Analysis
-
max time kernel
81s -
max time network
82s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
04/07/2025, 17:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://cdn.discordapp.com/attachments/1378031637341667339/1378031682044821544/BestXineMenu.exe?ex=68694403&is=6867f283&hm=bc1bda2777a01620cff0dd07a875acb7c80e635f593dbd2aee40cfd69c50e498&
Resource
win10v2004-20250610-en
General
-
Target
https://cdn.discordapp.com/attachments/1378031637341667339/1378031682044821544/BestXineMenu.exe?ex=68694403&is=6867f283&hm=bc1bda2777a01620cff0dd07a875acb7c80e635f593dbd2aee40cfd69c50e498&
Malware Config
Signatures
-
Disables Task Manager via registry modification
-
Executes dropped EXE 4 IoCs
pid Process 4484 BestXineMenu.exe 5788 BestXineMenu.exe 1300 BestXineMenu.exe 5204 BestXineMenu.exe -
Loads dropped DLL 64 IoCs
pid Process 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe -
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
pid Process 3924 powershell.exe 6084 powershell.exe 6072 powershell.exe 5168 powershell.exe 4584 powershell.exe 5972 powershell.exe 5000 powershell.exe 6128 powershell.exe 5052 powershell.exe 5748 powershell.exe 6112 powershell.exe 5052 powershell.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
flow ioc 138 discord.com 141 discord.com 142 api.gofile.io 146 discord.com 132 api.gofile.io 133 api.gofile.io -
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 117 api.ipify.org 118 api.ipify.org 120 ip-api.com 124 api.ipify.org -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 17 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133961251396405690" msedge.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "116" LogonUI.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe -
Modifies registry class 4 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{198D6D7C-F663-4101-86F2-94C73BBAF196} msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{16CCF625-33D7-40BE-A5BF-FF20274E49EE} BestXineMenu.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2866795425-63786011-2927312124-1000\{0F126BFA-8503-44AC-8707-320B64834592} BestXineMenu.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 6072 powershell.exe 6072 powershell.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 6072 powershell.exe 5168 powershell.exe 5168 powershell.exe 5168 powershell.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 6128 powershell.exe 6128 powershell.exe 5204 BestXineMenu.exe 5204 BestXineMenu.exe 6128 powershell.exe 4584 powershell.exe 4584 powershell.exe 4584 powershell.exe 5972 powershell.exe 5972 powershell.exe 5972 powershell.exe 5052 powershell.exe 5052 powershell.exe 5052 powershell.exe 5748 powershell.exe 5748 powershell.exe 5748 powershell.exe 3924 powershell.exe 3924 powershell.exe 3924 powershell.exe 5000 powershell.exe 5000 powershell.exe 5000 powershell.exe 6112 powershell.exe 6112 powershell.exe 6112 powershell.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe 1300 BestXineMenu.