1378dde3e2a6bb04238ebf61d7f92dc05e46f4a88
SHA2567ffb9fa3e33ca842f420ea517da36ee5e58c145ba5836f56ff399d15deb5afa9
SHA512d97ec9fdb28a2c39ec165adaded2400cd3322803f71b6083ec372a8dd049e4cdb94112c994cbd5ba8bb4f02665742b2b7e89d6c1c082036a5a7bd342d202ab86
-
Filesize
19KB
MD503a531af4431c8357cc8f32c968358c3
SHA17e1638880e0d515b1138b289eb8f8efc486ccc92
SHA2564921c03482ae1b0792a77ee5649fad3abd28b2b6fd204cfdf420eb148ac52261
SHA51229c112d213fbe2808b5c71d22a01e4a1489e01be464d09aca1ca2475df8901b71a10100b63e9052cb48334d09e2b0ff2b730b65a0eae14aeac00277fe3c895d8
-
Filesize
1KB
MD5f995b8b4387fe913649b58606e92789a
SHA165dc3487ef0ff3b745e84abac4f03c42da16db29
SHA25633d422327dffb6eea62b58a2aa402e19b7e151cae924da43d80c0300c08c49e2
SHA512338e8c3af6b3a6753982f404b1b93c47a7652c5009b67fc97a066e9be7769a87d29707308ffcb78da38be534e9433220a968639971accb627df34b74380d7ffe
-
Filesize
269B
MD55f070c4bd6de7c5a9c70f65772012162
SHA1ff593f5fe868649613754657830b4be0f0abc90f
SHA256eb0d20348c0f916ca5b400d65141bf878e00827f42d6e64bfea7ff5500a753a0
SHA51283ef916991b9905a0ac3e9292cced70cac605cf9303719b75b88ae3d024b84440d1e3f875ded92f7486a77ae9f44681047c9d45d79544d27465bbe86ff463923
-
Filesize
2KB
MD5ea6fc03809e83a92dd9d6f7db28f5dbf
SHA195698d51b3e2da627aeb20559ea2f439726eb21e
SHA256d5cb9032f407f881034b5d58f1904b60414f61744d676f03925e871ce3e08b5f
SHA512fa3793ed3848b04159d1cf7ed077e4451873505f72898b4c6c438062dfafab45e5ba69e61558ebe7e2da078870f81c6e6fe301e49bebe6447d795b44515d4d02
-
Filesize
1KB
MD51b0c24a5b76069bfc3cadf852d96cb5c
SHA157bad4a6dba959a7a3beb8b6402d723ce24a7e7d
SHA2569f6d109bd1079159885b166b2fae95e1d0882d8551d64b83b111b6689430e764
SHA512e508a04ef7cc621e3499e1558f2fa25e86db45e9716e8733aafc69961746fcdbf6c4e1ac0c704bd5c97ea3c3ead18bd6d4009899820965c07252693db9236f5f
-
Filesize
7KB
MD5a0b4c891e97ee0a8b50cacc8638a972e
SHA17db1e23fbf217dc417687e2c465293ef2cca420c
SHA256c07c26e80e796ceec17b08869407bb623bfb2bef3a487b40cac3afb85c593746
SHA51258297b5eb71b648787b992b824469deeb2eebbb2112ff0d435d6dac61161a1f7863207ed79226d417de30220eabfe44a8e882b94335bd2664eb29c3db110a7cd
-
Filesize
275B
MD5d00f6679075015581ef6e3d8bf8713b0
SHA108e9ace5e7233042ea6ecad575efa77a7d27da7c
SHA25645be8b793eaf21f6bad35653e2bbf5bccc42803eb6c8fda93848a84acc2666ac
SHA51268dc90959b935e604a98a8c9901f91f5f4f23064eaff83dc5d199a771e2fa262fb535f2fa14cadf1924161b5eab6c0ae431b104f3fcac7ca26457059d75789d8
-
Filesize
1KB
MD5ec2f8c0640e3bb6f7daadd71fb92a855
SHA182c4f0ea5196fb75bff6a719c6fe45b2ce81a78d
SHA256ff873624606417351883ea7df95768df1a5ae6a218880375188efc3e2d4feda5
SHA512fb6b4399f20ed180cfbb4b5e9dab9e3cb9343aa6aa3120b099206b616fd2693ab3d58962d8afa7095b18d1b9d5825e17b80362bdf0177178e5de1824807838f3
-
Filesize
1022B
MD562f21c2891cd4b1c9248cf26747eae4e
SHA1fda4d292227f31cdeb527bc499455180121cc5ca
SHA256396cecac02fecd55c83d33a40a31ff6213d9decb1140d0cbe486abe830c0501a
SHA5124c4a8918c274a8fa3d5cd5bd8c52069e7cdbf5a52a70bb947e80a6d1c0ee4c420a7d4f62f81efa6b193712d77833af89b2cfd7aa5f74c25b9484aa92ab6e24fa
-
Filesize
366B
MD58cfecb7450961e725361866800db9cc6
SHA1ae2cab351dd8daa6b14bca467b4aa844094ab476
SHA256a39611a5c4d8c2808e635b7fdb9b010b68ed9b2729ece8c8a0638632b905c0d7
SHA512db43c2912776542e588613cfb1aefec0da7f43928d2caa8e1a755b126e95f96bfbcf9bca65cfea86bad84cb45551500311d92029cf26fdc3dd7af1f85d2214ba
-
Filesize
1KB
MD579feb46471f07abe0b265ffea2afa9d4
SHA17838db57608fc88426932e80ce430d9bcc6397ac
SHA256d2c336d2d46f677e08215ad14ed4dcc1a8e84937ded961831298a45f9b4b9e2b
SHA512a9ccda8f18f04cf0fe94760bd9e861c4d12a382ef69b5ad65937251f1a77f48ea9f12857faef3b9b681ce5dae682da8d853e24fb203a51c8eb86a420cd6e8b81
-
Filesize
1KB
MD5164e5d431c1ed3ed04d03f0ecd0b695a
SHA165a8932ed481de4f9f47997a6042d3f0b0b4c006
SHA25638be7f9929ade43c8be3b6b612879a6aa99b0aa73d626e8bb119b320c2a9967a
SHA512a02f68bb966d0b5712f33934b1010a5d3137e38b9fcb4b10007c22ba10c02a0f220623a6b126591086a1b8a3607ea72fc4989f495ba058f3b754c6af59618aee
-
Filesize
2KB
MD5d406cb8fe9e9f999c37bbf8fafe08015
SHA1429b127ebf0d196ec4f4d8886070d83561638e6d
SHA2561740486698c21b18a04cfc1578edb2d81862edd57396dd236f1c8f491cd17086
SHA51205859523a4ddba3079623ef81c656b672b0e0531f1f723ec9dbc97da44a60decee70aa95c551556bd87b99505d49be677384fedae2f5c1b3e74084f70123556b
-
Filesize
1KB
MD59b99cc8f3be6f9cc3df8b6fb93b060ab
SHA1868e4cca307cf3ca1b713ebefd7281aee5027128
SHA2562ef4fa50bc3e64282cf005953ccbbb18404fbdc325fae5fdd93db2162a337e74
