Resubmissions
17-12-2024 09:52
241217-lv78lawpes 1017-12-2024 09:40
241217-lng3tswnay 1017-12-2024 09:34
241217-ljw17axkgp 10Analysis
-
max time kernel
669s -
max time network
667s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
17-12-2024 09:40
Static task
static1
General
-
Target
a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe
-
Size
2.9MB
-
MD5
ec45b3daf2d1998ec51ac32dd73e4353
-
SHA1
e8f3624436c443853cd19dc4e590104130a59494
-
SHA256
a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3
-
SHA512
8c127c3eeeb3fedbee970453d487e5bc69da5727d8d144a657ed2842718b79c680b4138a0f1c294fce4c12105018f36c86437af67734000f24d12016359388f9
-
SSDEEP
49152:cZ/jf/q95mWke8XmcIUJAkGXP5yJBHlyWhavc:s/q95mWke82hUJAkGXBy7Hhr
Malware Config
Extracted
amadey
4.41
fed3aa
http://185.215.113.16
-
install_dir
44111dbc49
-
install_file
axplong.exe
-
strings_key
8d0ad6945b1a30a186ec2d30be6db0b5
-
url_paths
/Jo89Ku7d/index.php
Extracted
stealc
stok
http://185.215.113.206
-
url_path
/c4becf79229cb002.php
Extracted
cryptbot
Signatures
-
Amadey family
-
Cryptbot family
-
Stealc family
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
description pid Process procid_target PID 2112 created 2964 2112 39bb54293b.exe 49 -
Enumerates VirtualBox registry keys 2 TTPs 1 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSF c4a31b64e7.exe -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 17 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ c4a31b64e7.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 43b13d2f8a.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 03342fd1cd.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ 39bb54293b.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ axplong.exe -
Downloads MZ/PE file
-
A potential corporate email address has been identified in the URL: [email protected]
-
Checks BIOS information in registry 2 TTPs 34 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion c4a31b64e7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 43b13d2f8a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion c4a31b64e7.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 03342fd1cd.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 43b13d2f8a.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 39bb54293b.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion 39bb54293b.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion 03342fd1cd.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion axplong.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation Memz Clean.exe Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation axplong.exe -
Executes dropped EXE 17 IoCs
pid Process 3984 axplong.exe 2416 43b13d2f8a.exe 2112 39bb54293b.exe 1056 c4a31b64e7.exe 4876 03342fd1cd.exe 1540 axplong.exe 5808 axplong.exe 5304 Memz Clean.exe 5820 axplong.exe 5992 axplong.exe 1120 axplong.exe 4028 axplong.exe 4988 axplong.exe 5816 axplong.exe 6516 axplong.exe 2904 axplong.exe 6840 axplong.exe -
Identifies Wine through registry keys 2 TTPs 17 IoCs
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
description ioc Process Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine 03342fd1cd.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine 43b13d2f8a.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine 39bb54293b.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine c4a31b64e7.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe Key opened \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Wine axplong.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\43b13d2f8a.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1006974001\\43b13d2f8a.exe" axplong.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 122 raw.githubusercontent.com 123 raw.githubusercontent.com -
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
pid Process 3332 a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe 3984 axplong.exe 2416 43b13d2f8a.exe 2112 39bb54293b.exe 1056 c4a31b64e7.exe 4876 03342fd1cd.exe 1540 axplong.exe 5808 axplong.exe 5820 axplong.exe 5992 axplong.exe 1120 axplong.exe 4988 axplong.exe 5816 axplong.exe 6516 axplong.exe 2904 axplong.exe 6840 axplong.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\Tasks\axplong.job a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3932 2112 WerFault.exe 87 -
System Location Discovery: System Language Discovery 1 TTPs 21 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Memz Clean.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regedit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language axplong.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 39bb54293b.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language svchost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language explorer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language control.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 43b13d2f8a.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mspaint.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language cmd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language c4a31b64e7.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 03342fd1cd.exe -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName Taskmgr.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Software\Microsoft\Internet Explorer\Toolbar explorer.exe Set value (int) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1" explorer.exe -
Modifies registry class 64 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings control.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers." explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02 explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings explorer.exe Set value (data) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders" explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer." explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region" explorer.exe Key created \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings explorer.exe Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay" explorer.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 6572.crdownload:SmartScreen msedge.exe -
Runs regedit.exe 1 IoCs