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 1300 BestXineMenu.exe Token: SeIncreaseQuotaPrivilege 4540 WMIC.exe Token: SeSecurityPrivilege 4540 WMIC.exe Token: SeTakeOwnershipPrivilege 4540 WMIC.exe Token: SeLoadDriverPrivilege 4540 WMIC.exe Token: SeSystemProfilePrivilege 4540 WMIC.exe Token: SeSystemtimePrivilege 4540 WMIC.exe Token: SeProfSingleProcessPrivilege 4540 WMIC.exe Token: SeIncBasePriorityPrivilege 4540 WMIC.exe Token: SeCreatePagefilePrivilege 4540 WMIC.exe Token: SeBackupPrivilege 4540 WMIC.exe Token: SeRestorePrivilege 4540 WMIC.exe Token: SeShutdownPrivilege 4540 WMIC.exe Token: SeDebugPrivilege 4540 WMIC.exe Token: SeSystemEnvironmentPrivilege 4540 WMIC.exe Token: SeRemoteShutdownPrivilege 4540 WMIC.exe Token: SeUndockPrivilege 4540 WMIC.exe Token: SeManageVolumePrivilege 4540 WMIC.exe Token: 33 4540 WMIC.exe Token: 34 4540 WMIC.exe Token: 35 4540 WMIC.exe Token: 36 4540 WMIC.exe Token: SeIncreaseQuotaPrivilege 4540 WMIC.exe Token: SeSecurityPrivilege 4540 WMIC.exe Token: SeTakeOwnershipPrivilege 4540 WMIC.exe Token: SeLoadDriverPrivilege 4540 WMIC.exe Token: SeSystemProfilePrivilege 4540 WMIC.exe Token: SeSystemtimePrivilege 4540 WMIC.exe Token: SeProfSingleProcessPrivilege 4540 WMIC.exe Token: SeIncBasePriorityPrivilege 4540 WMIC.exe Token: SeCreatePagefilePrivilege 4540 WMIC.exe Token: SeBackupPrivilege 4540 WMIC.exe Token: SeRestorePrivilege 4540 WMIC.exe Token: SeShutdownPrivilege 4540 WMIC.exe Token: SeDebugPrivilege 4540 WMIC.exe Token: SeSystemEnvironmentPrivilege 4540 WMIC.exe Token: SeRemoteShutdownPrivilege 4540 WMIC.exe Token: SeUndockPrivilege 4540 WMIC.exe Token: SeManageVolumePrivilege 4540 WMIC.exe Token: 33 4540 WMIC.exe Token: 34 4540 WMIC.exe Token: 35 4540 WMIC.exe Token: 36 4540 WMIC.exe Token: SeDebugPrivilege 6072 powershell.exe Token: SeDebugPrivilege 5204 BestXineMenu.exe Token: SeIncreaseQuotaPrivilege 5456 WMIC.exe Token: SeSecurityPrivilege 5456 WMIC.exe Token: SeTakeOwnershipPrivilege 5456 WMIC.exe Token: SeLoadDriverPrivilege 5456 WMIC.exe Token: SeSystemProfilePrivilege 5456 WMIC.exe Token: SeSystemtimePrivilege 5456 WMIC.exe Token: SeProfSingleProcessPrivilege 5456 WMIC.exe Token: SeIncBasePriorityPrivilege 5456 WMIC.exe Token: SeCreatePagefilePrivilege 5456 WMIC.exe Token: SeBackupPrivilege 5456 WMIC.exe Token: SeRestorePrivilege 5456 WMIC.exe Token: SeShutdownPrivilege 5456 WMIC.exe Token: SeDebugPrivilege 5456 WMIC.exe Token: SeSystemEnvironmentPrivilege 5456 WMIC.exe Token: SeRemoteShutdownPrivilege 5456 WMIC.exe Token: SeUndockPrivilege 5456 WMIC.exe Token: SeManageVolumePrivilege 5456 WMIC.exe Token: 33 5456 WMIC.exe Token: 34 5456 WMIC.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe 3636 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3800 LogonUI.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3636 wrote to memory of 3280 3636 msedge.exe 88 PID 3636 wrote to memory of 3280 3636 msedge.exe 88 PID 3636 wrote to memory of 184 3636 msedge.exe 89 PID 3636 wrote to memory of 184 3636 msedge.exe 89 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 3028 3636 msedge.exe 90 PID 3636 wrote to memory of 404 3636 msedge.exe 91 PID 3636 wrote to memory of 404 3636 msedge.exe 91 PID 3636 wrote to memory of 404 3636 msedge.exe 91 PID 3636 wrote to memory of 404 3636 msedge.exe 91 PID 3636 wrote to memory of 404 3636 msedge.exe 91 PID 3636 wrote to memory of 404 3636 msedge.exe 91 PID 3636 wrote to memory of 404 3636 msedge.exe 91 PID 3636 wrote to memory of 404 3636 msedge.exe 91 PID 3636 wrote to memory of 404 3636 msedge.exe 91