SHA512676fe157155727be0981d02cb3c582be78421474363f9068fde9002ac0d58770aaad915f2b0b0a0afd72846bb177e7de49448618dceb841945b8f3781512657f
-
Filesize
1KB
MD53f5f31b5b162e9e6e57e59ddf10c14f2
SHA17f8ee6395b439dfce3f759a5c0981ee103c6d972
SHA256edc4e35371227ef54c25c356e47244887feff3c5fad0084b7c48f3ea82287b9f
SHA5120eb336d6c4979213bb82ddbde088c597d009c9f720d6c5ad35d4fe7dcd90e87e25dfe0480e8d3d83d393caed3e575809167dfaefab87616f355ef42ee981f8ae
-
Filesize
2KB
MD5614ba5f067d7947375ae7703fb5815bc
SHA17b25d24f2a9ece13d761c2f1e1a9eac40aa66b14
SHA256146f4f9269cd203727fdb92e01a4806acf6df6af4bc44f3b486e108cefb410f7
SHA512f0afd5470c9bbdbbb2f2336a24492103d7f6afcc9aea1081d1b77aa5e400efc1cda48dfb6c4479af5185d74092b85f9a0a3cd06d9ec04623bc5ddfaeb5326d12
-
Filesize
8KB
MD543f5cf25d865c09e315dc2ab03c515c4
SHA1e3c764901e7d827b4d9bd0e9bdc2e9472d0280cd
SHA25645b7b6653a4a21175b3bf7defb0062a28fd1d42decd9660bcdce7965e7eaa9d1
SHA512360c3c45424b77e923df10571e3b2fadffbd6260ea1de62cef63f3f6edfe6228645b5bd3120e08e7d24a8eed0271fe4c6ef28b8fb09126b6af111a4204840670
-
Filesize
21KB
MD56e1e08c853144467751f475b1ba90188
SHA18ec483c8e99ec7f2f71596223277766ca7f2e71a
SHA256964b64c889575149e5e8bb8b46df5916b23868b70896f1d51af54d358c0fd20b
SHA51224db7451267c374cc06c18f34b86cb7cd9b500ed238c815ab0e462a741faef51562d28359dd484bc2f348055c86555616a2a04c8b1a599f7832d2b3c7046a8a4
-
Filesize
1KB
MD50bea1e3b10df57399fb4be28ae468a33
SHA1b3f900659894e62f599975615fa471aecf1f5c0a
SHA2563cf614e5b2638ee6a7ff735a2c0ba5bc46de25c195b490e7ee21d73d21ceef5c
SHA512f0eb09fcc2611d8479fc6da1beb5eb5b5555717c907685c5a273050ead1c014a9a352bea213ffdcf225d29c648f559a87756fea8a8dae9ab184bcc43f9eb36fd
-
Filesize
2KB
MD557c27b5848db6c9897ec74e364df63eb
SHA16fe225cfcc469e1a892bd3b2a820476ebddc7eec
SHA2561335b1333b4c05bec35f148a616c30d34318ffa7fe992c05339400badd4660fa
SHA512ba83c359d1e8602de0778a4b272e693861a38d42688e73b79722f5d159a4ee7cb8b6e367e1f1cf60960c8281a6ac88e59530b841d91a115f82166a60c92d7261
-
Filesize
1KB
MD5c3d55b97a0a78efe65a15a36419be711
SHA1e97520f66b1128c21e019d9750205fa584e3970d
SHA256aac2674ab5f9ca9db4bea86644129169d8058d7006350cf9aaf7245c68b83e95
SHA512dfa146f4486dc9c71aff8f261e288b4e0ef6a94bfd1bfdd5c095f17f740eb3799fe0691b6cb9fe540c4f5865462a02a129ebe1dc05bc99227c0c179dba021cec
-
Filesize
3KB
MD5db804dd8f8bab6e8a9cba6abbedf7618
SHA15b72954d350b995c41d10f03bfef080924625d64
SHA256dd648b07d1f79750e52b65ba0eb00d6fc648847d57908b66f2cdb8293597f20c
SHA512807e6b626541d5c1c4c626b80a8b7dae2e73e7e381dfe2c43dc94b6228927907e150c8e955cd8522303af18c8e64e49c600b4722753973927891f19e83713071
-
Filesize
104KB
MD57e55329f60ff7fba335d5fe47abe9a89
SHA1d2af36b701790d8b99018194b02453856b036ab6
SHA256cb14619b8d84bc83e129628f9f8fdc717a7c548147e32621efa7ebc5cab040ec
SHA5129aaeeaef69ea34b9df527f92bff914868fafa88aa65fc3f8fe382633ed5a8239575b597f9a18e4491cc70174338ec428f0e36126ac41a27328cb6923b4b0d321
-
Filesize
16KB
MD5d9a7757759277ac2ab94bb7a2068968d
SHA11762ca700502bfd6c105b45798799bc46de6d40e
SHA256fe3de197e0f7257e7c31180592e6b814a6b4f06c16c42295a428f280446926e5
SHA512f4fbff6cd3880576ff7e6740b000bef6a949976752ddd8c7651aea1f8077a8b66c589d552bdde0a9c79e4c06fa85323a0e9c34d4dc2e88343dad0811658ab42a
-
Filesize
2KB
MD5859c276d6f1b72c1cf8898cebf2de1e2
SHA190e780e0a89890e372944700190441d2b4325c0a
SHA256d34babaec91ee5edf02fcb067075451f6b0aedf602a7454986ccc20b96514ffe
SHA51274b390c3ee7c23aceb14419fc0548d1617fb01516b01427c7316e9974f6050bde5a0fc655d256cb633d4f6220a70831346a27bfc2d64afa3e883a4b2e46bc55e
-
Filesize
1KB
MD55a54b36a0105b5f21f05abd1650a0fd3
SHA10e684d4327686f1bfc82c07f7e556c176da910ea
SHA256c2c9795d97d4b9c546af8b0f62b45ce645307d1d33ffde8008ee5f1162619667
SHA51207cf89f69510607597b71b21171912068d5887bd7af1379b9ee8ba79d1bb699d6001a86ecb0174d63fa8f6cb4224481e71a02c3e5d53eaf9beb37644ed5b7e9e
-
Filesize
2KB
MD52947fd5edbfa74d71a3a1ef5e59bfb63
SHA1a0d9542dd0d57223ad9c66f8b49fad118b0a397f
SHA256fb30f0facfdba4b13dfa9991b50da3284eaaa4e866556df213c20c87de2e3fba
SHA51233115bb486ffad429a7ce54fcafe879d0f4ba47bbc3dd24a2b80bd32ed932cb222a9773725c0c6374548b6553860610006f7160f65bb322b49b3cae8a221e588
-
Filesize
2KB
MD5c601e16689bb2988e46ce7c5717ede1b
SHA19a9eca47b6243511ec6410411fc996917cee7e48
SHA2567dc2ff94c8e68f55d33f34028a7c7b0046d1d1195c30b3785b6f1d38542c6d46
SHA51228c7411d34b11f289caa2b7c9af81e4ad20a738a93558ce0d5d4cdaa02ffe3ea26f5aa2c849c61ed2525c1b27a2aa6f55ecb5de93250cacce0cf2d624e434086
-
Filesize
3KB
MD529ef0b00d1aad7a0064b7319ee37ab95