pid Process 4852 regedit.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 6280 explorer.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3332 a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe 3332 a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe 3984 axplong.exe 3984 axplong.exe 2416 43b13d2f8a.exe 2416 43b13d2f8a.exe 2112 39bb54293b.exe 2112 39bb54293b.exe 2112 39bb54293b.exe 2112 39bb54293b.exe 2112 39bb54293b.exe 2112 39bb54293b.exe 4780 svchost.exe 4780 svchost.exe 4780 svchost.exe 4780 svchost.exe 1056 c4a31b64e7.exe 1056 c4a31b64e7.exe 1056 c4a31b64e7.exe 1056 c4a31b64e7.exe 1056 c4a31b64e7.exe 1056 c4a31b64e7.exe 1056 c4a31b64e7.exe 1056 c4a31b64e7.exe 1056 c4a31b64e7.exe 1056 c4a31b64e7.exe 1384 msedge.exe 1384 msedge.exe 1140 msedge.exe 1140 msedge.exe 4876 03342fd1cd.exe 4876 03342fd1cd.exe 1540 axplong.exe 1540 axplong.exe 116 identity_helper.exe 116 identity_helper.exe 5808 axplong.exe 5808 axplong.exe 4536 msedge.exe 4536 msedge.exe 5864 msedge.exe 5864 msedge.exe 5864 msedge.exe 5864 msedge.exe 5820 axplong.exe 5820 axplong.exe 5992 axplong.exe 5992 axplong.exe 1120 axplong.exe 1120 axplong.exe 5396 mspaint.exe 5396 mspaint.exe 4988 axplong.exe 4988 axplong.exe 3324 mspaint.exe 3324 mspaint.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 3 IoCs
pid Process 4788 Taskmgr.exe 6568 mmc.exe 5304 Memz Clean.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 61 IoCs
pid Process 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe -
Suspicious use of AdjustPrivilegeToken 13 IoCs
description pid Process Token: 33 2004 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2004 AUDIODG.EXE Token: SeDebugPrivilege 4788 Taskmgr.exe Token: SeSystemProfilePrivilege 4788 Taskmgr.exe Token: SeCreateGlobalPrivilege 4788 Taskmgr.exe Token: 33 6568 mmc.exe Token: SeIncBasePriorityPrivilege 6568 mmc.exe Token: 33 6568 mmc.exe Token: SeIncBasePriorityPrivilege 6568 mmc.exe Token: 33 6568 mmc.exe Token: SeIncBasePriorityPrivilege 6568 mmc.exe Token: SeShutdownPrivilege 6280 explorer.exe Token: SeCreatePagefilePrivilege 6280 explorer.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3332 a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 1140 msedge.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe 4788 Taskmgr.exe -
Suspicious use of SetWindowsHookEx 33 IoCs
pid Process 1140 msedge.exe 1140 msedge.exe 5396 mspaint.exe 5396 mspaint.exe 5396 mspaint.exe 5396 mspaint.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 3324 mspaint.exe 3324 mspaint.exe 3324 mspaint.exe 3324 mspaint.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 6948 mmc.exe 6568 mmc.exe 6568 mmc.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe 5304 Memz Clean.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3332 wrote to memory of 3984 3332 a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe 83 PID 3332 wrote to memory of 3984 3332 a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe 83 PID 3332 wrote to memory of 3984 3332 a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe 83 PID 3984 wrote to memory of 2416 3984 axplong.exe 86 PID 3984 wrote to memory of 2416 3984 axplong.exe 86 PID 3984 wrote to memory of 2416 3984 axplong.exe 86 PID 3984 wrote to memory of 2112 3984 axplong.exe 87 PID 3984 wrote to memory of 2112 3984 axplong.exe 87 PID 3984 wrote to memory of 2112 3984 axplong.exe 87 PID 2112 wrote to memory of 4780 2112 39bb54293b.exe 88 PID 2112 wrote to memory of 4780 2112 39bb54293b.exe 88 PID 2112 wrote to memory of 4780 2112 39bb54293b.exe 88 PID 2112 wrote to memory of 4780 2112 39bb54293b.exe 88 PID 2112 wrote to memory of 4780 2112 39bb54293b.exe 88 PID 3984 wrote to memory of 1056 3984 axplong.exe 93 PID 3984 wrote to memory of 1056 3984 axplong.exe 93 PID 3984 wrote to memory of 1056 3984 axplong.exe 93 PID 1140 wrote to memory of 4412 1140 msedge.exe 97 PID 1140 wrote to memory of 4412 1140 msedge.exe 97 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 4012 1140 msedge.exe 98 PID 1140 wrote to memory of 1384 1140 msedge.exe 99 PID 1140 wrote to memory of 1384 1140 msedge.exe 99 PID 1140 wrote to memory of 3616 1140 msedge.exe 100 PID 1140 wrote to memory of 3616 1140 msedge.exe 100 PID 1140 wrote to memory of 3616 1140 msedge.exe 100
Processes
-
C:\Windows\system32\sihost.exesihost.exe1⤵PID:2964
-
C:\Windows\SysWOW64\svchost.exe"C:\Windows\System32\svchost.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4780
-
-
C:\Users\Admin\AppData\Local\Temp\a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe"C:\Users\Admin\AppData\Local\Temp\a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3332 -
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe"2⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3984 -
C:\Users\Admin\AppData\Local\Temp\1006974001\43b13d2f8a.exe"C:\Users\Admin\AppData\Local\Temp\1006974001\43b13d2f8a.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2416
-
-
C:\Users\Admin\AppData\Local\Temp\1006975001\39bb54293b.exe"C:\Users\Admin\AppData\Local\Temp\1006975001\39bb54293b.exe"3⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2112 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 5524⤵
- Program crash
PID:3932
-
-
-
C:\Users\Admin\AppData\Local\Temp\1006976001\c4a31b64e7.exe"C:\Users\Admin\AppData\Local\Temp\1006976001\c4a31b64e7.exe"3⤵
- Enumerates VirtualBox registry keys
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1056
-
-
C:\Users\Admin\AppData\Local\Temp\1006977001\03342fd1cd.exe"C:\Users\Admin\AppData\Local\Temp\1006977001\03342fd1cd.exe"3⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4876
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 2112 -ip 21121⤵PID:416
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847182⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:82⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:12⤵PID:2164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵PID:3528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:12⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:12⤵PID:4588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:5172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:12⤵PID:3648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:5488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5936 /prefetch:82⤵PID:6000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵PID:6008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 /prefetch:82⤵PID:5268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4536
