Resubmissions
15/05/2025, 12:20
250515-ph86xagj5w 1015/05/2025, 12:18
250515-pg217swxfs 815/05/2025, 12:17
250515-pf8glavqx2 10Analysis
-
max time kernel
103s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20250502-en -
resource tags
arch:x64arch:x86image:win10v2004-20250502-enlocale:en-usos:windows10-2004-x64system -
submitted
15/05/2025, 12:18
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Da2dalus/The-MALWARE-Repo
Resource
win10v2004-20250502-en
General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
flow pid Process 119 3108 msedge.exe -
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGON.exe DeriaLock.exe File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LOGON.exe DeriaLock.exe -
Executes dropped EXE 2 IoCs
pid Process 5940 DeriaLock.exe 2660 DeriaLock.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 119 raw.githubusercontent.com 117 raw.githubusercontent.com 118 raw.githubusercontent.com -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DeriaLock.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DeriaLock.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133917851439544739" msedge.exe -
Modifies registry class 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1153236273-2212388449-1493869963-1000\{F45840EE-503D-468F-B214-0715B2AAE496} msedge.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1153236273-2212388449-1493869963-1000\{D459C29C-B141-484E-A988-41FEC1BDAE62} msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 2660 DeriaLock.exe 5940 DeriaLock.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 400 msedge.exe 400 msedge.exe 400 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 5940 DeriaLock.exe Token: SeDebugPrivilege 2660 DeriaLock.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 400 msedge.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe 5940 DeriaLock.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 400 wrote to memory of 756 400 msedge.exe 86 PID 400 wrote to memory of 756 400 msedge.exe 86 PID 400 wrote to memory of 3108 400 msedge.exe 87 PID 400 wrote to memory of 3108 400 msedge.exe 87 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 6008 400 msedge.exe 88 PID 400 wrote to memory of 2440 400 msedge.exe 89 PID 400 wrote to memory of 2440 400 msedge.exe 89 PID 400 wrote to memory of 2440 400 msedge.exe 89 PID 400 wrote to memory of 2440 400 msedge.exe 89 PID 400 wrote to memory of 2440 400 msedge.exe 89 PID 400 wrote to memory of 2440 400 msedge.exe 89 PID 400 wrote to memory of 2440 400 msedge.exe 89 PID 400 wrote to memory of 2440 400 msedge.exe 89 PID 400 wrote to memory of 2440 400 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Da2dalus/The-MALWARE-Repo1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffbb851f208,0x7ffbb851f214,0x7ffbb851f2202⤵PID:756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1772,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=2912 /prefetch:32⤵
- Downloads MZ/PE file
PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2232,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=2228 /prefetch:22⤵PID:6008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2408,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=2916 /prefetch:82⤵PID:2440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3488,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3484,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4824,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:82⤵PID:5928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4828,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:82⤵PID:2348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:82⤵PID:4444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5764,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=5788 /prefetch:82⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5864,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=5828 /prefetch:82⤵PID:2736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4264,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:82⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6068,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:12⤵PID:1512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:82⤵PID:5164
-
-
C:\Users\Admin\Downloads\DeriaLock.exe"C:\Users\Admin\Downloads\DeriaLock.exe"2⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5940
-
-
C:\Users\Admin\Downloads\DeriaLock.exe"C:\Users\Admin\Downloads\DeriaLock.exe"2⤵
- Drops startup file
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4000,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:82⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=6708 /prefetch:82⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6676,i,17013127587806185226,5639508729967830615,262144 --variations-seed-version --mojo-platform-channel-handle=6768 /prefetch:82⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window2⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
PID:5816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ffbb851f208,0x7ffbb851f214,0x7ffbb851f2203⤵PID:5256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1744,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=2244 /prefetch:33⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2216,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:23⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=2792 /prefetch:83⤵PID:3328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2712,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:83⤵PID:4768
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4212,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:83⤵PID:5204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4212,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4732 /prefetch:83⤵PID:4060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4836 /prefetch:83⤵PID:5304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4780,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4884 /prefetch:83⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4744,i,4152772991386540019,3705336999806367973,262144 --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:83⤵PID:1316
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:4524
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:780
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:4580
-
-
C:\Windows\explorer.exeexplorer.exe1⤵PID:2836
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:5900