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1378031637341667339/1378031682044821544/BestXineMenu.exe?ex=68694403&is=6867f283&hm=bc1bda2777a01620cff0dd07a875acb7c80e635f593dbd2aee40cfd69c50e498&1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffda37cf208,0x7ffda37cf214,0x7ffda37cf2202⤵PID:3280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1744,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:32⤵PID:184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2188,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=2184 /prefetch:22⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2432,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=2440 /prefetch:82⤵PID:404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3540,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:12⤵PID:3088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3544,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:12⤵PID:232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4284,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:12⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4340,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4352 /prefetch:22⤵PID:3696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3688,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:82⤵PID:1668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5520,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5624 /prefetch:82⤵PID:2448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:82⤵PID:1076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6096,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:82⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6156,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=6168 /prefetch:12⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:82⤵PID:848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5272 /prefetch:82⤵PID:2184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6916,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:82⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3716,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7044 /prefetch:82⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6972,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5396 /prefetch:82⤵PID:3620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6980,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:82⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7072,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7320 /prefetch:82⤵PID:2300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7476,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7480 /prefetch:82⤵PID:1736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7512,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7644 /prefetch:82⤵PID:3964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7664,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=7340 /prefetch:82⤵PID:3988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4592,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:82⤵PID:6084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3512,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4544 /prefetch:82⤵PID:6092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4584,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=4552 /prefetch:82⤵PID:6100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5532,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:3208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=5752,i,4470848046616560391,3758049431621545024,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:2180