-
-
C:\Users\Admin\Downloads\Memz Clean.exe"C:\Users\Admin\Downloads\Memz Clean.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5304 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware3⤵PID:5244
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:1056
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵PID:1596
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:3368
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed3⤵PID:4680
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:4668
-
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:5804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵PID:3000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:1536
-
-
-
C:\Windows\SysWOW64\regedit.exe"C:\Windows\System32\regedit.exe"3⤵
- System Location Discovery: System Language Discovery
- Runs regedit.exe
PID:4852
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:3296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic3⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:3664
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed3⤵PID:228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:5780
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real3⤵PID:1408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:3236
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵PID:6036
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:5852
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system323⤵PID:2404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:4324
-
-
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3324
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵PID:1380
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:2420
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted3⤵PID:1404
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:556
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date3⤵PID:6628
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:6644
-
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
- System Location Discovery: System Language Discovery
PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download3⤵PID:6784
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:3924
-
-
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:1812
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
- System Location Discovery: System Language Discovery
PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵PID:2292
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:5992
-
-
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:6948 -
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:6568
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20163⤵PID:6148
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:6204
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/3⤵PID:5000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:6692
-
-
-
C:\Windows\SysWOW64\control.exe"C:\Windows\System32\control.exe"3⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:6288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real3⤵PID:5824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:5516
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi3⤵PID:6308
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:7104
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection3⤵PID:6556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:6508
-
-
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- System Location Discovery: System Language Discovery
PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus3⤵PID:2528
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:1936
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz3⤵PID:6516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x134,0x138,0x100,0x13c,0x7ff940d846f8,0x7ff940d84708,0x7ff940d847184⤵PID:4912
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:12⤵PID:2924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:12⤵PID:1356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6172 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵PID:5420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:12⤵PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:12⤵PID:1072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:12⤵PID:2528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:12⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:12⤵PID:6112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵PID:796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:12⤵PID:952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:12⤵PID:5320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:12⤵PID:5836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:6080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:12⤵PID:3160
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7448 /prefetch:12⤵PID:5288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:12⤵PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:12⤵PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7708 /prefetch:12⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8160 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:12⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8240 /prefetch:12⤵PID:3076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8564 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8964 /prefetch:12⤵PID:5720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9224 /prefetch:12⤵PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8468 /prefetch:12⤵PID:6704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9348 /prefetch:12⤵PID:6792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9140 /prefetch:12⤵PID:6964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:12⤵PID:7060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7260 /prefetch:12⤵PID:6780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9676 /prefetch:12⤵PID:6336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9592 /prefetch:12⤵PID:7096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:12⤵PID:6280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9908 /prefetch:12⤵PID:6192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8624 /prefetch:12⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:12⤵PID:5432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10172 /prefetch:12⤵PID:6332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10060 /prefetch:12⤵PID:704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10100 /prefetch:12⤵PID:6616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10648 /prefetch:12⤵PID:2568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8692 /prefetch:12⤵PID:6588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10268 /prefetch:12⤵PID:6984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11060 /prefetch:12⤵PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15119224715074264721,2832046033108569945,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10208 /prefetch:12⤵PID:6408
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4208
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4776
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1540
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:5808
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:5820
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:5992
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1120
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵PID:4816
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
PID:4028
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x464 0x3d41⤵
- Suspicious use of AdjustPrivilegeToken
PID:2004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1840
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:4988
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:5816
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:6516
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2904
-
C:\Windows\explorer.exeC:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:6280
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
- System Location Discovery: System Language Discovery
PID:6048
-
C:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exeC:\Users\Admin\AppData\Local\Temp\44111dbc49\axplong.exe1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:6840
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
62KB
MD5c813a1b87f1651d642cdcad5fca7a7d8
SHA10e6628997674a7dfbeb321b59a6e829d0c2f4478
SHA256df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3
SHA512af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b
-
Filesize
67KB
MD569df804d05f8b29a88278b7d582dd279
SHA1d9560905612cf656d5dd0e741172fb4cd9c60688
SHA256b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608
SHA5120ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e
-
Filesize
19KB
MD51bd4ae71ef8e69ad4b5ffd8dc7d2dcb5
SHA16dd8803e59949c985d6a9df2f26c833041a5178c
SHA256af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725
SHA512b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
215KB
MD5d79b35ccf8e6af6714eb612714349097
SHA1eb3ccc9ed29830df42f3fd129951cb8b791aaf98
SHA256c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365
SHA512f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a
-
Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
Filesize
72KB
MD5c861786c0d01072429140231a1801ac0
SHA10acb262c35123c6a716a12b2aa0e7d5f663b9675
SHA256414ebca0b2c0d8afba6c5b6fc8ce632b4c194f3091fc2e655bde2dc01252a660
SHA5129781bdb30b85c0715da582f24ca2d72e4b8e31a4dd6f3399bdac87a12e6d8b024dad48d240201298af31542b750f4a6a1ea1c8bca3d8b3efa94b87dce58e16fa
-
Filesize
262KB
MD5000e8d225fd75c8c9b2ee724ee277a24
SHA1abd96d947a4f5da5314d95f13a1cb29865fd9811
SHA256c74c27ac84d8ad44acbad22080e1ec32c268665795972111f13a79746834adb2
SHA5125b2017b5bff8d34a970a5b9d93101d6c5dae2a04a74402c940e18add9c59ce8607d0f6983d1a8c87f1b905941d595b414391c5f3d2810a41e15f152ae3da5257
-
Filesize
169KB
MD5219784b048058446c34aa5ce0b33377d
SHA192b58b5a752a9b176c506c822e4bdbdcc5c1ca31
SHA2563cf973626cc6fbd7d61a34d2e025c8167e38f489479f4e50bf5504357e89e481
SHA5120dc1c724dfb7a5ca6fa926eae07337afaf7084638081dd36244f11ad6c0a6f0a21709ba8f5ca512e72e45398b275fb5314178dc275b7b01243aff1d5f10faed2
-
Filesize
303KB
MD57497034ad8b39147136d6ac0bbcb8d29
SHA127102a35810dc2c3dfe702f02f96e3d991819122
SHA2562694f9f4db2b4c26002dda1e09c01745b67a8002edcaf098de5abac676dd1b48
SHA512716dfa20ad0198d766348fa4b226d37a9198f9d01981a0439a876a13576f7509e562e97a895ad12313945d652cbd03423afbcd651197def55c572cad695cb2d7
-
Filesize
484KB
MD52606d89ca0777f7baf97c426dcaeefc6
SHA16d587b858563844b0ee4df572ac634ede5cd3752
SHA25677d31c093202739c8fe36e4d8572f05c7f1d7ee3578517674deceed2a3cfb055
SHA512b185c7a02b248526ad1d54bef08769f60f5ba235a28b8860017f4ac0496cc9eb9d92b42cee015a1297452dcd4b42106eb8a740eea30decc444788b96bec81da6
-
Filesize
74KB
MD5702e7c627a65069830c644d3b6328a4a
SHA1ca40c2c840d3571da48b642a5631570a69933125
SHA256bc3a8bffc2cb45226542a0bfedce07fdbe85bef6816ace4a1074da9a36e98a5a
SHA512bbd982c87d0ec32ab63b992f4373c52e27b345da8d17aa71a83e49aa6cc52cec8ab8dd74ac1fdb25949a1207ccd68abbd5c811fb4ee90c2f0750a2de170af835
-
Filesize
57KB
MD557e086a30eb83a3aed1c4a4561a9f3fe
SHA1eaefdfe7adf485aa0fa906d1586cb6ff70ff7309
SHA2567b8f8fa244d2b0dc2455f4bb46c1d5d486d283d6b2c82186b247430ca41a32cc
SHA51291fa8b465d633609515333ec1e5a46003900f9eeb02dcca373612523d12370fff7e1bbcd104706cdc116ceba930e3803f3ce2483ed9cbdef7190c53804254e1a
-
Filesize
108KB
MD55e422b5f578823e36b69e850cf882f20
SHA1d0aed28f8fdc2afb32a875db4c46025feb5dda4e
SHA256383248b1a5b7e0e837db384c6e05aa87cd533e869cd106c6f387d49ee20408d7
SHA51263793b23d92423b9725f66e3c0354d4e7c34974d841dd4e38a64a6b11f2fae8b0eb6a18cb8054ec6e2ef89dac57f1074c24d576bbf9d2ac9b29b7e33310a2bcc
-
Filesize
49KB
MD5b1c446910fa238b9b83c80192998fff6
SHA107b03f9c2dd1333b17c1193b6220b4e6b77115f9
SHA256d55229e346c22979df1e6e2b8914706914b2febc529c153194a7589d2f0f5e71
SHA51229a024aa14e14fdcb2e219bc7b3168f9c0336e521f9b19a96b2a1f8f405bfd0612823da5a5907994ab05ea258a84f91cd095514ad640040f3d40c2c652b098f2
-
Filesize
34KB
MD5a16705b8f4bafaf09c1e7b883060d103
SHA15f5964b17e66ad9addf31bd2077dbbd74ac22563
SHA256e8a3278c509c20f0958b7cda4867df75c6697d97e11af00786ee74a4cb8bc8f0