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD536326fcbb6119326e7c8aa24c4156548
SHA1ed128a9727e1d58b970e732b8c66fc827b18372b
SHA256ac41191dcaf36d91f7bd9a077bc59b1bd7218daa27b263d1da6a548f58264987
SHA512ed5c79f1edc0c65a1cf0ace91ea5538245c1569c3b25ae3cdf033ffcb55d37e7b09baec36570e82fc1525c24224cea08a53abab7e52db6376f48f099ffefd1fe
-
Filesize
280B
MD596ff0a7fa01fc7a55913b4beb9b070e5
SHA118f8133e7893b66eb7e3b90564361a582c0b4769
SHA2568f7daac3839ab1809e153de8814eee620b457472c149bb944ae38925660c815b
SHA512e0260e44e53ffe39c0989db033631910ca4833d841deb90bdc6aa053c78ed953c006c3dcc772919574a5355dceeeabce668fd4e86326ef976be6f531e0897c2c
-
Filesize
280B
MD54d36c9029c3ad3b7d38cdf01f2b93110
SHA17681e2416c97eb9081bd2570a1c731b66093c5d1
SHA2565dc8cf6c72f742baf633b849e6fd9dd617f16e20559735d6af5d44e24ea9938b
SHA51222db37f8fc178cabe6b92c8f9a61d496d68f8ee3a62822edabfbd13fd3f9b4c97d72191d05cbe473f108c9cc5d381bdee4a030d68928c065ee0d086af696878f
-
Filesize
44KB
MD50dc7deb9d429199eb077403c9b66ef48
SHA184fdbd8a2e3b032086c7bde795efdce9d576d764
SHA2565ba6ca9cc760eac6bdc0a67b783091a22b792026732a13dd71eb5616011b47f6
SHA512f8d3016aef35658980cc53020dfeb025e5529f0ed5ab5a2dfb7e73056e0a5b378e8cc100ba76b5d64b6db9fd1c87d91313cf5944f4e3788eb4be8bacd0afb574
-
Filesize
264KB
MD5bce06a8a02c5085421ff2032094f699c
SHA160d4760f122223a0d258c6fa14bb32fbd4eeb6c1
SHA2567edc9f42e9255938a06d7145e23167afd6bafca27ad3ce4fa8019a3ad16e0760
SHA5127603a36da0e53062473c7559520620246e57d71f4d04609907432db4f25b203c788954fece8fdc4d2fdec0666048fd501f8b7ac849b2eecbfe4cec381081e48b
-
Filesize
1.0MB
MD533473b8ec1407a3ea695f5e0c22fc2cf
SHA14acebf301f24731478381f3bfa731b079b3f1896
SHA256d13f36770622abc4d2b3eb0d4acd0529d876135cccf88f52cf9bf20b80dcff59
SHA5129b07109aab02ac096a22489a984436f2a4c33d9b8ff347aebce056376b43df25155b61f950e0521a0157c8dd5a24d137de32ec634a77c41a7dcbf70ad3245811
-
Filesize
8.0MB
MD54945466bdb08badb2d7f523afede3e75
SHA1f39875992f97ab89fdea7dbfcf61640ac9a863b5
SHA256a7a8dd30e09d840a201e68d731e0812e9f57833db4d6c14791178dfbc0b6607e
SHA5129f3c4df12b08c4d94914c1a50ca1e19ab7a81b0366eeadec36f3db56fbd777660189fc79c9fceac4268acc38fa571d58acb7d134f384e40b35ad0994beb6aa58
-
Filesize
46KB
MD5bb8ffd17bc2c03b89d9b76025acd8a80
SHA1526f36106bd0843753bb63269445d73ada4cac7e
SHA2567720db5312bc3c9f0d8489abc4a259cf57ef84ee4d29678a1f24808441d3f32e
SHA512931db226940fcbffffcf55d1192e5cbffd317571a8b6a30b61560b83e879e1964517a78b8532ffe4abb9c039fb7d0d646c3c3f206accf0b9f4ee44b2ebf1a31f
-
Filesize
20KB
MD57defd708966faefe5c610f256994fb99
SHA112cbe5e32a480c679457f2738e75aee2618a946b
SHA256f7a1e98ef42e92cadc8f6232f107ecc0c1507ad11b4e242c05db82ff0ff4c3f6
SHA51225e62926be17e22d979cda3f5214bc4911bbf190bcc7e73f264cb9f97707139fc4779359c1712abddaf3c9adb30f21c006473eec2dd4f9f387281826e247ce40
-
Filesize
38KB
MD506683093428834519c100588d3bbbcef
SHA1d36355db08f9186fc9f502735a5dbb966d139e92
SHA256a976b59f11b8e9bfa80d88e3b53e8d2073c3f039a0544066e73f4b58f4ba38a9
SHA51206cca8f8cd9bcf4ed5c972358aa9bd683213f1d58f6a76a5bd3201592ea30803fe56b5fbc7047607111301a67ed1a332be9549578cf73dc04a7f7698c40e4181
-
Filesize
37KB
MD50ec7d765a850c648ac69e82df120c240
SHA1a8b67bbfddb5ea5b1e7b125c4ac68961bc4cb4ec
SHA256ebefb4f1a94dc2bca30408097e87440dc87406e56c6af82c86fd8902d6f3c592