SHA1034e6c49583ad75837b48ab85699aea6573b142d
SHA256c8af5c2a0b3bfe249256098e89220d417da8d3a37ae19a9afeaeda2e7ef1c139
SHA512507bba15da91f94910d7055b549392a7e22344c6edf717fdb5741dce33440aca2204189de27c3cca5d23fc6806e28d2c7fb029d573b2a30b7c466d6a0b36fcd3
-
Filesize
29KB
MD5362a10ae90a5dda83e7d29652b0bc710
SHA14d6621e7ed10e2b092ab0d1916e73271c9e38b32
SHA2568e69ab32785df46669f4aa2a6e93243e3bfb3cc6d8b86e8c35783e0cb97358c2
SHA512fe33625e48c0cece8b0855f1a6ea4bded870d5898e2ef62af99752bd3637e70ee734e196c053661a68d3b3e9ba081730ed6541c93016049436a8ba95f3c2a154
-
Filesize
11KB
MD559bcf90ccd5eda12cdbd4b78b835e769
SHA10933ffcea4a42470be6af3d6efc6634f52542123
SHA2564c9cc6065c5aa513e1e561db1bc8cfddd89f96a8ea72873a4ea1e3feda963b11
SHA51238b1dbfc1b0f17c60e18bd37c2942a8a1dd96668bf2011b7e05ef170a42e32cf34fac6954a18bae3e52f286eb7c67dab9eb044aaf6de860513233c36562afa0e
-
Filesize
1KB
MD566c7cc0ced61ad12d083b86db99a0243
SHA12fce54ddbd1f94e27bac0d98d55de3d55425a0b9
SHA2565121eb62b7df355b98bdea9c244b76a6998b70d23c425223a6bd6c45473ef09b
SHA512e1bd35bcc75532f855eabc17973a43bc2fb7e9642040926878f14d07da164d3dff021c8c9eb75fd3d0cb06edec2879588c5c406ece8f39809d508efca5260c16
-
Filesize
1KB
MD59a7bac235b3137bee87fd0f53d1d8125
SHA12122081f619f458c717df50010c02e715b75d8d8
SHA2562622ec4e558342d929d40e986afcc45cf2ebb26eb21840dd9ecbab41488fff54
SHA512569cbd65c690aeb11eb949a6cb13eddecd7253eb0414530815bdaf024b698b820ccb5e27eb94b3477e990ad02aafe6ec7f1e5bcfc36308681b94c44821760767
-
Filesize
11KB
MD5792cb48b1e2701344a4b212c2a02a61a
SHA15ba040ca77d37d6680143749c8539feec4af0a65
SHA256d274335ed5beac8079d32cf5363e49ed1bc8659bb0c49503cea747d76e072a75
SHA5125564ea991963e221e601899a4bed8ae3831065d8bd8e759ba548c6a770099c6c165eaee5f2974ba978cc3f6dfc19f18f47c680937246446a4164c9185a849493
-
Filesize
1KB
MD5a88333d58fce5e9bd95400fa7e640544
SHA12c61dd84b6d345d1a417eb5777319f996d7a3704
SHA25616e78b6517e47fd69feb6c1bfba12d93dd73acee6972aed306a197d047f0359e
SHA512a5e34aab978161efb966478645482b6146238f340dd80eecf2ea8541b8cce27d23b3bd0ccc7321541704c7f3dde7d6dec9ff941303fca86de25004d1c0a12831
-
Filesize
2KB
MD508c80de8eacf246e9565c684b7a40f5d
SHA1d24bdb60d80894b78de412e9b5ee6b1570ce42a3
SHA256734e7edf2598b80c3a63e21ad7b43a04f322e8025c8a4afc5472f1c04c6b5a26
SHA5122ec150e8996a1ce721d369cbc584250d58f287d12dc75a2325cbbc54436f0a45adecb572b67cbd4370ca142e54e7b2924c2116c6786b329b27d752bb0121727d
-
Filesize
1KB
MD5ff7e3bc4358b653fbc42eb81f48ae1d7
SHA1fc98b0a0609a978dfefec6d7881dd1716e8da2e7
SHA256932834cc3a03c33bcd8dc53591ffca61d383fb425e7f0defd406412eba13649f
SHA5123494318d1f4afd3b53b9a28205a750046701d30519df1500c3fc4cc6570a4e9675083952544671d4d6a800ae95164c32c2ad26d3bce6c8c682ef5fa39950fdf9
-
Filesize
34KB
MD5d516ba2ce8977e5e2c02a8fe02d8d1b6
SHA149d9313cf4602e00ba952e8e725902a8e08ba606
SHA256f4adac28a6c038bbf4c48eed808e631d7964ec69d5812d0d75b0eb939af91551
SHA51281e1d2d06914decf951e9a07b354ba9c915c7d333e5a7aac227d322d0c080fba0cc1dcab26de78a60fc5be58d06a559124fd2d9be7a7509c54509dda6446d4a4
-
Filesize
1KB
MD5fc701ba1e7e5c1b577f807213e4de34b
SHA1ed647f822f1b2bff0d58cc7757b160c9f750ef8e
SHA256b5346652b48c412a94cc7603a76fae5d6f172e2f58554968ab82edba660b2d2b
SHA512e1ba9a7d0f8a52de501a08d1b472c447abcc805f962f6daa4781a9cdb42d7225751a7b78855699c8d2bc20635424e33a96ee2ee3ef1df4f4b0e6f1def7b70531
-
Filesize
7KB
MD592598eb82c006ed7941133f1a81a7fcb
SHA12db914ae5da5be3150c0185aed22c83683085744
SHA25664704515f0e36628ed3c1bd7658f05cc955c1109a2a6cfcae364dd0072bce41b
SHA51251780838fc3ab5139e1624afee213e644cf998bb581f7c83b4beb2cf9647f38057e32470c65c76acb8c73830ae0cb282821361be5f1972116f07cc67050ad82a
-
Filesize
1KB
MD57e055b161e15be3f41442c0a4fd9a6f8
SHA12479891a68fbd2b3dbc9605546bc1970b3ef202b
SHA2560d81c937370622e72053aaa6247988d4c1dcd8977db1a40d9018bfaacc1c9ba2
SHA512a9a99fe177851c59e5917460ab233de0815b41724e86e944d798cfe60332070cb203ec1709999a483dd010924ec71b85771d94c20404c17a9b3343b203ed9930
-
Filesize
1KB
MD51ea8d6943d73610281307a8b3100521b
SHA1ba5e9aa07a075bc7f161a8fb2236393e3c78d569
SHA256da9e7f85233540eda59bdd2f215a982351bbee43a06dd7ddca612aa6ac46714e
SHA512ea318f9d89d878f684499a78ce47674c13251e2ff6676d4a6d4accfe5477f30e72e56009e2e5adfd60e349792b7aa9060116bf3e52a8085c2d06f616d9df3c67
-
Filesize
151KB
MD56e3579374c547e14f8b870ae6e2425a7
SHA18ef1c9c01b8b246d2c349203ee9e4422cd46b180
SHA25695649a259bffc88da92004b225cfc6d23b1bf2f9cea3e91c6d291e26ea588dda