-
-
C:\Users\Admin\Downloads\BestXineMenu.exe"C:\Users\Admin\Downloads\BestXineMenu.exe"2⤵
- Executes dropped EXE
PID:4484 -
C:\Users\Admin\Downloads\BestXineMenu.exe"C:\Users\Admin\Downloads\BestXineMenu.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1300 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"4⤵PID:3540
-
C:\Windows\System32\wbem\WMIC.exeC:\Windows\System32\wbem\WMIC.exe csproduct get uuid5⤵
- Suspicious use of AdjustPrivilegeToken
PID:4540
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_ComputerSystemProduct).UUID"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6072
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_BIOS).SerialNumber"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:5168
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_BaseBoard).SerialNumber"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:6128
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_Processor).ProcessorId"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:5972
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_BIOS).OEMStringArray"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:5000
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_SystemEnclosure).SMBIOSAssetTag"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:6112
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"4⤵PID:5964
-
C:\Windows\system32\reg.exereg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f5⤵PID:5524
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c shutdown /s /t 154⤵PID:4464
-
C:\Windows\system32\shutdown.exeshutdown /s /t 155⤵PID:1844
-
-
-
-
-
C:\Users\Admin\Downloads\BestXineMenu.exe"C:\Users\Admin\Downloads\BestXineMenu.exe"2⤵
- Executes dropped EXE
PID:5788 -
C:\Users\Admin\Downloads\BestXineMenu.exe"C:\Users\Admin\Downloads\BestXineMenu.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5204 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"4⤵PID:5428
-
C:\Windows\System32\wbem\WMIC.exeC:\Windows\System32\wbem\WMIC.exe csproduct get uuid5⤵
- Suspicious use of AdjustPrivilegeToken
PID:5456
-
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_ComputerSystemProduct).UUID"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:4584
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_BIOS).SerialNumber"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:5052
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_BaseBoard).SerialNumber"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:5748
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_Processor).ProcessorId"4⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
PID:3924
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_BIOS).OEMStringArray"4⤵
- Command and Scripting Interpreter: PowerShell
PID:6084
-
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -Command "(Get-WmiObject -Class Win32_SystemEnclosure).SMBIOSAssetTag"4⤵
