Analysis
-
max time kernel
153s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
01-04-2023 03:49
Static task
static1
Behavioral task
behavioral1
Sample
Endermanch@MEMZ.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Endermanch@MEMZ.exe
Resource
win10v2004-20230220-en
General
-
Target
Endermanch@MEMZ.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Endermanch@MEMZ.exeEndermanch@MEMZ.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation Endermanch@MEMZ.exe Key value queried \REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation Endermanch@MEMZ.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
Endermanch@MEMZ.exedescription ioc process File opened for modification \??\PhysicalDrive0 Endermanch@MEMZ.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230401055043.pma setup.exe File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2b786f16-ab17-416c-899d-551dfa41a8fa.tmp setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
Endermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exeEndermanch@MEMZ.exepid process 116 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 116 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 3756 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 1932 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4768 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe 4912 Endermanch@MEMZ.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
Processes:
msedge.exepid process 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1976 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1976 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
msedge.exepid process 2188 msedge.exe 2188 msedge.exe 2188 msedge.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
Processes:
Endermanch@MEMZ.exewordpad.exepid process 3748 Endermanch@MEMZ.exe 1260 wordpad.exe 1260 wordpad.exe 1260 wordpad.exe 1260 wordpad.exe 1260 wordpad.exe 1260 wordpad.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Endermanch@MEMZ.exeEndermanch@MEMZ.exewordpad.exemsedge.exedescription pid process target process PID 4908 wrote to memory of 116 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 116 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 116 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 3756 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 3756 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 3756 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 1932 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 1932 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 1932 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 4912 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 4912 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 4912 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 4768 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 4768 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 4768 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 3748 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 3748 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 4908 wrote to memory of 3748 4908 Endermanch@MEMZ.exe Endermanch@MEMZ.exe PID 3748 wrote to memory of 1812 3748 Endermanch@MEMZ.exe notepad.exe PID 3748 wrote to memory of 1812 3748 Endermanch@MEMZ.exe notepad.exe PID 3748 wrote to memory of 1812 3748 Endermanch@MEMZ.exe notepad.exe PID 3748 wrote to memory of 1260 3748 Endermanch@MEMZ.exe wordpad.exe PID 3748 wrote to memory of 1260 3748 Endermanch@MEMZ.exe wordpad.exe PID 3748 wrote to memory of 1260 3748 Endermanch@MEMZ.exe wordpad.exe PID 1260 wrote to memory of 3616 1260 wordpad.exe splwow64.exe PID 1260 wrote to memory of 3616 1260 wordpad.exe splwow64.exe PID 3748 wrote to memory of 2188 3748 Endermanch@MEMZ.exe msedge.exe PID 3748 wrote to memory of 2188 3748 Endermanch@MEMZ.exe msedge.exe PID 2188 wrote to memory of 3096 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 3096 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe PID 2188 wrote to memory of 4288 2188 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Endermanch@MEMZ.exe" /main2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122884⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd34f446f8,0x7ffd34f44708,0x7ffd34f447184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff742245460,0x7ff742245470,0x7ff7422454805⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3612 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,12160337016328406089,11525544563583022026,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd34f446f8,0x7ffd34f44708,0x7ffd34f447184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd34f446f8,0x7ffd34f44708,0x7ffd34f447184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+20163⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd34f446f8,0x7ffd34f44708,0x7ffd34f447184⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x40c 0x2f41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD50820611471c1bb55fa7be7430c7c6329