SHA512ba46a92d3ec7daf870ba6e6a60290eb1f1d5551b32cde803e69b06adcb463044a224dcaca69bef16a527dac965456c680253b7371bbf4bfb4c608b72102dcda2
-
Filesize
33KB
MD553760617f02c0aab60e84d3aee0f47c6
SHA12b75ac736a128df004a0907b3eb62cce401ce7bc
SHA256135282c0f037ae5fa5634779dc2e229dc43881b19627b53930750bb703b5151e
SHA5129e8c071607819ad30447ce72128d235cad926b89fec77f0cffe7c52d21063b3a614e20b1102d95ce3a6e6f6ee8ea3ef525414c68e032e358ac76bd25f56c81bd
-
Filesize
426KB
MD59cdedc510e2de66d23efc57a9e15bca8
SHA18145d8d6525247d7767e2c911e223b1289391228
SHA256658fe8a0161f223e0a1a7f8b5f4af50eed6e9b3471dfc85a03a18570337a515b
SHA512500579a94b57fa1eee303189f083ea56b7e470bc5a4023c08c934aa81cedd44cb2a15394beee293dffdcb3e2834a15745f187d5ec96f783c578882126ecc72f0
-
Filesize
354B
MD533f28245421bce847957644487d21217
SHA1138eba923f7ab95c3c72442a7499b1fdf0b759e3
SHA256ae500cbfd78e7e06636d139fc0d4ea90770cd34dc2a2934dea604bbbc2d481a5
SHA5120a84f1c3189747d106cbb872b6aca0f74b19c6ad611c0a3bad00dca01761b56d6a6d8f373a95cfacec2886ffe5232908dd3dbfe3f07a5957c35564cb76158dc8
-
Filesize
252KB
MD55d5015420a632d9b5ef77fba7ae27048
SHA1133ced84bf472130a965c38f0d756e038a45bc17
SHA25639fd57325b37fec9f2669ee96ac7c5d429312dd84c6b4b426e612c2549a4880a
SHA5124a4d58983049e5b1dfbc5526d470665460efbaf11e21bed085b9257f44d501f1e71661f54a2e992013b27dc791bb84033ed1e18925c1ab2e48a9b2a764a7e1c1
-
Filesize
19KB
MD522da2bcbebd4aaf649b75947c53bab75
SHA1fece19e1307176b01d81a2d320ff3e40b71c9d81
SHA256499b174e4e57b4b4ce6adc4d196625cd9554b72eaada8c8bbc9e91ca33061c33
SHA512a556bf245ecb90c33d47b4f9dadb11c65117ea5906823360892d8b1707d9267003f05450d477dc2095ed0a89daabd279af0f971609be613e8211e95e864fe45b
-
Filesize
288B
MD5ce3baea83551f0224119aa14c6c74dc9
SHA1c6e2f074258696480870380db1e198297fef9719
SHA2561b425b7e1e325547bbd1add4995337363d4886a6e528766c583efa446c0d13cd
SHA5120ae5826fb565ddb2262dc284db5b40924637bccac4722dbb3ae92a58c7fcad69117da821850305232a8f71ac6323deb4c94f73caffd5d3f0c5dbaad0c0749125
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD58d184f634e86a74b919ee6c349965646
SHA1f27a8d8feb26db507c8d14bec620151388a4f7ca
SHA2564a21bd33caf1be1ccbe47511c1a1473785ef9a9c02273d29facbd4454f5f5034
SHA5126da7b92bc8e2dbfb52a347089c55f22ae8d09bd94f34f52b2ea892bfa722b9c9d7be84518f3ae7200625a6fbafc499255824a2779d85d65e350f289e6ce162fa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD58b9b93db444e10c3345744a966d961ad
SHA1d5e88a12806a477078cc709d43eb389974d16e9c
SHA25613587975903a83247fdf388c73b7009a85c444cfc692717d106d11d998b937e8
SHA512de21962cdde67a802b1a40db7de195b2642147e6b0dca3d2c23fc1c22e716c00c46f5b86b26000d14e6af04cfe0af749f1aa8fd3ce377bda9bab839b94a0e62f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD557a983b6943e63fbb2ebb268ebb4b1ff
SHA1e0f667d8aae4811fdf95158edd689a73768db596
SHA25628e6a7276b8f94e5a8383cc63e289a57f40d13d6efbf65351f01c519f97b654e
SHA512b26cbc61b87e21d9970497de9bfabc5107351fab4fc5813417924cbf69b43f60738a11888d704342efddd9d3c59ad8dca64c3cba30b75de4f6e1c93b2bea17c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD591206f258b841024d12d10cb83e97352
SHA1a9610866b24fbbcb60185f591bfccef884dae714
SHA256de641dc8540126a897b63420a0b074a545152cc6d3411deef0d84c04a2ce775c
SHA5126a5ea0b809d1ca498653ddd80a4feab044934765157151c086fed97959c626e0709be20018a3398b7e5633a3895ecaaf35e77bd2125ccff5d4757c7aa33db60e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5522986663c7ea5f4a87f269153d2f192
SHA15541fad2502607d1978e06179ec0c501c920be74
SHA2561d770a0b07cf5743014211b5a0ef5e6fce10e3afbebe80292aad02acedd4ae6f
SHA51257786e01b4c73acbb434f0d37925b7d68c9688c12fa9417db69b0105d1d8dc868be9d747c102456a4c0e8e9711671caa6e6c2c56430ff9a4d12a122afeeca108
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5872dd02a09ed99b33910c55524daa9ce
SHA16ffefef67df43231db3655d42aa3098a8601cf62
SHA256cec8f0016f386d40ae46d69d9df4696daf03e28058f2f6a80b215f022fa2a778
SHA5125308e0cacd57df10ce65fe52a53d8024a1a7ff83601437fedc89a4ebd9b4f6a1a739f997094f12f4599786486e49a0cde0f911975005acf0e61c0e714aed8aef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5cda60b82f0d2f42955d2a8550a47365a
SHA1e8873a9c4ee49569d52d25f013fef44a067d8843
SHA2563dbc67ef2c3947d32b4198a10027da3d666c1b69f0e6b0e19c02e60266fc07a7
SHA512d0f5d860a8651c57b43018f2a3cdbadb1c925588a46ccae322a46887bde9c1ec5727e59ea0529dd1469634b424700b1024e31d0c80b057cf8d486f3ea3d5e392
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5417e0a36f305f7f66c2ebb0b4555974b
SHA11f3c196b392c9b1ddd0e64431d08146f267ec647
SHA256b2e8ddc477db45929f4d11db9a061ed504591d4b5d1084640a3cf7c0053f408e
SHA5128cee032d37467ead72696299f0de2dc8f80232a2dc9b4a9a06da2fa21be9458f5e8ce8e9fde638663c94026617d640eeb7a973c5599509c7a0fc3d8ba1e78907
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD57a31e9bbfd2cec78cabe17a1f7efbdd8
SHA14d4b67474370da93f4733695a073b8fa08a66494
SHA256bd434eb6f45c4b74cfefa22602e8704d91df494a60f57e0ea44bc91aeacb83dc
SHA5120bef04d430aa0b1b2281e83576f46cdb9b2f66bf62c63fb68c93e6048b09920265c5929cc301f5b9960f6ab1aac01b338efd88df3dbd2d07664d0a672c72bb12
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD5af4e7dde3bf869349be158ebd789322a
SHA12d60db62e7420fe3f867b35dbeb4c59717605464
SHA256cf5d5c67f6966f1ecc4bf80a3f4c43b1a2b4ef02100c0715750b67e48509960c
SHA51218ac032bf572ce2450b9dca396a3265777adf27e357479a3c9200a228da3ffc26c257eee55526d3ce59cbab34cddf8fe97ddf9f59d932c361a03971014b7ea35
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD538c4c621c47706b48e3004e1063bd669
SHA11e652659db64b5ddb5adf2cfc73e85dfa4f68358
SHA2569fabcecc5a5f783ff3689c000d84bb4ad5866f5118e2dcc95db44f9d6594c0d4
SHA51207be384fc97fbddfd82aecaea488cddbe3e3cfe476f087db12351c1164d08aacc88742413e86d83e929477bbe0a081175e9df36cf643f9ab13efb3ba4e9e46b7
-
Filesize
8KB
MD5bc4aae0ec32f926125f0f4731ef4eae8
SHA14ea4e25e006c67f544a9ae6f0e4f6b08c9aed0df
SHA2563e431f25a4093f67f17853ed0a087c73515c08a824266f20472fd1989e2e6732
SHA512316569bfffe9bb12b628575a81df7366231310d024c0f068a14bfe98f78a0e08b22c912d8da6eafa4958f142ca65917fd7119a98cefc33fa6152773989db1e0d
-
Filesize
1KB
MD59d0a10badb36ddb01cb1f49ff126fc7c
SHA1ad8d05f932ddf9b98a0936b0d4e5a6748196c51e
SHA256bc2c1745d656ad536a176e226b399dce477080518b1e4e24e9089476cf686c54
SHA512eb7f3990f2f3eb1ba15eeec6640f42c9c169f2b9c1f7c722f9bb2376781e4cc9a29cdb661bbb6d94aacfe29cac54b1b184f641a3db810692344e508b1e760461
-
Filesize
2KB