SHA5121f24a732233b6c4745abf27c4c051bd8bb977dccaa77616d41cd6dbc5d9beff83f3586f79bd867e23c8e1343f3362a4e891858d82c5688ac0654f586537d3057
-
Filesize
2KB
MD5f3280af904428924f6f373dde08d5754
SHA1754ec1598aadaf6026dc39738927827a5330df67
SHA256554ed499f49bac3860892961befd4f6bb7bea94e8806365a51d4fe1109933d3c
SHA51235049ed2955e6f2f1d227f14a5a24e655679c9c4872b217fadcb240b3e5719e61448c208371c7d9c8fb6ebdb3f96ec11ef9ece906f5d5f36730ff8f326885040
-
Filesize
4KB
MD5291bc1c7ebd3e341d757a36b237e1d10
SHA1c880b2e97a63aa965867345c02c8700521ceef13
SHA25688ae20b152a85aa4d801d64ea50fd955301702e61246a8a9c546c16dff7796a9
SHA5120988446be08c2f42cda7ec78da29441cb6c5e74468cbafa1db3faebb570748d0e00a1628acfc21dd746f2d1c9fba24dbbe3ecb5344a6f9552d17735885c44a32
-
Filesize
4KB
MD56341f65681474afe833654a42fd60036
SHA18b7dd0b6dd512423f1deafd2fecec8e9b7c3c46a
SHA256927d9cd4f4d91099959500d87be3f01309dca53acbdaffeaafdbce17764924d4
SHA5127f5e61e1bdf144418e10647a5bcb183afac35e0f854ffb50ed3d1fa98d51d9700d3e5baa7bbf3d85f01288c76e4907da6e7c6f7a89684567ca39cec582b5a149
-
Filesize
1KB
MD53936a6da6132921a590ef1210035bb4d
SHA103fb40808cdbeac0ac77d3ce2519d308215780b0
SHA25647b2dc9eee942749a2561cb7969cc8b890c6f1c8e85284a76cc7e5d685236634
SHA512cbf48ceba5d368d748344dc3b45b970a16629c2156c76cba792894b1d5d802f1738bf0be12da3b2e1b1b79725a39566a21be75e2f53e33ad8c6d6019ce18fb6e
-
Filesize
74KB
MD598fc14d2672486b09d8a0106d089e6c5
SHA1325490bfa678f8ca86e40c31832ca5c8eb083080
SHA256186f52929ee4bf014a208861e2788098af517e0e06f6c3f54b1070321e73814b
SHA51217883c82dfa1ee667f72aea9143bd952ac10cc49037c19cc2cf76a9ca4f95d6c27268922d2e6fea71495750546f502de5bbc05e999c348fd620d2c8aae8198aa
-
Filesize
1KB
MD5d159f07d4c31aed19b1b9ae1d46b89c2
SHA1f247c30083de99658b5e96aa8c38747949571944
SHA2563011bb911735d695fed7de01cc3bf2ca5ac0773ff4e4f9a23b901160963fcdb2
SHA512f48ed0c3e3a19a23c190cda11ef0f5f3b100816c58ee03258612deebd3c755c4810ef85b4210b5252057405bb1491ea0566d68045aa04ccf8d59b1e643729977
-
Filesize
2KB
MD54f6019eddeed2ae22bce2ad50bba51a9
SHA17e3c15349397ed942fae1677e7f8a0564494cc20
SHA2560ec626211dcfab749e591fb0d7649ac052b93c31a8fbbd3a4d092f800633b537
SHA512acb4d29794030972cfb44bb30c0753833eb9c7b2b2b6193d4a60cdac45ee74c60c9ac1f33f79348376b5063af85d1ac938022efe985c65b9f8780c3a198f214a
-
Filesize
1KB
MD591c713d3e0a7682603b25eddb3fd19cd
SHA145dd5401a816df0f82c34e179a96cd80b92f594f
SHA2566a8614a5248846b7179594b5979beb2ce26a4f4a1325ab312d5ffadddbd787db
SHA512b5e5aca7b472ee0bf194605e2c8dc8e5907348f56e6dcdbd519f91b18b6df58c27f5735a692ef6d44d32bdd967c65876bc405762d6b6be50c1925b928be4c8f8
-
Filesize
850B
MD5afda62ce719a86e35202601969702e4b
SHA119228dadc0723a6b7c29ee04f0a0500368eb2f54
SHA2561924e66489fa336865007094464052ff42e4a4a49e5c7d4eedc1d8acd034989e
SHA512b11405b5e57f714c1c6f4f8f0ca9e6f628dd5ff244fe151c104e951b000d1fbab33d822630b36354594f32e89d2103c7796ef267c7b9accbe59804ecc3210e39
-
Filesize
4KB
MD5689b787e793d6229487ffd96e0c700be
SHA1663a37ebf1fbab341461b288f8041b1057873ad0
SHA2564ab7cbfae4fd4b641ab0194cf8a1530d3522437688fb51dffad9f52788b67292
SHA5123caaf6a3a764676eda745a7185298ce40d7069e8dc7285961b2d8ba97852e036c223d2ae67dbf7326547fd104e93291ec1c42f694349b30a0ad7313db8c62241
-
Filesize
3KB
MD53c1a3efe08df00ea2f81fda89e3bdfbd
SHA1c9665c135da3096fa20112e9da4af28737779a95
SHA25652ad79131457a7027818e1a828e652a354bf85404142f173393d9509404e74fb
SHA5127a82083bf76a92d7278ffa407ef75a388fdb47fbf84a0e7f2eafb42c750033b5b78fcb928d5eb087680f45b303cf73a7dff64166bfbe33ece5ce027278ec774e
-
Filesize
1KB
MD5a2c1b22c8767753cba5894938e328885
SHA19847619459c6079067af347d547fad2d9fac62ed
SHA256da92c5098bb015debd7fa081f01c2e0eb97524654f76ee2168caa05c9c2fc371
SHA512992eefa34976b3f78c0cc206cb5f23c6cd5e99c0d06f1b242245a9dc474a66bbc11843c906f2f08bc8c23672428f4d54dfcdfce6b866a83e0ecb5fb82204615c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD514f475b998b6aabad6d73eebd46ae2ce
SHA144f479eac6d7f749f74d9d6619ac0e66484568ae
SHA25624393ace52076cde5ca3a6c3aad4414be1b48ca183e58b068a9b02bbb7f11014
SHA51291c791112e9aec81fcd926f4b7b1b01838463312264b4ad1262dee14a28f2740337df0811fb1a0f3e8d9a4d1d0a7ed51faa663ae5ee4111a2d97eba9b8fb48a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize48B
MD530aa05fd689ee6b48f34a4df4317cb1d
SHA1defe7e6e09bcc7144f2fb01696e3063d8425d96a
SHA25682d87ababca7721ff6dfea14dd87a3842bd872c41cb48a9c8a4903675c9ec979
SHA512fa1f14fc0e558b45cbbab8680a1c3a932e928aa0fbecbd5a8772f59a61e606f59e885f37d310cdbf88ff11e45d854daca1f35704eedb0fcf8171cc729bbe803e