- Command and Scripting Interpreter: PowerShell
PID:5052
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "reg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f"4⤵PID:2184
-
C:\Windows\system32\reg.exereg add HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 1 /f5⤵PID:2148
-
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c shutdown /s /t 154⤵PID:5572
-
C:\Windows\system32\shutdown.exeshutdown /s /t 155⤵PID:2232
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:4496
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3843855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3800
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5ee4716cfeb5c6fc8c889380fd64ef491
SHA120fe543b6f5d223ac3ed2aea0770ef2970b69fd8
SHA256a31c31deb75a4035a90889eeaabbe9ffff368b2085b2d629f382c48240177a1e
SHA512cfc43209921da873017e10c382db4ab62a0fa4aa23bd3153a9a3ed716ea2cca009deb1516060be8a21c8d73d91bda21efef31fe65122ae2a289b23170fd5b760
-
Filesize
280B
MD5ed9ede2d7825c67ca21802f89806aa25
SHA13d6c75b37811c27e2e93acb1b6572d9c547fa5d3
SHA2562aa2d3efb086d88b06b640e49aaa37eca46fd2ab53c636c393d0175e222677d4
SHA512b49f1950efaf857f9e658511a2e41dae51c97880851700b0f6d212645863469bb56b3078ac7242cb9d6760b7682acb09624c1c87088d8260a046d704d7a0972d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD562de9f08048a994fd82570b02d766d37
SHA1c53deec026af79b2bbcf82aac5798a47f7ed1d14
SHA256382a7070a0f29afb746737271a3a6c38f3abbce72e458c12420f127348361448
SHA512f3635aae2659a130f51fb5d5b4c94bbbf187409c0536e1e3312b98eef6a1a930f963dec70667c7d66aaa0a6c79befdbaafc8909b71b782d0f771d81732e9dc22
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f1d2.TMP
Filesize3KB
MD535cbb34689da358ed34a034acd1675e7
SHA103ead38a71ccf43fc7918d12596aa879cf55fdb5
SHA2564f0e49ecea3d01fa5396ee3a6aac717167dafb3cd81ead49882bdd04e3ae3990
SHA5128edc1e4f2564e2743e4a1ffa69344cf8f1d5d860627715f002091d2cbd0c66a858fe6c42efd3606323a1b2f0e4d4135d56bd6944edf1875f1fa36f4817cc4ada
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
Filesize9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
13KB
MD5e0303cba5ac7071f52da4d43535e3b58
SHA137f5598cd6185c5817d71f07d604a0eb65c32d66
SHA256d51b62b4da2419f3ed372277bfa726489d01aa8c0a82b98c477b88682c4a5e6e
SHA51288c2aa5e19865c17597276628319366299c93da5ed540679a924d7203060302c94424d999bdd4f061a7074bd73e61ca47f9beb1a690e59d4b61cfc3f035c391d
-
Filesize
36KB
MD5efe921969cb155a835f545e1b54d1826
SHA1cb1364e5154d489c93e7f78054a2c0644272a4e7
SHA256670e244129fe0cd2aba50ebdc9c1b9373d4e162763f4127c33f0f842f0decfba
SHA5121e7b150a4db75dad85673627191848c3db5f0f659018ced0af6a03e1516c936694e3e9d71bb91bd6c61944faddc717c87751f270bac32c0022c0772365f2b7b6
-
Filesize
7KB
MD522cc2f1622011132c5024d3442e94c87
SHA11f416a49770e9802cce6f2dc9e4a0dc4d642d2c2
SHA25620e4d1744d160cef472d81285ee6379a82ea43e5a583c5ffbe5bf1cc8d38127f
SHA512f5f0b48f90a56239cfec91788f0c795548d69b0af096a8a7fe15b067fa83b35ce0f897a725874c2319f5c60b424ce8d495724fe05738d766d8cefee7c40e967f
-
Filesize
28KB
MD5d365cc5930f77e0fd6fff8dc8ac30629
SHA1e76ef34879244205bec195392b4cfe98aac74b8e
SHA256edfd68f25c124824705a33f2377e3fb032f77571b364e460f0c2efaf09879755
SHA51268f93bf1556363136efe336287a3295cd46899c21f2ac50ee7fe9f80e5c4a43c0e3f69dfe7d8bbe75958c9794174d852f69117426e1766f6e6970d85e97c59f0