MD5b3f7b42b6c06cde47560a932b3b8bc83
SHA1e12f4dfce509b8cec438e0eaaad034687f94cfd0
SHA2561b39b27477b01fa7eb48754b4396d7cdee6f382bda5e8a505ba8e11c4b431795
SHA512498daf974974ee03fff772ee91759357245046b8530b32d1a2d7bbff471186234ca06bf513de6c0ee4d65fa6b246b1c1eff561018fd8dd2c463f8a43e72d855f
-
Filesize
3KB
MD547302dd330ea87065842c1b4a09d960c
SHA17080a4b7dd4dbdf32f77696095681072d8e2254e
SHA256b65e5deb3e595be96b7ec2d888ed4acaa0c8bee1bcfd2202dc217fdc7f02ddd2
SHA5123e06d33a93726bdc3f00addce7634069384ad87be7297be18035a9dd7cbee9e7e284dba821f6434c6656e75878a72a16e71fa6ee439fced7207eb813b5e8d9d5
-
Filesize
1KB
MD5e193ccc38cd4e2c28e9eb85da9610237
SHA1ff56d4165bde7205000e8136270efe4ebc5291ed
SHA2569fe15f51d0a30d81da76250d25cd90a924db19bede72521201eda0e3a5ec19ed
SHA51245970a634f2a91d187f60801cc8a20ea074b129e14c225893c600175aeacd1a70539cf83050e4e7b7c49d10acf4c761c87bc6a5fcf160f58112348683c97b139
-
Filesize
9KB
MD516b306c5fb8090f431a4cc21c5321773
SHA17ba37083475a58767135db42c842307acb0c5d9c
SHA2560738230444fe1e74b6b2610fd72b11dbfe6113df9f5915ac57da9475c7a4e8c4
SHA5123818a2114817cce397f7b474d92ae45e408488c2af07c57e55dc5c9a56fdd4e5a01f98cfbd9cbb0ff9500e81c8f72996941dfdb45e6795d8a4fd5d6b0d9b43ff
-
Filesize
11KB
MD5b779b18319871d553dffb2bfe6a7c972
SHA1904f12f08696b518793477741d186cda98bf138f
SHA2566d0f347517cf544b915d7d13df6cde3d7d5247536de3cb0ccde0744a6fbda2c5
SHA512ccc1573befad86a2151cb520162ef92f4903baf016d989a90f34f942b2acbc021e6a19bee66bff6bcd08c9a7a06d63a7e5a93e893c2092e3d73b84237fe06d85
-
Filesize
11KB
MD5c4f48992920aa0afa1bb72a2191a2c5a
SHA1d3478b30fa1a373b0d732dd7c3c5d811b73ca008
SHA256389704564cea311101bebc40667751f4d336c1608fcefd553b4e94748c0d99ad
SHA51258a276dab90481f052f45bc5ba55a423459d8f907d881eaf0355e38a796a00b18d18ac4f57782dbc8199e43b423e63ab8d3e1c7a45ce44920db4b57e299bb619
-
Filesize
5KB
MD59580be4b4df2e5cc003a409c29ae36f7
SHA16af4cc10982b4217d5ba9e0be7bcb71878091f33
SHA256135d5141f7d3e0e9bd2d801b0bc67f4521ce37cc0d7082319d96feade55403bb
SHA512058eb66e3c57e0905f8fed192391f884681b14d780603db681290adffd410d733b6674b12d1d1253c883d8f1c4e6494ec4f5eda555c9da9ba8a962d1ce374889
-
Filesize
6KB
MD57849f3713bc76f5870fb4b4ec0f982e9
SHA1cb1da8b9dce13b3c0eccddad7989adca5ea296ca
SHA256108be14d1947a16701933fb31fcd7d7bc4e2df55af410eadae392af9aab285ea
SHA51226dd7359da7ba1597a1e7d37001cf93432ba06237ff4074160de321f86cac9e7cd22831ed83abc9edf8d2d7197b57ba172bf6909024a8b7ea0ae84f880aeb78b
-
Filesize
7KB
MD5b37879a274930e572ba3fbf16c5cf4da
SHA171c9bcc4af4a548e59d23f0336f363de6ed95a23
SHA2561cfc445d980826c7df056eb3c65876161425ede24837b48e73b7c99ee009c1ec
SHA512d20c53c3466f6b0983f577e455696c2e31a138a37d7a55244d4ba766fe578dcff1b88d13d3e49a1b251fdd2770da1d1019e91ac591c91fe217226ea23243ac76
-
Filesize
7KB
MD5d7102b6e13b7a705b543122c5c3220c4
SHA1e9bf27576847bf90052b78eaaa98ba4abb25d32e
SHA256417d7815bb8e6a2788eeebb32a0c8b31115781ac651a6319fed5ccc623fbb173
SHA512fc55208adc7d76a4cffd341cae8a8617028a7fa7ee121455e6b968ce601391fb03f318e0c7519e7807adabe686a7932aa6cc45f490c85f83146e15d560095c03
-
Filesize
8KB
MD5901a6b753a7fc4f9d7a2c6b164c73735
SHA1728378267178f07d56894e0edc4c01f93e992b83
SHA2568f79b97d60afd86f760d0e093453165208c7ef7eccbe6d2cf6692eadb6c657d4
SHA512c7b936b927f9346d4bd3bce3e0756e9f2f928881a83b98a6fd93d71ea1e5d087ffb2f58bb3e9490480dee292127265b07628310c25bcb232c3f4f394614b13c0
-
Filesize
8KB
MD57161bdadcc8baa4e108bd2927ddcd16e
SHA14da3fe521872dbda3421de7c05a3518dd74ef246
SHA2568634e8d897ec9589e4d3641ee720eb33f9ac598a88a4ad37f470669ae58ce82a
SHA512ab0b13a9ff5d44bca6d96463d1bfe13ee763b1d849fbb1acf40be1de20438935f3b39eb20badc6be7efe6bdaa33e9e6c46ab59852c78fb6a947552826974067b
-
Filesize
11KB
MD5c2f919293d4d5d356d5d8da592b6c999
SHA1de7d87b88fc4bafbdd2dd6499165b6c12d9ef028
SHA2561398aaf62483c3fe554112d302d23cd793794b56c936a224ddb396f357ac2e40
SHA512c2a9d19e86b60dd50141cfd04783c8f1692054fb0eaae90ddbd139c8ac589334c895467297243ab866e98dc7f782ea6281584dfe0ae8365cc5a3aae7accaa4d5
-
Filesize
13KB
MD520fa4e04a71f9ed3242536036afe4895
SHA1e8b5f4b0c6fc1d3f28a220a5c1fc2a243e88c04d
SHA2561c791618f80d4a2b8d318a87fb048085fe42eda16655ec0e3d7a26253d275b4d
SHA512c1fb8f3ea03279b26be433ac63dce0b515aa232f6c5561748d13f3e80460e68148145bc5afe516c4d9e84d603b08d13f287df239e9b53b06f9431c28add46b3d
-
Filesize
7KB
MD519d16dcc63b992768c631ea63d82b98f
SHA12a498e9b173f76c727472eb1e77cafd1bff28e63
SHA2564e064921a9ee0c4a470594aba610399d229381ec3f9b15593dc79e4db0e8dd4d
SHA5126fb5e16c967471f9f889c0c9d222e3b0d45c670f9c595295b5d68f29a8fd523db5a24a94e52eff62812367f5eb132d53ecf43edf20ac7af5926df16bf8c91bb3
-
Filesize
8KB
MD5c8e5260031530a8915d3f0d6963690fd
SHA1860c22d4a1eb91763813461bd8583f5fb034ab8e
SHA256bc8e81354916bbd0fbc5077ac0f93ec8a6ce2d5964bae2a4146f9d40df34c7ac
SHA512941b5cf6020569e659ad7a4725f13bb29e024fea6c9d635b0a159d65745a6427615458c1380b85cf6735d2077bc6a6235df50bf472969e0685fd01477501becb
-
Filesize
8KB
MD5fd8c62c8dba35b11c17c16e40f94092f
SHA1b0a897b0a24353ed413764334080f41f3a91cb46
SHA256af8ffd803a532acfc1ef030904b7ae5e83bfd08306579d616a44c206fb657450
SHA512e64abe72f6ed660cc0ea4e48f50963375473e57519210a4da34f9629ca2c560123703b1696219837a4484ebd09012d769779caecbbb208da5d4e50eccdc2d0b0
-
Filesize
8KB
MD5e75ae48eec440673623495b1106cc104
SHA197c5689b4aef00f7e56490407df44a0e39739c3f
SHA256ec591472fc4ba1eaf2e2735b85ae7eaab1e272fefd301cd2333856aca0a593f7
SHA5129b53459f2b51ca6150132b2b453263684a60c90cbbdbd42dd0e6e03ca0369e7865d2cb21aa3a9c896c9de554258a7f36d4788aebe0e12a7c6e2127caa90571e7
-
Filesize
13KB
MD562b58b73e06a515e00bf94171d8f13b2
SHA13f8a13e08509b341df85fa97abfc8004fba89498
SHA2562113614cc3c86744df79377bdeb24f1318d4d4a8bc5e702f050c3b5c9596020e
SHA5128229a4778472fe9a7ba6db794ecaa025883d22f112a84d476bb497df8577242887bb07837750c58e86f1522f1b3b480582aa5e0708631d82bec606b2f167bd5b
-
Filesize
13KB
MD5c295b80cf99a78750a725805ec510455
SHA1ef811b275cc97533880b2d5e520cc07a7cf505b4
SHA256cb76bbaf864ff3800b4f1ba62557492cd1668dfdc3b67b195caf9ea4542690e6
SHA51282cad32687984e61c9414e19d2711b2a84bc9d23ae338e64a0db0b5913ae9eb7795927dcb4e7f8147577e49bba6b5261b612a096ec86ab90baf5465397ffda44
-
Filesize
6KB
MD5d115661e9223333802f43c5501b152f5
SHA1f56c830536b16b220db1b0e523755a36d52bd180
SHA256f1584fa3fe86365390847d370e88e8b9f84a7ce35ab7b8b009dc4a64c99264eb