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
20KB
MD55475b62cee24654c2571400aa4829774
SHA16c1e687e5722330b91a2f97de65448f2215c8558
SHA25656b25b3da0448b11d08aca07e7dc1e71027a2dffcc50497b6b78b9eede54dd0b
SHA512c91c18859f390667268729bca8c7e6812f44e7741d4115d3737ab02e892f4f449a7c0f9dbfad87cd18c28f193bcf4161fc4f2d6ffd4f02b8930ec00117facaea
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD52bb8c7a81f96f148efdf7feec1ffa03a
SHA1ed48d2dd6a2d8ae919fd965f0c34738a9028c137
SHA25647dc488d732cfae8e1562604a41c99dbb0de54791f952d27d61f23ca93e1229e
SHA512e123ca2f5cf8c9130f2069f9c8ea540546f6ce15e6d306dbe8390be20faa5cadb08ceb38cdc9914e75b7829869680933a5b916068b95bfd7dc3e39886ad3f5e6
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
256KB
MD53dc851a97fc211e573c06a7bf01c052c
SHA191ed94fa3cab7b807f845aa076ee3a79320669b7
SHA2563b80afdcd612cad14a408a6dd05e295b88b7cc0d0ad827796d0517dc153e3aae
SHA512319302ac50922581c1ec90119b59b7e42a31ddc3eaf7d33f812c08bfad7c9d0fd529ea88d2f4f1cb2ed39582fe002ad78a712da68a09121aff7b194c61e7f554
-
Filesize
124KB
MD5a7ef4667b82ede147b01fb50054e2b9b
SHA17f6daf7d66d20cc7fe84f59ca05bc91588f4de6e
SHA256b5dce67a866f9422e77b7c44d23acedad3c09ad6858cf36863eed75614c9beca
SHA512c443a16c05d5ef5a8a3a64b99bf7ae0c53404449b333a4170e79be410251d1ad8b67eb64e08c1016eb9d9688f4c1c64d2e9a45cba8130b00af47aa7fe46c95e9
-
Filesize
3KB
MD512dcfa59a40134a25045f384c52ef6d2
SHA1fec98ccea369b7b78208c451d5e30528d7d64987
SHA256883ea053f15dba5b728d8665e7fa7325529949e8cb69eff6b9e0bb25d8bf5af2
SHA512f8c64d8de5145ae57aef3455a26db046f135ea2636d9ba8ed93656796420a3edb999a4bda59d01040fb2ef170fac6bd2c3f41bf48c94a8004bdf2ce62ca4d569
-
Filesize
579B
MD59956429ec8f3edb5394e307c24dd9e2a
SHA1684f6f1345c954eb66f86ff3fb3f6e70a60d605d
SHA2569d33fee21954dbb22a9de5b1692c8da5971ff00c7108a58867d3429772eb291b
SHA5127dd3884198046568dc1e835e23d83f226cf44869bad0a7a603755b8fe7ba22f9bc9d30b1d907088ec661d66293ba016a57f55b6703df7dabed3fd5fbea6444fa
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
579B
MD5b1974d972ce4a901bb9827904489de13
SHA14a393b2f7fcc5e0023da08ddd298288ac663640f
SHA2566067cdbe83127787fdf4e157233cece00f7464061098594d7ab52a06b6a89b52
SHA512ae14f60af0e921ffb0e4ba9bb710904ea4c7e015a7a21e4ad59d42e7f836342a508b3bfc71b599ad3dce06f2ae1b3f34bf50a290457696ed2a248c44e5a32bb2
-
Filesize
6KB
MD5b8fe3541da1d68b00335f76981d37dc6
SHA1b6a6ff6df0f88d6c1654258ae89f5b5c8cac72b4
SHA256f8451a7a7298c402fd67e13265654219c0e514e3192ce07b44de8c260209d1d6
SHA51229cd0fb203da9a3720bd39d594256724f879c1756b2ad0da3909a4ead5448ad123223cc058d0b2c4db24a99feed896728491acdd3ed500e3ce53fe7acc7731e3
-
Filesize
7KB
MD596022d2a36ad7a7a5eeabea3be614c0f
SHA12bc0155665bb5ddfc4f6d4e761415478e4642d84
SHA256b0153ede5d9acf588875d1009893d096c34c6034f98321a9b3863998984d4eef
SHA512f08a6a3b64372a2f4cc6251d0ce66011aa5952d22a0b372aa7f2f423c2e74854acc73ed4a9508ae8fc39b5f29c0f5e936b738a4a95a2729a5386f0aab8bd8f01
-
Filesize
5KB
MD595a4e631a84ee8368b43761ea2c5b9ce
SHA116a1859d514e5c50d5b0663eb41b64eeb607a001
SHA2562103622d1420c5d7386e33690d585b7612b4dba760e30496726b32e3946f6121
SHA5120c1ecda7cca02c9637b3a376833c5f5a1c6ad6f40e850959332316eace12fe877aaa0a0e5adc63de0e7816ccd8e7b1dff04beea207fc31421425839f3926d35a
-
Filesize
5KB
MD51d7d697d8e2cbce60cf62a94b2bda22e
SHA10d45539131de4f2ebf41dbef5e18fa304ccc4ac3
SHA2565b966ff977d5ae968b0a2f8da39447010bb00a68cd23ce92a08312d8993acacc
SHA512b913a3673ed9ba79e0ae6ee739474dc4b4d16a531ec8f9b80732f6fdaf8add1344aaa07ff6623f68028b40fcd84bc27dd9c3ea6552f9f3e981037b45f0c33d72
-
Filesize
5KB
MD5cd6565ae49e57968fb3bafb5d13e6afc
SHA14e8b2be41fda7086cfce6463cbf4ef6968473ace
SHA25691953cfbf09e1fb5c7548b71afca7a38d4f58e741ec03a1db9d5b20647ea7f80
SHA5129fc876c00fa48f0123220c029c07aac4dff9da38bbb705e50a6ffc3de8006a865fae931f34f2876a00b9601e663ade2e6fb5e800290685a1b6ef15589125e8ab
-
Filesize
5KB
MD50c458570dbf1a0ec7db72cd20e58a404
SHA18480943c2c7638de94375d6cf23a0df291a7f5b4
SHA256a610f9c7b0b9c27b5bbc40f425ff9366231b4b56ce3fbc1a5620ce5c8658d56a
SHA5127ccdaa07b7d1d4a3ae1f569d6655a7230e7af0b9ab53e124b9624a185ab1f66b55d81b04e7e586219ad62be42a25f6479f951be6e77d0a8265b0e76ee56d1150
-
Filesize
7KB
MD5993456089ae80319a62eab2abf54b20d
SHA1bd314b3af976241645b261270f81ed49dc0058e4
SHA256a790f507ef6738ecc9946a8c543254206f10130654e3814d734f4670e54b9deb
SHA512a6fb9d0f85ccf01b3cce26b75d62db42113ede07636e003695d5bd6d8131111695e8857bb6e56f613e058f92b0bf60d6e60a0b5e4b275f41208a1ff3aacca1c2