-
Filesize
7KB
MD5ed2a95e37fef644f7bee0048f232689c
SHA1c0a665f5bd37fe1409a8212f0512ea2ef67729bf
SHA256c494188aad051252d9cd966ffcbf93062bcde482c7dc8592aa65c7856f3dcca5
SHA512022eaf0450bc38fad729c6add9a8a9eb95cae67bac9ad4247042fc25ac01e74c6e49ff70179a25e9cf0ed037dac55b1ba1d2444a87309f42996b3555297fc770
-
Filesize
28KB
MD580e54cc8972b2413ab637969722c2f5a
SHA115efc551a74fab5f9e0469167133938a35d3aac5
SHA256425bf511705d86e2584dd5ccffd0f57ba9ca8ad202febee662aa722da028c316
SHA512de1a5e56fc8cb86fdfca042d6f6b9a2b7673f47674b4d8d56bd6b599d615041ca5e1d24aced817d1dbdb40466de9609cce254f1a0e328038e47f63e9122384b1
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5fe8c328b3aaebc43c707a3480d17220e
SHA15ef5f3f985250eb60fa6291652cac8ced64051d5
SHA25691466a25bbf4869c3c0db9c6e5367c0901df85fc0516dcdb52bfdea0a4f67cdc
SHA5125eba54d8f5b599ef35dc297b28dca5d98ee276b9018493a24deb3d1deafcdcd12e0ab2464432788aeddae3b53ab4510f0c8983175bfa8f9d9ff124851415255d
-
Filesize
64B
MD5446dd1cf97eaba21cf14d03aebc79f27
SHA136e4cc7367e0c7b40f4a8ace272941ea46373799
SHA256a7de5177c68a64bd48b36d49e2853799f4ebcfa8e4761f7cc472f333dc5f65cf
SHA512a6d754709f30b122112ae30e5ab22486393c5021d33da4d1304c061863d2e1e79e8aeb029cae61261bb77d0e7becd53a7b0106d6ea4368b4c302464e3d941cf7
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
117KB
MD532da96115c9d783a0769312c0482a62d
SHA12ea840a5faa87a2fe8d7e5cb4367f2418077d66b
SHA256052ad6a20d375957e82aa6a3c441ea548d89be0981516ca7eb306e063d5027f4
SHA512616c78b4a24761d4640ae2377b873f7779322ef7bc26f8de7da0d880b227c577ed6f5ed794fc733468477b2fcdb7916def250e5dc63e79257616f99768419087
-
Filesize
48KB
MD5c0c0b4c611561f94798b62eb43097722
SHA1523f515eed3af6d50e57a3eaeb906f4ccc1865fe
SHA2566a99bc0128e0c7d6cbbf615fcc26909565e17d4ca3451b97f8987f9c6acbc6c8
SHA51235db454dbcc7ed89842c0440b92ce0b0b0db41dbd5432a36a0b7e1eddf51704b1f0d6cff5e3a3b0c3ff5db3d8632fed000471180ad72e39d8dbe68a757ccdfb0
-
Filesize
70KB
MD556f958eebbc62305b4bf690d61c78e28
SHA168d1a227f8bef856469523364e37ae76b968162a
SHA256a5341a74bbec1ddc807c0236fcb6bfaceaf3b957eb69cdd9bca00657eb5e42b6
SHA51291b2a31835a5a0610856df1851c7bb1dea48a6740c63bd037971473706197e81e9904eaa6042a84fc15aa6aa74ac226463b67e2fa8370cbb8b0c987fed777169
-
Filesize
83KB
MD5684d656aada9f7d74f5a5bdcf16d0edb
SHA1f7586da90d101b5ee3fa24f131ee93ab89606919
SHA256449058efc99fccb9e24d640084d845c78f3f86dd34c5c126cf69e523d6320d75
SHA51227fb2eca382675316fb96d18a1aa6b2792077481bf899cbcc658d71f787876045c05c98abf129c9670b6a1d2654d57f59e17580139fa7f482ec27234e44d4235
-
Filesize
175KB
MD55cba92e7c00d09a55f5cbadc8d16cd26
SHA10300c6b62cd9db98562fdd3de32096ab194da4c8
SHA2560e3d149b91fc7dc3367ab94620a5e13af6e419f423b31d4800c381468cb8ad85
SHA5127ab432c8774a10f04ddd061b57d07eba96481b5bb8c663c6ade500d224c6061bc15d17c74da20a7c3cec8bbf6453404d553ebab22d37d67f9b163d7a15cf1ded
-
Filesize
130KB
MD529873384e13b0a78ee9857604161514b
SHA1110f60f74b06b3972acd5908937a40e078636479
SHA2565c0d5082fba1a2a3eb8d5e23073be25164c19f21304b09cecaab340dc7198815
SHA512ca826ff5403700e6d8822634e364e43b14ef829095d8fe365b49731236f696fe86ffa3853cd1801dc3b7800d005a032fe23bbc25befe3952ef37790d56dee3c5
-
Filesize
273KB
MD521fcb8e3d4310346a5dc1a216e7e23ca
SHA1aab11aef9075715733e0fcde9668c6a51654b9e1
SHA2564e27c06b84401039d10f800a0f06446b58508784ee366c7c8324d8fe9794e1a5