SHA512dccf222a5ebfe85213cac5be0ac3295d1c63313a1d65a8b1056bf6354fd4e8d59d09d28b24220e1b861087b34c197cbbdad3e3aa476d31256191a031f92d8710
-
Filesize
22KB
MD56a726a217a318999ac0aca3d010bf812
SHA12a75cfcecd66d8a78a763a2178a8566b61c49c9e
SHA2562ab8d1161abd32099dcbb3967f8e31962e08f7c665ba6613372fb07715b74338
SHA51230cd88837085b0b244469a891c86ef30a3cd5a8f5c35fbebfcad6fded35ee9e49677c5325c55af26f21eb5cea6390549fc9e1b402e9b8bcee6a2b950ee8161b0
-
Filesize
27KB
MD5f813ad92abc739744e185e3990efc308
SHA16391306a6bfe3f30fae3611151c848277c33c31b
SHA25628aea16c149f5ee078b34c03cbb8c0eee86663923fc384324cef00f451af764a
SHA5123ac8cbb479063ce2ceb339684f86dc87d0a444face209e55de9c68c17c81642fbeec4b64ccea7f424e18b77add3c0caa4bf5d00e5d6f39728d4d61c74120244a
-
Filesize
18KB
MD5dd9f92d1a1ee662c1472c992ebbe36fd
SHA18b21e6a4915b02bbd247d8846c6a742c120ed880
SHA256fb67845b981f637821eb9e809b9fa1c62d41b1bdb0f84247a5a1297dd6b4e154
SHA512e5ea698d8345800a7edfbbf0ac800a6368dedfff9df79d4cf13f507f561312ed6ff68268038be7e7e2ed6d0009ce20ed7d7662eb304e49fe7b6cd741ec9091d6
-
Filesize
46KB
MD5a1dcd778b8c06c4299a307532ecd6a40
SHA1722771bfa67e4bb8d614a33bdd1e49b55f79c47f
SHA256a5f807ccdc864cbed778010004bcf2b3510776ff7963c91fb94daa85aceb8986
SHA5127849c1641343912c3cd4f1f312fc9eeccd4a0030735973cb56b308b204250ee5209c726628ce17926bd84748f26df200993355440b90455c3cca7b71a3fcf740
-
Filesize
23KB
MD5c8efc94f0b1d5d2fcd022f0ddeede705
SHA16b834927dc08786d9d000e9f4ab0ff1eeac4b7bd
SHA2564bccb0cbcc1711921c11e91b01a6e6291cdcbe7e5a56745ce29f0b08bca88d73
SHA512592c59ad5854fa25deefa5cedd7bffbe1de6390d0c28e710cefd67a61c5f78ce4864c087f5640e1c14fb8bed8190515a4de4806d893693407ead261a83afa251
-
Filesize
59KB
MD53790b068a1c536940b9640a7e3e04b9a
SHA1e400bd69288b03dfc60d6a1aa6116bd7c33ad664
SHA256e6dc0ef47922b83aff1287cec50e76c3ab5c8d5a9c662f46230312ff2c0d69bb
SHA5129b5b60a42b266dfa457ceb9af65675ec86ef0388841356e4ab481cb6f69ab3853c92f9d2e9c63ae9ecc6b9f2544ffe619972a2d9e034a95f2649211fb715a31b
-
Filesize
55KB
MD560c6efabb021c8eec4ba448974887f11
SHA11df8405943257b9356bae8467615d45151931aa2
SHA256709d97f82663324b2c441d42258d4aa6d8a0334f03c1935b0b43c9cad3ae4305
SHA512714c8fcc3343ad259b3b9681c53063dbd99c0023bcbae51f0f607dcff8cde51cc926d6cfe93be8eb6e2e159ae0405bfc9236df984b47083449130a4c0d7f44de
-
Filesize
88KB
MD5a2e53ee908dc616b23256e82e73343f2
SHA1c40b4ad46f6433a900536b7abe1d6544d4ee8ec9
SHA256dd1a1e2058a992fda5828a86ac635b5efdb488e2aa45daf66f180ed95ef0a857
SHA5123ef3cb8b808e747928df27d5d931ae7a68ec09c05106880680089d4e356bb06acdf6d87cc1a3529c9a6d19e1eb991e563bd6392e8197f6716c1c44dc5b444d6d
-
Filesize
99KB
MD52c5d93f83e9c4810d3fd8257c06f3b56
SHA1a33a8a4c75381a0e83e31ff46a2e57dccef1db3e
SHA25682eebff2d35e1abd48d48b7ff1908e33059281734c7827b006093fed49e5fee9
SHA5120a03771731876243893af94c7cdb64517647a72830a08ef79055005be8b652b47e0ca1066e3898cdab310f6be18e51901da1c5ec822440f6e69d6b2f5a2aefa0
-
Filesize
17KB
MD50327116a94be68d508a8448c6cb18b93
SHA1ce0682ca6ce1533114f8d71c8fcfb0f2ce5ab012
SHA2563df6bb07a6f5af60c8c7e71039bef70a4d811e0a11de0c5eb91705f0872740bb
SHA51268417905044c6e9f5b664bbef69502feb198d355cda42b16e5e40e06a5803b6fca84c2e655f2a658321be2fb13bb9c2a0a6c7be38b48b736d61bfdde16ca6bdc
-
Filesize
35KB
MD5e1a8c20930736d2b93a50694cde8be62
SHA189f919d542549d634d75584572f353bbbf4dac27