SHA15ce7a9712722684223aced2522764c1e3a43fbb9
SHA256f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75
SHA51277ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5425e83cc5a7b1f8edfbec7d986058b01
SHA1432a90a25e714c618ff30631d9fdbe3606b0d0df
SHA256060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd
SHA5124bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5163202a097983b20ce2bc01b538ac220
SHA1d6687b7a0da5b733e677f7f9bc909527e97ff748
SHA256031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e
SHA512dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5163202a097983b20ce2bc01b538ac220
SHA1d6687b7a0da5b733e677f7f9bc909527e97ff748
SHA256031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e
SHA512dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5163202a097983b20ce2bc01b538ac220
SHA1d6687b7a0da5b733e677f7f9bc909527e97ff748
SHA256031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e
SHA512dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5163202a097983b20ce2bc01b538ac220
SHA1d6687b7a0da5b733e677f7f9bc909527e97ff748
SHA256031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e
SHA512dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002Filesize
20KB
MD5923a543cc619ea568f91b723d9fb1ef0
SHA16f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003Filesize
331KB
MD595efe88b5b36c29de90d7e6e99300857
SHA19a0ebfba154f93b7ba83b733daef1225beefee76
SHA256c596953e04cb63487d2543005ed52be5b4dc0ee3c38f394f530ce1ee9d79f8a3
SHA51238d21358e5a36e63ae79a6e0346fe11fafd3404830bb9702355404cb6b0dbd5415d58a1b1db1570374b0212e894c2a03f4b37fb18a98cd9d00e4a6fcc438891a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005Filesize
64KB
MD5c4f7300442a8f13dddf5c9bd09128727
SHA1d7c8a30cdfe9027cca42c45f44d569627112ae6c
SHA2565decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155
SHA5123b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007Filesize
37KB
MD547ae9b25af86702d77c7895ac6f6b57c
SHA1f56f78729b99247a975620a1103cac3ee9f313a5
SHA2569bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224
SHA51272b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008Filesize
69KB
MD5bccc51004c03a0c94c1672047afa992c
SHA180654bd616d7b2ba2c477679ffa7c5cf69638e78
SHA2569d688650a392928dc61497e4783e117dd40908415e4d3e1d4cc3bbf20190116d
SHA512a5f410f3e0c27fc12156f7c132303c7a4171de267a07aa6edd0eb69e37a7ac73e5ff54dd8f4060740088df96cb119a09a499a4b3421ebd64be93bca7bd96a79a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
48B
MD527f15793944ec5d09c9959235db29ea1
SHA10371493d984e4da952a4b8a4876e606a8282fa07
SHA2564612f6acab30c7301bd86948767bf9cbf1d1c376af570bffb7999770910f3e2f
SHA51276628743c9567cefc9c0985ff4e59fa9bdbaeaf43565c88696afb21fa5d76a52354f166c94bb36d40d86ff497acddb4fcbbebc094ad9c3f8c7737b8ee56c1cc8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD57b456de21bdb97057f564106c6ee2db4
SHA13213ccf01c0d832aa8e17bbeb3e19654d14c1223
SHA2567105d476057e5beb0aa0dca0363cb45501450a8adf9813135dff508d03df8aa2
SHA51226525f6c3159e5ecb6ea39dbabb3cd7ea5d882014f32f3243e2d98884c3f1e1c325c3bc392adc8241d17289701e45b0dfcc356d1dd953b9821373f5c1e16bcd8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.icoFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD5b08bf316f11edf5cb39b535aef4ad403
SHA1d971b255a0b58abec3f25d8c1dd4bf19ec0ba014
SHA2560376ed2f40a4421b5b398a86ba2938f30c43c117c371a81f449671466183f8c3
SHA51245a900f72d46ff28974f83d0e95856a1b12fce5e0d10a7c00c5bf7e718a81b1464462a61983f5e91d325e3dac36c709b860af14ec04e48ee6eb3edb483ebd324
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5df3edeacb061aef584727a0a5b7d374a
SHA1ff1b8a7f431c475f1012622af4819acff95a0401
SHA25659ecd9e985fe880322d5bd85d357485e09615bd215c939dcf2e6b51c3bcf277e
SHA512bce99cf5e9f5d553f9642a1987e50692016f3c8ead2ca4963543f6eb520c5aae8a81bc38b6155a54967a92edfc9178e009ecbb6cb5090d24a190119fd346d568
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5ff8ac44d8fd039f5d0cd6475348487de
SHA1bd56ad83fa35210aca88583ab40becbcd176dccc