SHA51207d42a20c61e35d466877b4fc6027dabb3c1c5f4803b212ea24bf5fb46c48df014fce926607afd46cddd0ceab879343c6339f5147643aac9ef6cf81ab847d0b4
-
Filesize
8KB
MD5ee33c99b1ca625aa09d09ad269c69a78
SHA16cac55f0ca0b4b9a7b73428226b2d31f128cd22e
SHA256f32bc17bcdfe98c4f42c70d6a85cf515a81157990b9ad092e653bd786c9893d4
SHA512380fcb549e29cd9b3c366111a5d1c5837b023ed9ace2300457e7b22e0423ce715e3dbf5e7834e1bda1fefc4f65d3257d4e13a03afaed993590b51e0a3dd5095c
-
Filesize
13KB
MD5d5bff8bf54dddafdef4789826e17c3b3
SHA190784f63be8a17e00e615b7d7d1af3acfcc664cc
SHA256acafb0dfd65755c05d67e3724aedb7f20b56d41f20713391b0ef71f99bf66022
SHA512eb8104bb1a3aca10b5be1098a99dc6c03fd3d1212617d4e4536b18f6f6e0b06c39342b071f1f75c29a928089c260a77518540cbb03d4f8aea96a25da1438b71c
-
Filesize
6KB
MD566647db99fd2052fd922e7c6a2269dd9
SHA149e5a767881e94b6229df57cc08622a00e99cd3a
SHA256a6f2e74ba249c0491b4f50bd3ca56157905ca8b6be3ef3df004373770a7e4d42
SHA512909d146d73a236d9c45928d82a8964041385e8dc5df48e0fc57c8fdf1a4f89c825129c9a453e2b90f038d7f994b81765a8083bb3c49c5f64f5151868b10bbd51
-
Filesize
11KB
MD532897f4e7b2cafd6cdce0e1891c89889
SHA128016ec0ab2ff0486d3336531ae4ed48f54053d6
SHA2562a5ee62ae9e216e278699af0813f8d24fafc9b6b2e6c73ce008430e226329d70
SHA512bef7405f628e4aa1108f43e00078ca6f500ecc8fe9b8e2dd0ca830292b16bfa9e43edd939c96dd6f132f4662e797ccc36df17ecf996b960f67572809a73c2fb8
-
Filesize
11KB
MD55192fecdaf432aac7cc2f9a42bd578f1
SHA1db3113e60222b5e2b52b898ee6818a3a0c6a3ee9
SHA256dc74217cebdbd0b0b4ffd44ba20b844b43dcff22fd23899d1d664fa4e66e28b5
SHA512099c4d420697d2e7d21d37ffc56d4df1a5298fc9cd3d0d9399792fe10a43125f5aa9ee0be52bbe0b40cc3fae9add13925de4969535d0e3d00b3a3a7a6c8ccbec
-
Filesize
13KB
MD5582a7a79a0dded894d54f80e87f177c8
SHA1b4ed0850fc2892e9d3d6550c381be66e047e416e
SHA256bd50d05cff96e1c95acc7afc1acd36feac9d5461b11cba81d7504124a3d32a70
SHA5122a8bae6ebde28493c96267f778f7686b43e7a823bd805f0344bbeecf760177fc57055ca41aeeb1ffbfc9625ebd31fc9b8fade32e7c8a3d96ae8f0d9206bd1a45
-
Filesize
6KB
MD54a9dbf92ab4788df5534ace1313ec0e6
SHA198841d8f61aed9f8c6119676a94d471f82a5ee65
SHA256f90d0d75389b6bfa88839d90f886c1ed6615789a40f710bde743f153aa5285ca
SHA512b392920576fda0489907317c96f4870a3a5266c0ece474d1096386ddb78da211c557b0c08266b6af5e0ffb9848bcaf40c98cd0f43a52c92f3fdf3805045bd19c
-
Filesize
13KB
MD509a2282acc90d88d9959a3e5776bfeba
SHA180ef0c0c68ea49b25aa05250819561559c91db75
SHA2563a343bad4aaf28ddfed2dc6c4e45c5a7f01feb8b55992b296bbaf8cb86ec1aca
SHA512e43b834471aa79d0ee603a6603af24f0a1051ca26f465d46f77af8e9ab86374da6e1a2a0f37aa2be4e1989461e746d7ed45067317d1dea90256a64cbaf1f059f
-
Filesize
11KB
MD5d42cde59b37ae84daba7fae6d22646f7
SHA12ab36e2d76cb5161def48c33be84dca7f2b92d07
SHA256ca7db9415b164599cc8e787715e94b053db2d2ce5fd26279f506f66d38b525da
SHA512d16a9d12ebc23029adb3a62f4b985c6fc37d6a152cab248a4b86bfcfa946a1490d1943a3c7722e94f5d786d47376a1505d9911a35f2644d4628c1e949a400f43
-
Filesize
8KB
MD5196d2dcf1ca36f57e00ff7b2de9ba057
SHA174239bd137f66cdb17a4d45d0bfa9eb696916bb4
SHA2563d4516619bbbc2176e48fafda188f4dbac94f88a39129bcca25c228c9e46e847
SHA512ca7df1e2e1939ab62e3d6fc1f3fce062e2a844cd8b4ddf8dab852d3a4472071609a0c65f2b4c89285e98a363a781ae765fd65fd4d3acc9f316c21c77d185e946
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize26B
MD52892eee3e20e19a9ba77be6913508a54
SHA17c4ef82faa28393c739c517d706ac6919a8ffc49
SHA2564f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD552d1a02941c064cf6ebcfec56dca405f
SHA1ec702497423d57bceb9a7ad73fe1c8d3de49253e
SHA256fe4e9e17592150d6a6872987a857d619bb2715c2beac343dba5c285d99866140
SHA5121b8d8a04e45641133b74a686c465382b9be079f47ebc2b43846a8b15b23875fc1fa9e52c6c01980b72948c938db5daf6ff6eeebd6680c9fa10ab85ed6db5b7c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD5bcfb8e91dd84dcd317ddf28d49a52d76
SHA1b299da27186570f4a9c7a0cc0c029fb904ee58b0
SHA256f2b15cfb6711419b3f883116586c85d36819680af7918b5904fa01e8a9d31666
SHA512c97a1256e07287ec289bc38f81d51aceca4739d404516aa8e294caffb12f5bd931afa49bfa56dfc623f638e27341ba7e868cee759878defafc56d17cba600380
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD56f5a84499cfe684e2ec56e452b184446
SHA1f995f30240432bc3556215d4a53cde2aae382db0
SHA256976834d590a784c690d0aa49c04a0c6acadaa61fa6579f0aba61f9712ccc70b9
SHA51286d97069ce617f3c0bfd507eb13f758d20c7c9e54748d54c6d6859665b118878fb1ff25461f92c505d4a614c3eeb20c4c1692b68dddc39e4a816e5d12b2e948d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5cf9d8.TMP
Filesize90B
MD5c8e1ae7f2d1c7f5470d79c1732170792
SHA1ff2cacdbc4f25d19f2f0c38128e9b5fec7ce4312
SHA2569b443c794c55a163990344fb5ad91eaabbd3b4338cde2d891d98dc2aaae65a1b
SHA512eb0486db89470b7e68649f78c4ac857c8b40debc3e4cf4947ba3350701d2f64d7af78cf41393d26bd68bce1e3fa97e8700336bec3933ed0562b12317c94f4bd5
-
Filesize
3KB
MD5431307874ea71f5cfd7b0d7e127197a7
SHA1f89e484dd5f8ed72a8d08820660f07ee97d5c490
SHA2567b4e678923aacd62f9d580cc30e35d09526f8d065587f96e55e31994f7626c0a
SHA5121a853be8c92f2baa54c8d8e4ce420fb83b5eb9bcd778495c275b07bcbcccb7c4f77b421f541136ce2c764162ef5bcb6e382bdf95c465c350ea3d5e204de5b37e
-
Filesize
1KB
MD5e0f4781213dcfbcd874ed196e13b742f
SHA18abcce0e5935977960b249d4f75a99c774f64005
SHA2565d5fc1b55180d23e545743a6e22af7ee1b54af7f0b7f45144a390c593ed178de
SHA512e26d1f2cd4621621b691b83f02ed8da1b2d05f0c4ab65f36d75746dd69a4856383c900f334ad60457ac0097197acacb434adc5726a0644ac6bc9a2521a5e97d0
-
Filesize
1KB
MD576d568d9f0cfb88c9152848342004bfd
SHA17663ca1b787c773b5423f2398e6aa9b581c8b2b1
SHA2566d8c29645103a0c5c1116e1f07079beb7f66806970a4997fc7f25c0aa477b0e6
SHA512b0d076be4775bbd6ba098420ff293ecb9f66838ced1c38d6fcfbac8b19712c893982ed2eb1b79a3851476b556ae156de556ab816a2019fd3587e94f679acae8a
-
Filesize
1KB
MD5bfe963367bd11ada44cdb52478e91f01
SHA15305af4b5ce227a69199fa8a41f74b9757bcab6f
SHA25655577ebf648b27d3c3dbe0045a05ba2db225c679e307f62c4610240bb490bb7e
SHA5127b8fe1dbe6e0ec48b7ed68d8e29bea477ff5c093137292a4f34cd91259e1c4e1307f49b7ab76a1e71b44d83025df1a7dee9b22f2a4c192ce8202456b141b400c
-
Filesize
1KB
MD5be0aa99c49a07c2dc752ac38ae667204
SHA138ca86b577ca8b39ddb3c6306a4429cb0628f3a3
SHA256caa59181548c773cbea3b4cf36539b8a18dd3209ab5457cc6744ae0eb973bc9c
SHA5129562079f3f7ea1d241c10ce676d2c771f0fe02acc3b32ddea5195f8b0d60feb7b198dcef4e2a60e95c132df05b718e7217c9446fb99b52f59a062b097471919c
-
Filesize
1KB
MD5f42748660ae031dde2125aff20991750
SHA1ecd44c2a383e9fd839768759868989f687cb1be3