SHA512c064550d1723e92512a42ce367ecef9331a81121305d66199abce6e0977152d927f7223f475e22c67e3f64b0f612c5553f112d8ce653c666a98d1980d200a599
-
Filesize
132KB
MD5ac10151b412bfb22ba9725bc9613c49e
SHA14152c799c6faa2a1606d40e1b9089e67efaec951
SHA256fe09d0408aab3a6faa71467f78433df4c7f3ad0b033bb72ec43bde85abf6dcfb
SHA512bf0641606c45285c3f18454e8f855d12963f51d910f20419b76405cc80530c38e17a791c580a9db6d171a5e1b9999a6dea661e22a62360d804183f9c0210a107
-
Filesize
63KB
MD53e540ef568215561590df215801b0f59
SHA13b6db31a97115c10c33266cce8ff80463763c7e6
SHA25652f29aebe9886e830dedc363cd64eb53b6830d84b26e14f1b6faa655a0900b5d
SHA51221497a4d1d999a420ed0e146544f4149c72ad4aca4b869a0ee83267d92afa07609ece76a4e95ec706a21580d6544146d0a58c0baa01aa2c242474a4816108527
-
Filesize
155KB
MD5d63e2e743ea103626d33b3c1d882f419
SHA1af8a162b43f99b943d1c87c9a9e8088816263373
SHA25648f16b587c6faa44a9e073365b19599200b0f0a0ccb70121e76c2dac4ed53281
SHA512d3f1450b5def3c21f47c5133073e76d2ec05787eb6ae88bb70d3a34be84f6025540ac017e9415bb22ef36c2ffbfcea38a28842eefe366325f3d3cf2cca1a3cb1
-
Filesize
37KB
MD5807dd90be59ea971dac06f3aab4f2a7e
SHA1c4bea9db94127ef30e929b395d38175dc74e4dc0
SHA25682253e2d6ec717b317e26ed7dd141aadaea6cb55a9d0fee022a67d52b404fd06
SHA51261b9cf8ac06506002d273b59e2fb66ad96751b10d10faff9128749538867d45d561c1cf8dcb8e787ca6afdc8a1d504cb7012135dfe3a1f3d1fc0b107e4e1a8f9
-
Filesize
55KB
MD5363409fbacb1867f2ce45e3c6922ddb4
SHA1045b1b90886f4b25d326ea3409a5f79570eae4b2
SHA2567983f811ccd9c99c6db34b653339605ea45eb384f5e88a8b23ccf9fa5f0170d9
SHA512c89288dd76821a18e18ce3e67f01b1a9f6a55751832aa1a4b44882f2115474ca131f95f3545adb9c2d8ecaf3269837126135395c719581a7493affaa96ea0dfe
-
Filesize
34KB
MD5cc0f4a77ccfe39efc8019fa8b74c06d0
SHA177a713cd5880d5254dd0d1cbfe0d6a45dfc869ce
SHA256af8ac8ab8b39f53b5dc192fbf58ad704a709db34e69753b97b83d087202e3a36
SHA512ffea0bd7f73b6c02df6ff37ef39b8e54e480a4cc734fb149adc5c7410f445effd1fdd4f24e4619f7158913a50c28cc73629524d1a7389101a75257d5652c7823
-
Filesize
1.3MB
MD5f2ea5aa1dfd6f0ec3c62b32623a14bac
SHA1bbc603e925c1f071661c81ae85124a8a220df1eb
SHA256042acda399bb72a87dc7d37ce63d04470f6cb7d561e1f539f3be09fc9dd772ac
SHA512cd371cb282f9be0cadfec1d317c6e9d7720844d84ecb6254ab62e0b42df438b8e264bc4929f2b45fa8784a08378861cf7b81566c3f4061056d4de58ac39efccf
-
Filesize
5.0MB
MD5ae5b2e9a3410839b31938f24b6fc5cd8
SHA19f9a14efc15c904f408a0d364d55a144427e4949
SHA256ccfffddcd3defb8d899026298af9af43bc186130f8483d77e97c93233d5f27d7
SHA51236ea760a7b56ea74174882155eddfb8726828240fcfc6b34d90ecdb7e50a7e632374dcbc9b2889081c0973cc51f50967e7d692498c4abd1f2cba3f7fe8d659cc
-
Filesize
38KB
MD50f8e4992ca92baaf54cc0b43aaccce21
SHA1c7300975df267b1d6adcbac0ac93fd7b1ab49bd2
SHA256eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a
SHA5126e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978
-
Filesize
776KB
MD58d4805f0651186046c48d3e2356623db
SHA118c27c000384418abcf9c88a72f3d55d83beda91
SHA256007142039f04d04e0ed607bda53de095e5bc6a8a10d26ecedde94ea7d2d7eefe
SHA5121c4895d912f7085d6e46f6776034c9e3d8d7bf934be858683bf6dedb13abca360ba816d8a5528ec7a3ac6e33010fdb6fc89b2699b5cfeedaabfdd5df143dffd1
-
Filesize
200KB
MD54e6de7116d8c1c418080580c9795ac15
SHA1ba948a3c17e12f113477639702a82e96298d1938
SHA256554bbc65bfe8c19ba9bbd94f18977a8131109c6a4d64306778bd12250c2c5c56