SHA25607c5267470e727178ee7d1864eecd9e66186e4e2b560c02d198bc63b2c699be1
SHA51295e1f4fae8bd416266c1d63f335f0226d81bce97d9a226afae503e9f08837f445930e4356ae7835d30c44e40fddaf1ef4940ae34d5c229e1e675842eeeff62a5
-
Filesize
19KB
MD5c9789bf27bdb48a63bc96d8945d2a941
SHA150df256f4e5dc9e9dc4f69897dc41206a8f2c807
SHA256f0cfc25adfda0c1d4c942156dcf67b1e4d6ac41da107323ce1cea84a425d1f8b
SHA512e4e8a1569ad4dbf9eceb02619eec4c00172f5e32ceb3c9f8ab9f528af2118e67d71f55cd432fa51a14edc08c5bdc596f994ed1d2c5453aae0457f7a499f5a2e2
-
Filesize
72KB
MD5a4bdb2f218e0bde8351b20121bd3b3af
SHA16baa51f73148657a09afc2d6fe8418aeb51d8a7a
SHA2569dff37fe970c48070658f5ef2faf40102824f0080afeb0e7903be054c1e3c726
SHA5124aa99749d939740bd9369e40b9c1b0b88eff25bc0a0a35383654c0983a704edecd1f3de24b7ce1f875d4856a623278f2cd0eb7ed385a15db986f7f514a0c207d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize5KB
MD5b87c04be8348a57c07c8245d2787df83
SHA106deadd0fb58d25b5ab16ef372d724ecbccb64d1
SHA2568f0731ea81a44400c101b8790fae87740b7b2ad3fb75e1fdcd76bf514de373ac
SHA51200cdfb85cc84007e8f367e5fb19e525732949057bf0d8374574dbc50a31e2c3ef52c32fac093984eea6123b6545a504704a8a9e8e44d38f18075609e7f615721
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57eeb5.TMP
Filesize3KB
MD50a14165ba488c1740b2f9ef7580d44ba
SHA16bc101bb59049e75d5f364885e59ec2f58c29b68
SHA256cb1ade0ccb2106a198077f1edee519ae8f3230a34c843be163d9c7a5a11c7b48
SHA5129ca39d780b1cb853eade3e40bfacf81e0d4d392f3736a3d9ea23db5e69fbb52e13fbe0061cf7aa6d3c9e69428140c1c6c4f082426af22fe5fc0b09103df3e422
-
Filesize
264KB
MD56c05a1c4dec1181224b7f9b18e62a827
SHA1146f73405a235a2575c84ddb51bfc59f4170cd5c
SHA25625e068178d9551299dbfa9f1ab90b992e65b8badfaaff251916d306efea3d7c6
SHA5126edf87e81fc18fdc58dbba2b1dd74acf47bd6848d40e5eefa11d8d4bc97ee10a94e4d75af3562acfdfcce9e7e2ae19edb7114774d5ad500b1bda8f4decea5164
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
20KB
MD50790c2aa11f8d0aa3a44fc4782cecc5c
SHA1f6f51906d6e62ca7443ee24657f3845e745b7f9c
SHA2565bd755ef7da449f50fa8f3893ffd2a0429c5b9d3cf912219a250a926aa415b69
SHA5121467f0d83d3973ffe5c2044341996856c7c1472f51e96d6c45f967306ee0175dbabdedd7a4194c8561a379af6d26016daab4c0d2523323d96abbb8654c4deadb
-
Filesize
192KB
MD595c73c6f6c862962ae412ef9c545878b
SHA1fa27ad25fc35841467ee1cedbe7b159f6ec23517
SHA2561b03bded58af578b39bd33add18d1d7aa709e5a2d237f3d43db433d522922728
SHA5125f0120a1aefd91b4c54b749c8426243ddbfb2744e8db01be0168f22055290656e4ca72604f340cd812cbfdcb22600296177fb2a44fa05bfa2ceab790bf9144e3
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
20KB
MD58556221d05939d119098f047a3f74383
SHA184e41c8d82a4b16f1e5c73dca26c0df3814b6a88
SHA25641cb95e67b2bbe701d068de24a90cc8aabc3459ecfec3ec6eddf36bd37d8838f
SHA51289e42fd8f584ee8246434bdce7ef82c4b4519cdde45f95ff11675c09b06c21a5719a095c52b65d03f1a9506de258b78c3f757362d21bf4a71e17469ad68f4996
-
Filesize
3KB
MD5c66d4f09639bc36461280ac425191d80
SHA1909c4cbfddb5d0fa5a50e86cec0e47bb785572f9
SHA256419dd5d19d8d3b348358eca1655e33f18c1a1a186ed761b9db73a53a0048a211
SHA512e0e8438c527ed1c5b90fac45410735c98d12149ec2781db67b4017eee973e9de45b06187500ada925098ffb610d439fbb7fb392bd8a02d6d9a64c5b6196fbcc3
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
1KB
MD5682d548226f7de04be485f9303671213