SHA256c6d8c6318301a8a307692c647cb347cece949504dbcf559f252301b687bea20b
SHA51248f6ff0748e648b534e8be08f3eb23a6a83e7c52b4e167158eaf0fba20f37e30962edc3740673cf01b23119bbe922a5e343ae0ae5e8272509e702d9b8eec031a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5f208b45e616931a7f86dd1a880740e45
SHA1fc60305e963575f3ebd4136b9f8efaec5febb670
SHA256ce2d0e11dd8561da02108c1ae947a178bacfa6a7fa0da3930e2b6f39abf7ad8a
SHA5124305b8b8229c2d551a08c4df1e1a564f3db3478dd9dafc7d2de803b5b2b48cd671edb3f03e35faed94878c1fc9ede7f966221498188d111c232e4a6e70340058
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD510bac9a6a991b82ab187ca271909f2a3
SHA1483c5ed3fff86f8189e4105231bdbd76ab6fd563
SHA2563f11bada6ea586e485cfdf5b5c8a92c1aeb102fee71880f9e14fafa05d7d3ae3
SHA5127422c9f3bf38d94cdadcc2410e4f392e29bc8d28472de74370ae67cf5eff91842f0d17c36adda9b64212eb9dcb4c5d194268f2eec52a423b50c5472a011b0467
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD591ab44e70293cf25a5a98c878ae2206a
SHA1a137a2b5d277e56996d291de0bfcf22b9c8aab2b
SHA256042ee58c56f1fd6176183991a614f3f343c3de0e9a4c453e1eba4c7cfb55d05f
SHA5128cc1aaf5895bb44a6d302df5c3e8f0e34ee754c85be92614011779bdf394c732232256701426e834700f1f555ceccfc128cb74d38173e860f752e7ea3874e932
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD57880cc221958a35caed9589e3cde40ed
SHA1416c921b6131ebfda43b74d5c0528b42826bfdcb
SHA2560275be4971c0435efa17f7ef0efa3edf10c021ee12442fd0c50999b7ff709592
SHA512403892e4d8098d319bcad8f2016d56ee503af713881177db5b975afec6e22e0e643a1ca547cf3c4025a9ae3d458702cbd8e19689afc2870ccbad60baec493f72
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD5d53ac35ab3976e67caeed75c4d44ffc1
SHA1c139ab66d75dc06f98ada34b5baf4d5693266176
SHA256647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437
SHA512391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
90B
MD57dff0eb3892b7a5bca063ded4511beaa
SHA17e3f41be2921125c0852981fa317e40b6581ddad
SHA25613013eb51dbe89c7aadba0094895b9f7799bc54bc7d3befc722b235888404fe4
SHA5123c1f4f12bcb95bef8dadd1e43a93dd2d92f713d90f05a28c1c79c098f3f4160e6482602f6b19810ae351ebd345cd42209a4ca4d0048a25c042efa7fb6fa20d89
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
90B
MD5c17f01b1473c6e5cd033167be45c724b
SHA1535e12a6f5603684f07c8afa4102b4f1a78b46d9
SHA2562c2d846d7ab05d13691cedcf96f4c8238f2b465fb0f66283896bc8ab20084fe0
SHA512dec30e6a67c49d7b23bb6475a1f2a0ed87fe262ce95892b123e7a5d448b57e858c837a0af97438810ff6af6947ce1ab4fc51ad413ed3eb309be452583e820728
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
26B
MD52892eee3e20e19a9ba77be6913508a54
SHA17c4ef82faa28393c739c517d706ac6919a8ffc49
SHA2564f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
372B
MD5c9c49bd66ae9092346ced9315b97594b
SHA176bbec653ab046e2b65835a6cc4252f773938803
SHA2567d79bf89849c8b9c185cf787686e14f8eaff3d6a3397ee1876cb8273e2fda2f5
SHA5121d30cc81e74dd15a97e0a0699b5d0179eafb2be472548f8b73e0634cf0834d07e8dc6d3e36549e46228305e96d9e17d57833f52eb2c42771cb4631cda91c531e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e43.TMPFilesize
370B
MD55fabf88c910e81c71fba070a32bed53b
SHA1561f37f2ba6a43bb384896decf5df50896e1034b
SHA256e92f116cbd482c0e7013c01f9b752c0451bdc3faeb8470afaddd64fe949ddd2a
SHA512acae5278d7413a1bbab8737fd9e2449896d4e24b6d93fc4ad533adca666d6a8bb4b6469d9fdc6650b2f2f6c16abf97e495c22c79c994b5c3bd5dc6daa83109e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD558af20babece6106aae079001d0b8163
SHA1b63114f047845b735ffbce9948601273b281fa12
SHA256a2351691b6017542c44410f04df4281a22c1467e2fe27a2dc6c4d71e7fb568d7
SHA512534e7f21389d68d23a520def631b3e3112205344076e8a6d435560d082aadcbc3fae532b6111bb46923570a872896a46c1a8103006f0b10d5d64e337314f8ab2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5ab4bf6f13066ec383d5c983c10259d12
SHA1329409173699a41bac45e17af7f68eb2ea9ed012
SHA256b9748b014f6c5e3fcd1672bea82694ab8483584d430d1aae0c281fd5ad0d8265
SHA512f39dbbd9e0ff78caf3c59f01780a2deb26499d45654ff7c4e0e4baee55c1667fd25d46b057a83708a8a1d5f2b084a1bb8f962e2ebfb5c4a54b07d39168307534
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
3KB
MD53923d968ab436f5859d9b218f1dc2749
SHA1a7f4223337c67ef3bd3b243252ccb35cd491c9bc
SHA2566d4893bc6e985ed69ec205b94440a9b2924af2e42aa1bfb52f0636e54a14458e
SHA512aa5e654f8a34a089bae916554d4e03e0fdcfc2300d19fa7edd343eea1e95df1d609d21533324180c9d6d52d66e356ad17774afb114fac637d950baf450978e09
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\LOCAL\crashpad_2188_QZQRJRNBFVOWIDIMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e