-
Filesize
5KB
MD545b99afe3c7e70868a1b0b95b6f684f1
SHA1af97be1b4b56d33661d93b1318c284f86f149ebf
SHA25601ba9e48bd067fd805665cd8c0b1d8c21c1483cc4440c720f6f80ac7459b947b
SHA512e0590d8f289543015a94de3370d12700d5c0b965018c00dfbddc61e4a258102fd43dec735204e4692e73a2c70d364080aa798a77ec6ffb2812c8c2601a054525
-
Filesize
6KB
MD586ca728ba9972355ec54e283b5ef725e
SHA1cfb9e8f3ce80554d464aae4e52956b2178e80071
SHA256aea2ad1586f21c30baf8d5ea634e23a5ccb5d3612b48f150b35599fc28e4eff0
SHA51217c2df817c2b08624ee88a6c7bf28e3d2e8ea8f09b2705257e62284d3d02776c47a7a740fb8e04179005146bbea21d9b624a0231d407aa2fc3b3d9b0609d10b9
-
Filesize
7KB
MD580b91e2a2d76ebb9fe7a815372b6ac65
SHA13d5fd03cb819da0f16ca720c83f91e1c2f69465a
SHA2567e7d20cd487b44e020a1299c997fb82ecb304ef16642492635a8ee8e43326969
SHA51242ab5fae5a075beb14dce81d24b520296c7cfc986b31092a417e6bde23afc8f2205b47d4dadd81bc786f7cbb2cc57a9b8b697062dfd8f31786601fc29bf46b59
-
Filesize
24KB
MD5794620ec1e79ac9bc9a27ebbeecb08ac
SHA1cf365eeeb64a25fe763ac078edfa5ab9c321d789
SHA256b3356f0ddc460c6b00366420f51c6bb83c286362f073e7943a1271b4a2c3e58d
SHA512613096da233853fd5116a0b94d2bcce62ae83900a23d3e64e4b0b9ad315a173eda178a288611e37c37d6b9e2a5af3af14b25c36c70eac78149846822fb3d012a
-
Filesize
24KB
MD5364592d2cc18adf665987584bf528cba
SHA1d1225b2b8ee4038b0c42229833acc543deeab0f6
SHA256bd97dd6797bb763681cfb1fc3cc21a44a273aab1d9a4f4f9332675c662d2136c
SHA5120e852db825e451464cbcfda95eae2dfe780874bd20e7b467604962428007d1735ece752aa5901d468708a68d66d029271d5567b39c530d2d44b875abbff9aa40
-
Filesize
24KB
MD5137094a3453899bc0bc86df52edd9186
SHA166bc2c2b45b63826bb233156bab8ce31c593ba99
SHA25672d823cac2d49660cdd20ebf4d3ac222c4dd15aae6e5ac4a64f993ef5c4fdd44
SHA512f8f149c9eab06e8d7e1aa62145f0fc588dc36fc521ef4dceceb80a191b72d79586d920feb5f3b1d19595109cc6d608c143e32f521a4da1068c708a2538899ada
-
Filesize
18KB
MD5c642c3db722ec2fc48e4b1c76b8797e6
SHA18212f321f26eb6c4ac175d5191a6336dd8ec7718
SHA2565b024bea3094f8eba53e651207ac906537e03521a62dde6116376d6fae16baf1
SHA512206f55895961a2a30b261714ad5972b5977f06496c18166fdb4b39de3c908bd0cd02d10cb572984aa784bd26ab8eb219593d133b8eebf83bacece994aab461d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD5d39223146eba43902858e860938abacc
SHA19bd063f196c6d4740f0a2b26d53dc15dfed66da1
SHA256aeb479b7b431b63b21774aad649ddf12688ce596cca938139e2ff866dccd8026
SHA512fc93729143d64f998c0d8a73918c3d88851de98821932eebb2e8d1bb56baf8f3fb2342786a71b795faffd7d9a151b042a06c4471effdec9605666b13fdca7453
-
Filesize
347B
MD5c49a7f19b36c613aa4ace0ce38aae444
SHA18f15a385f2967bbe61e5c21896e1f0290a54452a
SHA25672d6065d4ed957aabc486ab4ab0fa2010c7213d4ac0dcb1026c8b630ee614c8d
SHA5125b74985211a0c38b10a9f5d8d5fa09cf7f595c1d261175c2af2b9e0d224b0e41885239b0c4082cca0fa3337ce9a686f7c8f389b698a026c6b43e991d31234952
-
Filesize
323B
MD5e3e1c1a0e3067a61f7fe54af3a13272c
SHA1740f675036875073437c38bd7028d4e920bf51b9
SHA25600a5eef5de4e1c6dadc7e51d314550b5466e08d084c67bd279f94d81e4362d53
SHA51227c1154c4bc1dd20373fd31937df89a6a12e08d73be479694f4ea4e24632f6f6599aa445975c67d23ade61a67409f339023b197c4145c6b51fd7929597a270ed
-
Filesize
20KB
MD5f44dc73f9788d3313e3e25140002587c
SHA15aec4edc356bc673cba64ff31148b934a41d44c4
SHA2562002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983
SHA512e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7
-
Filesize
874B
MD5b9e2c6e0baac8957b9249c1c32014ac4
SHA1ce54b7b0ca7d963c46ccc25ddb3eca16ef01aed1
SHA256810ef3ff15708decb9e10933bb046f8f1d0be2be7f0774784cc302b27fa0fe12
SHA512ea22bbfd2707e7ecae7218f6478b56e73262a38a7e8597c32e4e86c7ce35ffdc00bcf282535dcc4ee05ee2a9b2129826fe74b7686963ac213e947f1c68b731d1
-
Filesize
1KB
MD552426f628ef68969481d419449393b48
SHA14dbdee1c6c79c9dc414138e2670c9b33002fdac7
SHA256fa7ed301b384611bb19a34e48087eb4e7b0a149e6b0e18eeb6bac2da5f289b03
SHA5127ea78b162e4b0cc5426b185f12f3193c7a2c3a3dd10b8bd117ea4395d6de81907d8e27488daf94985b0d082a5a674bad9cc5bd5aaa8ecb9d323b03d487ce2ab2
-
Filesize
1KB
MD51773315b726b1a30c9a2f833518a5ff1
SHA17fcdd7852e6e83deb28753deef14c29321e0f36a
SHA2569e70dbff2009fca07a618ac632142334b2011cecaf21f069c4e9f299ac878813
SHA51230c417cc31c65ef622effba5323d6805053a3ed47e37f2ac69b401ee412b95b14a06a3b5de653ede150c75d27e87b6aacd7c73bb37d61dbce49c3503f7273b6d
-
Filesize
1KB
MD55615e600979ce8c4fe65328a6e34dc92
SHA15c9f562499734f94ed51b5d63e1c6d104d65942d
SHA25675df8da40252e4107e95f9f1ec50ae2c12234fa519edec79a0a2fcbeda276d48