SHA120302b523987f498b6d24c67ad67128e8df9120f
SHA256b47b5ccf30d4e2758b225fa040bb1cb10fd23218229270a35391d037615a4506
SHA512c88604c23ac95cf541509ea0c5195a4e991a663dc86b02ec52fd681d50f04c65c61ec4e16c0158a96b87e2acd8793ac2f2588cbaece79de7e37bb8dfe1320d93
-
Filesize
17KB
MD52fd546b249982789932e99200fbf6128
SHA1be4d06bef249cb946b2047fc45ed32fe506c5a1e
SHA25687a8d11218b803e01c06a5f036524ef92b40ecf57517b420b843b5e6d4d89986
SHA5127b49f0e99cbd26c18b11eaca18c5cbc1a927cdcb03278eb38da7dd2fc767cee287c6688facf244e64d09feea3c270f82f75a9483981189de75a321aeb2d09156
-
Filesize
16KB
MD5f1211a1b328db2e84e2f536e0e9978f8
SHA1afe5a2efd1de75d4be0fe15c5195d6d020390c12
SHA25696e3d745b955ef63c84e6442ce97a468c93c6f490da5ef7a57d3836fbcac73e3
SHA512ccfb6e79006d055185374e989fc151379e9fea16a985f08f0f5c4bbff3f0f8419bdc9b7004f22ee611b8040601ed53e6e913e74166551e4bbbde5cb1328c6d00
-
Filesize
36KB
MD5c85771d81440d198a423f1225589e0e0
SHA100480d552c2ed41ccdf4faee3090259bae2ad45f
SHA2567db83841766157dd49ce66f194d5a74151926b4fc6d7c4b6a8fc217e869982b2
SHA51266b66da1b9b98ff7f6326f4dfe958e8086709e678174fdd3e6ebaafb0e7ad854cb6158a8848f5c5fe969b45d321f09af7e6ac7a4aa14c6354f96bd068e970496
-
Filesize
335B
MD50d881399760fed248d5c33f837fb9042
SHA1074c4a7cca02d1d80db7cc14fd9f95a1cd46baa4
SHA2566c32db7d2144ad321edbac8da50bdc3602395589f5fac3886cba592b986c54ad
SHA5129c6c72984538712694340f0f2dd79701e48e72b019dce20b863fd02372499fc031e0b35db77431183d8d6c55888bb8e54b954dfea778e755f9ac925e59226d76
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD53390e68f542221fdafeabfbbdf46c9b6
SHA186a181330b82567b70914717dd29867a8fa81ec0
SHA256349c26e3f15d1535f6b3b38223de6023f5a8d62a267bae5051e7b9def2b4705e
SHA5121473e8c40c30729c340b068a79a6ffb207691503dab3b40c46dff3c22899ed5446f97009cbcdc414b4b8a0d0b89719ca57898578a72ceb884769ebdb615bf786
-
Filesize
347B
MD57a28accc2d44724127d4966cdcc4f19f
SHA1294ffe7679aa9b8c5f3876451fbb8a21d3a487ee
SHA256319dfb8364aa15082781469c7db923d8a850be778977f2166e2a9758bd8267a3
SHA5125d5d68a1ca27ba1c64e1afae37ab511e9787e94eeb8f8ac887ae8570d461943553deb54da3ba03e7e2f3536238d2c6787c3d5bdf52ec167ac9e7cdc51ffa2a1f
-
Filesize
323B
MD50a71e8e0e9c8d4bbadcabcfc018466ae
SHA137d202ddd94d982e7e0d44b4257e63c7cca8a3f7
SHA256c1c10065190b6e7c21874c0351a8924d1770c134522eb67ae62a81ea04b86205
SHA512897441af0bb79133c351c363cd9ca129839d82bca317f39ff361ff2479cfe48a2a622dd6683d93dd28867cd247cf6c2140e34497aa1d8ebe481688eff5879467
-
Filesize
22KB
MD5b54ed3062e77da540c89e02ad2b48a0c
SHA100578ef2296e5e2a8872b46c5e7bb93153cec1a8
SHA256027bed01170fb6bf9eae37948a9366eea9ebf9906562a7ccf4fd752aeebe92b3
SHA512052413c1da1f5cf39329be5df53d36abfacf9c93d2bc9d2c5d20aa77275e30a971410ea5edb34715eb0fed8d12c690b0c4ae488c6dcd930ebff3a4f62a14a677
-
Filesize
128KB
MD57f6192fe0ef27db342251d2a01c961ad
SHA1fc93f08f701490aa2ce487ed35662e27db94e200
SHA25697bdf9396956c4b41b443a4aee51e263eeb4fea669d2138681073c55c251b238
SHA512cc60ad5b47d479510d1eddbe4aa939ac749572a35d36dd9545de9fdc89b6bfa1c06813e55f5851c53c611107c0581d9e8198059168957d67f53e59889a77cb5d
-
Filesize
13B
MD53e45022839c8def44fd96e24f29a9f4b
SHA1c798352b5a0860f8edfd5c1589cf6e5842c5c226
SHA25601a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd
SHA5122888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9