SHA25606b7fb18cea9326f503f222ed46e17692650a9936b5b6360007b51fd5ff2dc43
SHA5123178fcd4156d5e7068207af0b729eb971898cec20e6d4eb54c4b7ba47c73b0ac991c9b86cc9dce3d87995f2083fcacaa0e27bebd5a2db50814febf2ad9f31c69
-
Filesize
1KB
MD52892fe0a6d687875e78ef50d234cb0be
SHA18f358c8205ad0b185be27873d38e7f7863e8c571
SHA2567269981f789ef5fb054ea6b9dfce97d5e18998479fa293c8bdde763ec6bf978f
SHA512590c8c34f001d115a2a2b404aec182a2d0e914b7ce5d4a29b765a393c9876929248876b0e0d88fab61ff6a831a6ecb9c001c1865fe8c4fdeca419421b1ee8b3c
-
Filesize
2KB
MD56964e7f425601a3a7b876706b3edd242
SHA166fb71aa6c7fb75a13891899090f8f3a672f25c9
SHA2567c49219ebef6f6306d76533558e83e9ba2bc3d8623afed4eeece6dab26cce3b9
SHA512cbd94f0c503706cfaf6bed6a12e3c2cad16f2a5736b2a86d03f8fb15d15fb2386f8539029cc3606ae331a0e2b58a62596476352e0f9ed4e41e3a51544d2fe81b
-
Filesize
1KB
MD5c25fdb088f7b4b1fb5af6fc886e09edf
SHA120ff24d7458b5f77ec71344cfc207ade523bd227
SHA25664e1ba2eb457a9a17a5cf174417a77563239e894a4c6c612c075d4e6cb75d653
SHA512a4d64e42973031be4f4b370d0c5220c5702a195bbe48fb60d5abc9ec8252924af112420f8b0d29ad8db2a158984509510667c846ec640ea09a414991f7d21f18
-
Filesize
1KB
MD58b9ff0ff203692b1df4f12a107076cc7
SHA1a1250b0a583e0ffa249431f41ec5feac694d698c
SHA256200a0ecbaecef31b9632c64ace7b1c9ad53aff062fc8dacac0d015e1be382006
SHA512c55ec20c0aa0b58cf25090fb2938f8e213c639b984e86d1ae3e10c2e9eb1a9342def5614b81c3b6f4ae73e3765ce01b176c648b1493a5275a1328848331447c8
-
Filesize
1KB
MD5ae4e77b08f1ac0dfc207d4923c3e944d
SHA196141f492ae6be3df108f6b3eeab042c9ce87ce7
SHA256ce39fa928f17b12470c2adf8939e3b2bb5fa9a546c97db55418c0da4028f9ec8
SHA512b98aa369baa7e429be02ba5f87513640486522c288f45a1d51047b1ec28278d14d702813a9d5bc5db22040de4d82c200005d121107fc8e608cfbc22e462d8c16
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5ba2b00456919b3117c6c653e2e151dd7
SHA13e09d4aa240cb5de38a7231454f2e58e9b7a5521
SHA2566c27879479465549e5521e74f89d27c062a4c293246add7003dbe030584b103b
SHA5129b40abba66a7c9f97ad55016d1354890fba17ab7709c91024c2dc423274dc930fdb73bf1b0d6815d3427b5ee43fab4846a8590c0311532c35fca8417ac3c1f20
-
Filesize
11KB
MD51a627c9ff8051e49701a688d98d8e5bb
SHA17910f5d30c4c820b6fa8bac0d5aaa1ecd8cf0397
SHA256f4d326cd87a5d990ec5e30efc9470efc0cc47ebf5a866f446edca345c83d9cbc
SHA512f8eb0086dd5c73ba54da6536362a9a04a34e1c850c61686719271108aa30a1e6b78b8b85c5ea3b11cf48cb73c5fa5e559093479215ac896497169930fc155a3e
-
Filesize
10KB
MD59db867137c7eecf4116522278a18ba5a
SHA1a298e5fbf2fd6110a38b500a4330af1c78116487
SHA25623125f6f10f448c36052d323bacf0bf57dff67f1c20a9e4c87290be34f0fe5a2
SHA512a0f2d1f925e519b8a7b862b4bf9b9ccca2204ddadde874ebba9a05f0aaf30dfbc00c3d62c20ec1367b5ae5a330b136c2d369b6df4a96bc805b07a9287413d32f
-
Filesize
11KB
MD51237aa002761d4654a76ca21812349b4
SHA1442b0437bd3db7ac5433160ac0ec961a01db6a6c
SHA2563e7a976e218e62978fc1e06de962703bc54624d530e9a201ac22a746ca80b9de
SHA512726f3dae85fb2713f069b29ff8d1170bb720faf329e60e6ec7fdc51ad97dc3364c2db6d06794725b63756dc0e0827ee16a70ee4560fb12403830d8ed160c9837
-
Filesize
11KB
MD5467046dd070021857aa7f5a4c2ef26ee
SHA154ff7178a2a2e18c638f1491fe4a755a36828ce4
SHA256160c998703c0cde73826706eda5433cc71b72b89eece323170bdb9159841fe54
SHA512bbb5aa9f5353139ac73026d529bedbc1ccaa739363ad78194b198b80ffb2d257d5ae90b67b7ea531686af4633732a0007000c57ed7c4506131b51b8a1370ed37
-
Filesize
11KB
MD5668342ce25640248eb0babb143f14df5
SHA14be1af6212649eba339e60032a345dd7fb9e3f06
SHA256ce0c7985bcdf70d2a1babc0f3b5f488984ad244a79daa046a0a3acc3ec3c770a
SHA512047cee9ad3ff1bc5bcfa1689bcc2c0b218c327f31abccd71750867478a5cda4b2bc7aabeec99be26a2d30d847b87cf687c59c89632ba17bfed46c3d6a3d7cbea
-
Filesize
11KB
MD5d2b4cf46901bd3e5ce43a8a9bcaa0b6f
SHA1a49611ccb76ea6d63cbce23574f4e30a03575eac
SHA256560db24baf5f6315501a7a948673dee0c7063b46e2ccb1cb6a541d5d931c5931
SHA5120672baadd92b4beb53b585c8a610b9278190ae679f8fe6fafcbd542b9f1b9e1d70e280efae12d2577f137ccb1fac5ae0e6a7b37aa4ff1c246372fa8e3367f74a
-
Filesize
11KB
MD5fc9ac891b84ce9492d8ef0237d78d41f
SHA1fe6111b7442e2c0d5dc06b3a62b1d89c3749e936
SHA25666e86931fdcbe36763e73b13fc0cdc5130939222f947570ca8007b3ee51c47ea
SHA51242081e7cd87e82729e6542ade9443207f8f96d8c0a806e7c689c2820b277ba4b5f36ac4ccabd57f9d6fe31a7d2d8073897be34822d1dba7373bb80f3dc299b1a
-
Filesize
11KB
MD5b74a4b0838a2869eeb23fa221d7939d7
SHA16b10d3a9451a4d94510fe02d072b46f26d828a96
SHA256ae3163938e9d88fbf57eaba82ca31426ee36625f8640ce12165efe5f7822c2b1
SHA51290f491ff9fa7451ce71d671270105091a2088290501255ec2184f38c9d0ae29416e1f4a2afe79a0f668170c92dafdb6329555a8286f36ff05504064bf3b8e9ae
-
Filesize
2.7MB
MD5bf86f8d222211b376dd5c074cc460bed
SHA1ad9dbcde657a50e42e6568e4fe8936c7c64e7cd6
SHA25642b46b32f29bec629e50f10ab57342bb3c01e99c263f0760664bd4f9a8d8fb1d
SHA512ad8069050c837bae46e6f6505dd47081643c4caf01d0a6f35193d188e6935b4071cdc28f53213564eca76853fed35163aee3dadf343d1e9f4f05adf055230c8a
-
Filesize
1.9MB
MD598424af4cf040b8ecd7786db97b10926
SHA1938327c7f460914fb7cd12b6a27215d1b7bf8542
SHA25611acb38969b7a96133ffa40b3a2f34cdb0e4cf374a51c2ca1166bb28d44af8e1
SHA512cb508d4b13eb9944d3adafa2df17b4e84bbaa18eeab0119c31a6f6ee4c4765427432c26a638838e665cf6a9f1d1075b567555cc7f7a5169632f9c28552509286
-
Filesize
4.2MB
MD5a3a9797a4b0ce1f732874b14ebe4be70
SHA1e60e69c699bbcafb2da2fee4edc79767c422cbc3
SHA256fed379542f4f9612075be78489e29523ff3c2cff2f218d228578bf05f11a07cb
SHA512540184220d9142bc8878a70d505079f8f341670ead8b5dcad1232a43239b160a5cd499344b2be73fed3173feae7901c016ea89a28cac06776564664526bb3181
-
Filesize
4.2MB
MD577a19a5113dd28b67356026da711a4ea
SHA1f478578d420c0e9e29abb9dbe4e9129acd4e4cae
SHA2560067ff4551c88e3dfd0edb4aa3d4eaea61a93e188d5e5dabd0a76a82eaa0c634
SHA512e58789664e88d81d18c0785c4313d7a2c2c0dbf6d6e9520bd5986dfbb4b4c75503b35cf376aaf0257af309cceb1b753c231828db02b9c3b570663f71d4b4e8ae
-
Filesize
2.9MB
MD5ec45b3daf2d1998ec51ac32dd73e4353
SHA1e8f3624436c443853cd19dc4e590104130a59494
SHA256a9931d149b64d51f7743f410844d22ed049db4f5be2798f8a5511ecc279be0c3
SHA5128c127c3eeeb3fedbee970453d487e5bc69da5727d8d144a657ed2842718b79c680b4138a0f1c294fce4c12105018f36c86437af67734000f24d12016359388f9
-
Filesize
12KB
MD59c642c5b111ee85a6bccffc7af896a51
SHA1eca8571b994fd40e2018f48c214fab6472a98bab
SHA2564bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA51223cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c