SHA5123f60efddfb2cf5d83f840ee305a522986372b1e8a87d1c54112ab50d1c28d4a3bc009272de10fbcf0fd5e9d42d9e9978d78e25c34ffcacff822161ad4e82badb
-
Filesize
874B
MD539c11f6990e9b32c9d037cbce1a16408
SHA19385a11d908f74375dbb53270ff84ad78acefda9
SHA256115e111b48bc00b3f33e2c53ce7fdc088e631c3f1f7cc96720ae4c4a49b29082
SHA512af122b53e3abb19e6c96c6d02393065c046188e1b87fcc52392bd016a41d0de259cc2ef2ede54b0a3c040bfa8b205a85c4058c0f354e775cf0149ab465c0b28e
-
Filesize
128KB
MD5ff39ae15bb8e88e6541d18074779ea46
SHA1fd8f05b49597fc6fc67c65679d64c18c05fa806d
SHA2561cfca3b3af693dfff74bb6ad47ddb16a628f2810f3c8effb402c4881b4ae8552
SHA5127d333717dfdbb144bb6cec294088db68d7e00b58e5ac58b073a1c50878193b819ad74d2a4e9f5fe87ffcf65153869319eaefa0275da687b9e758bb0ac06f63dd
-
Filesize
116KB
MD5f70aa3fa04f0536280f872ad17973c3d
SHA150a7b889329a92de1b272d0ecf5fce87395d3123
SHA2568d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8
SHA51230675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
76KB
MD594beefaba829db8e9be0044568061238
SHA1e7e01b012b56edb76c5e418550321c1298a7fa0a
SHA2560127551244d3d155f87c849e9ff2cbc4bff204f643798081d477a8644cb290c8
SHA512baf41826d5b72ea09a5454f90e6159ee0e05a479b9c0cbc4e2c1c8fc4bb6aea170f48513ddb37ea6d89356967ea9e0029911880946f646bd0190d993f13d9985
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
11KB
MD515c581b8e180fcff0f4bb2540e5a0f7e
SHA1d91dcefc7b86a0b97eb59168b91c3581ae4c7ea3
SHA256213df0a1eff2656a95b255180825f904fde5e3f99a74f39e98ce02b7ec8fa29e
SHA512a66e81d0e21ac74aaf6849e37693bd2c3e5f6a914fbe94aeae0a5367494ff9b5ff68c8fd288f939d4f463979c92bff566f8097944d2dbd819bba5952e83e2489
-
Filesize
11KB
MD578574b73600400d98fc2ec89ce6d3640
SHA174a43ca21523fe486704165517521d6f9d81e31d
SHA256d57205354eaf7ae214bf5ac7c5e1d3d9ac8e9e6eb9ee65ff785c8ff918763f19
SHA51279d3298863e465bb6c6312f05b74be060d174beee87edeb92a9485a4e1e1019219a25135e8247667501f8aad1b34be6b6e0899dd2af6b02c81195e2573335f57
-
Filesize
12KB
MD5a8ccc6a8f0a597ef93f77b69d2222e9e
SHA1704b8652aa355aebc7fce6d4a8fb9a227e5e014c
SHA25695131706d134c1c0c508ef4e4e173469b76ee48f0a2f766abd5101dd78c5538e
SHA512a2c75bd93193e7f8d348dd58263fd385bf0dea256dc9ee118f43dd311e128300167856a004b09d4f634398c7f0e0e352a06e6d8131db1888788c8ea2587058e7
-
Filesize
8KB
MD58e19288d247a2240c23f3e9efc38e68d
SHA199dbfd2c3e7292b9fe04b12ed3f92a2fb31956eb
SHA256e3d2c5b38df39129147bd199d0b8b42a66b39049e98082f4f37c654292932bb9
SHA512d9ce4b280e0d0d8b6fcd4ee7e20b8abaebe3a30ec50775f099e7b3bb82d2720a455758e5e4efaeadb24b39773b3654e11cf17da4355e9fd900b3d74223a629bf
-
Filesize
12KB
MD5a885e751956ac26c51c377e77789e78f
SHA1b3c139803a1906bb951799332d143d1382fdf4cd
SHA2561d663bdca24a31eade110de71bbb34becbfa0cf6dd1cf331e2726c548015ac2b
SHA512605c12c2e9fd7b0ab9af8ec4a1682313f86bb622b7f15be5b9b73c097fdc130110b354d895f20e8d2dc2031e46a17ae746b93852b1971d21f07614c8640e5f27
-
Filesize
264KB
MD500721dc514f4c7982559f564d338b5e5
SHA11614f6d7989b3cc5679a45b88b91f80f842e5fd4
SHA2561ce42d29f4e999d8616ae9b43177daa57a30dbe7d1ab7e02f11ea8cd823b0d1a
SHA512ef4192f254e8f38774bf5cb45e5575f8bbe8bc187582f11f37a368ff8b189f0ed459e9e87fd3aa7e967844d54b3a6b41a4cef7fd3ae0a9440a855253ff24da91
-
Filesize
81B
MD5f222079e71469c4d129b335b7c91355e
SHA10056c3003874efef229a5875742559c8c59887dc
SHA256e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00
SHA512e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
Filesize126KB
MD56698422bea0359f6d385a4d059c47301
SHA1b1107d1f8cc1ef600531ed87cea1c41b7be474f6
SHA2562f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1
SHA512d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d
-
Filesize
40B
MD56a3a60a3f78299444aacaa89710a64b6
SHA12a052bf5cf54f980475085eef459d94c3ce5ef55
SHA25661597278d681774efd8eb92f5836eb6362975a74cef807ce548e50a7ec38e11f
SHA512c5d0419869a43d712b29a5a11dc590690b5876d1d95c1f1380c2f773ca0cb07b173474ee16fe66a6af633b04cc84e58924a62f00dcc171b2656d554864bf57a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\synchronousLookupUris_638343870221005468
Filesize57B
MD53a05eaea94307f8c57bac69c3df64e59
SHA19b852b902b72b9d5f7b9158e306e1a2c5f6112c8
SHA256a8ef112df7dad4b09aaa48c3e53272a2eec139e86590fd80e2b7cbd23d14c09e
SHA5126080aef2339031fafdcfb00d3179285e09b707a846fd2ea03921467df5930b3f9c629d37400d625a8571b900bc46021047770bac238f6bac544b48fb3d522fb0
-
Filesize
29B
MD552e2839549e67ce774547c9f07740500
SHA1b172e16d7756483df0ca0a8d4f7640dd5d557201
SHA256f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32