-
Filesize
40KB
MD593bf575d21d43a5c32d754cc8cc07295
SHA1ee741bb4677ad2fe372fea54055eb7b4f8d097b3
SHA2566754584d74404a28764d0118fbfa28b5cf080b8e7b73d928bda192a8dd14e91e
SHA512d823a90a2341d6c8f2ecd99bc70728050673948a1f7cbc39708c21875e6d468c4f8316f99318a92f4286b838eb93a72d63c653bf248aa88b76a094236fd4cb98
-
Filesize
48KB
MD507dd98194d704fc007d4fcb25b6c8e08
SHA11e830959b0d544298a626e547a633585c38b2f1d
SHA256f8514eed6e1ca1a593227cf9b028d8d0c35432021a44cf9ff60558401365c7df
SHA512c9ba35541dd17ddeb8570d99124cb3b7b089208866804bbc035d39908b13e93a829de14f8014cb77d792b685896f787463ff91311af9667970b54e923395c3d6
-
Filesize
54KB
MD59ea5677d400486c6e6b02ed6244b61c3
SHA1fb8e4a03e69b46397988b20093b63e84690dc43c
SHA25688e002046187fc646854f08625a1ffbd8e538ccbe0690be9ef8e3cda8ed26f48
SHA512dcb3be1077fe064df72e75d6b1df9c976c25b9d4b0b8ffdffd85b4a8b8eb8cab2ff8e841a7b0f3cca7864e0fca24f3ba7049cdd33ccb301d97e2837ed17bc2d1
-
Filesize
40KB
MD54ba7b9cb923cec2cc0439735f6b8cc71
SHA106a22d2237887a8e3506acfb46519e686e63a8d4
SHA25639484f72dff2f06331793863b53153333ce6ce28ba5126208daf1851be37ca55
SHA5125b77c98221dcecff1b9a13655daf588b9ade8277c8b53e97438a87725877e59f43e2488fb96a32bbd75b82b7bacb62fb92d778f170e6ca9a051b603045a575a0
-
Filesize
54KB
MD52d168a4f29069484d0360695c912f51b
SHA186e9f83842e8add96b3392d37f4950537639f2d8
SHA2560bba8082b8eda86a665da4f4cf51b840ea8154a73c13cbe9010b604c79a4b7c8
SHA512f7ca14ec6d64d09392a958d9d23842b1147549857c77c3044ae4840ae5eb9f5bf53ed808f2f5e49fa9e7d35c55720e0034ce5f7c72d061e6582160aab4514aae
-
Filesize
264KB
MD51ae6f0a3d99922ff34ab5c3631e396c5
SHA148fd16ac071d5f84bf1bae0aa65ce9f307230c30
SHA2561c5784f93d7cd67e1fb37395ab8f9111f766adea796276095b423fa311c6f581
SHA512a5fd306b8b49d0df5fc59c2076af67a5825ae76e80914ec35b827c2ce46e9df59e17c6ef58a8d7fdbdbf13af395e22b49c68b7630531137dfce628b2115e4efe
-
Filesize
86B
MD5961e3604f228b0d10541ebf921500c86
SHA16e00570d9f78d9cfebe67d4da5efe546543949a7
SHA256f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed
SHA512535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5cb9ce93a39854087b15dd96da7ec88da
SHA1e98b462a7e2db1a3f43729f147f5071ac0382e7b
SHA2566b5e06c1bf235fe4f93ea03949874f02fbbef7dc4d7b839bde8f31185959f16d
SHA5123de3ec1c3947254834966a87b17b700ab79d256a914cf9d74605aab0cfa1651f8a62b41dd7fbcf1abea4849b4cdf41ba2f352d3a32d6bde9ff5bd418a0695b70
-
Filesize
484KB
MD50a7b70efba0aa93d4bc0857b87ac2fcb
SHA101a6c963b2f5f36ff21a1043587dcf921ae5f5cd
SHA2564f5bff64160044d9a769ab277ff85ba954e2a2e182c6da4d0672790cf1d48309
SHA5122033f9637b8d023242c93f54c140dd561592a3380a15a9fdc8ebfa33385ff4fc569d66c846a01b4ac005f0521b3c219e87f4b1ed2a83557f9d95fa066ad25e14
-
Filesize
20KB
MD579ae7f747206567fef8e19ba1eb0217e
SHA1d2cfecd6690b291379f019cfe335b7d12a0e8445
SHA256e16ab8de7b7a53c1a51d3acd0f9b137a6f36da7935a951017816e9363420111c
SHA5127ea13e0c3ce6997b18584e4911a0c55417616f34fac78f25118db7a2fa32b2f604cfbcccf2656fa0734f4bf20663299c28e52939b730b35afae1c9414e03a64b
-
Filesize
512B
MD5e1bc4f7581f17635f7728f1bb161f215
SHA10d8adb6920fcfd34bb7c72cacc96129b31d540a3
SHA2560fb8c2320e0c8302910e3125cfa7a78e4da73c7a085f04408d2ecf433a283fc7
SHA5120e4cf50ea39beca432d189b23a7ad63929cfbd371eeb8309680930b3194763f73fc1c662ada1df1f5cc6afd6efcede610035178ff2acdb986024f0a4f8a74e3a