SHA512853e5cd9f753145cce9dd22f6e6a6e404fec7f0db322d2db4d7b18e9cfc065503ba4fab4adc33cbf7d1c2dc0d884413f73cbc28c290d5a41ce7f3f610dad99bc
-
Filesize
69KB
MD5d6dfb6a9518a57e180980f7a07098d7d
SHA16026120461f5cbcd9255670b6a906fd8f5329073
SHA256fdd54b6c495e9278e73d68203fff0c300e416e704852908cf5b06666cffead51
SHA5122a0195a5038d7530b64a506a70de3a6b9cb64ca9206006e03f726b4420304e3a76c10fdda12c8a51f4dbd63e7112fd7e7727a4ab94e7a111587e4248a6b26a62
-
Filesize
5.8MB
MD57387fe038ea75eb9a57b054fccfe37bf
SHA15c532cbdfd718b5e80afb2ee8dea991e84757712
SHA25669fd86ea29370697c203f7e12830084f920f490766a8e3045af52c036a9ad529
SHA512c46c982b04079ed0b13617b81168598632d6c58d29e23fcbfa064b08e5836866b74880e1a9c01c12670531f13521a21177aafb10be0abb329a79291d7bff08bd
-
Filesize
31KB
MD5715a098175d3ca1c1da2dc5756b31860
SHA16b3ec06d679c48bfe4391535a822b58a02d79026
SHA2566393121130a3e85d0f6562948024d8614c4c144b84ab102af711c638344d1599
SHA512e92edb98427f594badec592493469d45deab3b71e4598d544d0b9a1acffd5327a19c09029fb79d70971cb0ed0dba56056bef8455534d3f16ec35eac723062f3c
-
C:\Users\Admin\AppData\Local\Temp\_MEI44842\setuptools\_vendor\importlib_metadata-8.0.0.dist-info\INSTALLER
Filesize4B
MD5365c9bfeb7d89244f2ce01c1de44cb85
SHA1d7a03141d5d6b1e88b6b59ef08b6681df212c599
SHA256ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508
SHA512d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1
-
Filesize
1.5MB
MD5090f55321224c4bb65d9b9d99045ac89
SHA1e28591421fa4464ed4b31e31f66b6dd6db051c84
SHA256441363c5b15394ca4b117200800722d48042c04407d03aac0d1a0a967b7c68e4
SHA512fbe3767f227289cb5e2e3cd81c83e6a75f6344c6d7f507403eab59a8ab0e742edc1289694445c30abd763625b26edb980d04bc30c4d330c88bd7315c31ca2420
-
Filesize
1.8MB
MD53fba04c93cc59c04321970d123fd009c
SHA1e39ef4bb5b9d795e33793523447cad9cc476c362
SHA256137972bf582984df7ffe8983fa66d92dba6cc5887fe6784ffe1165bab57304b0
SHA51267b2ae06c3610ade78a7f470113acdb787010cfc2628d9b3fcb487761c6b4533883cdb46f16223ea943a5410df4a79ce96b047bce17aa8fb67bb3fa779b86072
-
Filesize
1.5MB
MD5c644577350785b9a8e56c83bc7fe4a5a
SHA15fa4e6ec3b0d156c620971e14da30d1633263cf2
SHA256ddc6b69c3897ddf3ea9fdfb4b4a6b9c3a667958d4dbf6b4bbcc50c93eb341370
SHA512f96f9fa3673d5cbf1ed64092ef8d2433d47c1d48cb24c9087e5fd796c37a1546a61c8ed6760dc5e6739038e4336077544c522d00dd2c3fcf4f16205b6fc1d3b8
-
Filesize
695KB
MD5503b3ffa6a5bf45ab34d6d74352f206b
SHA1cc13b85281e5d52413784e0b65a61b1d037c60cc
SHA256071494856fdad0042964769aa2fb1de4ea95c2cfcbe27cc7132293c68d13d710
SHA512d20b860974161caa60a62268968af353ad8063589f57d71f57c91855eb83da78f40bae7aa745cc7a945d92ebe08cf244c9560ae93449de45b20a8b8fff9f5010
-
Filesize
144KB
MD5ef398b5b1b901ce824c16c0af5b1d6f9
SHA1ee6ab2f7f8aef41c3886a818418f86bca764c4d6
SHA256f687e5dd99faab1023d036f09ef8ba3c09bd3464c8ced523341780e301bdf6a8
SHA5127ed4666a21153adb44d3f34f868d590f66ab0d917746b31684c84a600c48fcafdc69d7bd6535b4c9e4400e614ee6e2e9e3ee59021dcef5e7340b73f3ae2ac831
-
Filesize
16B
MD5bcebcf42735c6849bdecbb77451021dd
SHA14884fd9af6890647b7af1aefa57f38cca49ad899
SHA2569959b510b15d18937848ad13007e30459d2e993c67e564badbfc18f935695c85
SHA512f951b511ffb1a6b94b1bcae9df26b41b2ff829560583d7c83e70279d1b5304bde299b3679d863cad6bb79d0beda524fc195b7f054ecf11d2090037526b451b78
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be