SHA512d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic_638004170464094982
Filesize450KB
MD5e9c502db957cdb977e7f5745b34c32e6
SHA1dbd72b0d3f46fa35a9fe2527c25271aec08e3933
SHA2565a6b49358772db0b5c682575f02e8630083568542b984d6d00727740506569d4
SHA512b846e682427cf144a440619258f5aa5c94caee7612127a60e4bd3c712f8ff614da232d9a488e27fc2b0d53fd6acf05409958aea3b21ea2c1127821bd8e87a5ca
-
Filesize
233KB
MD5155e389a330dd7d7e1b274b8e46cdda7
SHA16445697a6db02e1a0e76efe69a3c87959ce2a0d8
SHA2566390a4374f8d00c8dd4247e271137b2fa6259e0678b7b8bd29ce957058fd8f05
SHA512df8d78cf27e4a384371f755e6d0d7333c736067aeeb619e44cbc5d88381bdcbc09a9b8eeb8aafb764fc1aaf39680e387b3bca73021c6af5452c0b2e03f0e8091
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD56a69df40e6c88f5e3b329eeece6c8c1c
SHA14a711be80cbfd100752cec85a281e9cf58100507
SHA2568cc6909e8dfca12e16bc3897a9d8df33c0f322dc3765a31f981023538de344d8
SHA512a2cf7d653e6abc3a893ede340f36a716f81b9eb8de7e80137d82c14d254457ecc2bf1aba15910c9fee48ad8b2e8bdbb7d53cf639fa5c52571c4d19f63bba59f7
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD534130f3ac9ef64d36c2835734f1022ac
SHA1ee4a754336a0e20ae3e99ae2537f08deac0ef8bf
SHA256aa9f7775c1ffe8ad47acfc9a87456ed2becc25d790af08bd172fbcdcfe9d1e3a
SHA512eb0599a42fdf278edeef77335a8ebb29fb6770d4ba2fd9f0330756b5c994b00bac132ec9ed109707e3bad58769dc9d8f29d346c9b2d2d240a38b89443f78030d
-
Filesize
23KB
MD558b1840b979ae31f23aa8eb3594d5c17
SHA16b28b8e047cee70c7fa42715c552ea13a5671bbb
SHA256b2bb460aa299c6064e7fc947bff314e0f915c6ee6f8f700007129e3b6a314f47
SHA51213548e5900bddc6797d573fcca24cec1f1eefa0662e9d07c4055a3899460f4e135e1c76197b57a49b452e61e201cb86d1960f3e8b00828a2d0031dc9aa78666a
-
Filesize
40KB
MD553f25f98742c5114eec23c6487af624c
SHA1671af46401450d6ed9c0904402391640a1bddcc2
SHA2567b5dec6a48ee2114c3056f4ccb6935f3e7418ef0b0bc4a58931f2c80fc94d705
SHA512f460775308b34552c930c3f256cef1069b28421673d71e3fa2712b0467485861a98285925ae49f1adea1faf59265b964c873c12a3bb5de216122ac20084e1048
-
Filesize
373KB
MD530cdab5cf1d607ee7b34f44ab38e9190
SHA1d4823f90d14eba0801653e8c970f47d54f655d36
SHA2561517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f
SHA512b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3
-
Filesize
50KB
MD57d595027f9fdd0451b069c0c65f2a6e4
SHA1a4556275c6c45e19d5b784612c68b3ad90892537
SHA256d2518df72d5cce230d98a435977d9283b606a5a4cafe8cd596641f96d8555254
SHA512b8f37ecc78affa30a0c7c00409f2db1e2fd031f16c530a8c1d4b4bffaa5d55ac235b11540c8a611ae1a90b748b04498e3954cfb1529236937ef693c6b20e893b
-
Filesize
372KB
MD5d543f8d2644b09445d9bc4a8a4b1a8c0
SHA172a7b4fb767c47f15280c053fba80de1e44d7173
SHA2561c0e2b7981ffa9e86185b7a7aac93f13629d92d8f58769569483202b3a926ce5
SHA5129cd77db4a1fe1f0ec7779151714371c21ed798091d9022cec6643c79b2f3c87554a0b7f01c4014e59d0d1a131922a801413d37236ef1c49506f8e1aa5b96e167
-
Filesize
28KB
MD58e9d7feb3b955e6def8365fd83007080
SHA1df7522e270506b1a2c874700a9beeb9d3d233e23
SHA25694d2b1da2c4ce7db94ee9603bc2f81386032687e7c664aff6460ba0f5dac0022
SHA5124157a5628dc7f47489be2c30dbf2b14458a813eb66e942bba881615c101df25001c09afb9a54f88831fa4c1858f42d897f8f55fbf6b4c1a82d2509bd52ba1536
-
Filesize
26KB
MD5b6c78677b83c0a5b02f48648a9b8e86d
SHA10d90c40d2e9e8c58c1dafb528d6eab45e15fda81
SHA256706fce69fea67622b03fafb51ece076c1fdd38892318f8cce9f2ec80aabca822
SHA512302acca8c5dd310f86b65104f7accd290014e38d354e97e4ffafe1702b0a13b90e4823c274b51bcc9285419e69ff7111343ac0a64fd3c8b67c48d7bbd382337b
-
Filesize
235B
MD5f7235f7ac77f2c9f8fbde99052ed4c05
SHA125864eaff021527644002b837edad4cd62bcbea8
SHA256c506e267da4b953136a67597bfd019ca79c175dfe6dfdaa39db5809fa12c0e46
SHA5124a35b5f2428209b483ba6afef9e91f702e4af0e97cb6de68e8b84e39dea409c70649aa371e67b412cffd65258043eef924405a9c5b466baaf5e65a9c62301209
-
Filesize
479B
MD53bcb6cb4266732963a0c2e1008508299
SHA1c96700ba712e8b54488399e9087d7e7885063858
SHA256eb1d5caae77066a928ea0f3b9c3aecc033357be435823cea43fe571a60163a25
SHA51240307d2e976f75e38083599ed8e34259b0a15e88bbb0b4491e5b5fc026301a2a1dbe222988344209ecf123ac9585f717b56208e3b5304bc3bc4e1f45925d7fac
-
Filesize
742B
MD5855263c609a711279199b099c350ba60
SHA1cc8e7a05824bb3dffa07eb14bb8691eaeb79fa7a
SHA2567f66c7a504af83395ff39de02f33d7c8dbaeb5477399b6224235b0a50f6d399c
SHA512be4d7d3c4e4e4e7823bfe153938a6df7487b52ae351458ada984d20df34d15f0d13ffef3adbc85730bb8ff92f2abd3cd21bf1a0d887fdb8bafe71e15ee0e9bab
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e