Analysis
-
max time kernel
123s -
max time network
158s -
platform
windows11-21h2_x64 -
resource
win11-20231128-en -
resource tags
-
submitted
06-12-2023 18:25
General
-
Target
https://cdn.discordapp.com/attachments/1182021470721933343/1182023689009639495/RouletteCrack.rar?ex=65833058&is=6570bb58&hm=2e67b6a1ae4faef2c79ca1d75b3015d1a6c25c90fbbbf3260b29ca8f285db5ef&
Score
10/10
Malware Config
Extracted
Family
44caliber
C2
https://discord.com/api/webhooks/1180509515980996649/MA5-6EDjFeSSHkcrdsDUHsbAQy2OmPzmIn7FrnP_3_Ua2zKPyGMXnTYoNemW6ZJQLGOO
Signatures
-
44Caliber
An open source infostealer written in C#.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 61 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
-
Suspicious use of FindShellTrayWindow 48 IoCs
-
Suspicious use of SendNotifyMessage 14 IoCs
-
Suspicious use of SetWindowsHookEx 11 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1182021470721933343/1182023689009639495/RouletteCrack.rar?ex=65833058&is=6570bb58&hm=2e67b6a1ae4faef2c79ca1d75b3015d1a6c25c90fbbbf3260b29ca8f285db5ef&1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6e1d3cb8,0x7ffb6e1d3cc8,0x7ffb6e1d3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1960 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7656 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7484 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7956 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8416 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9644 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9868 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9720 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9864 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9628 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10116 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7232 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9952 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10040 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7948 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9340 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8944 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8676 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9392 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8704 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1408,9433460362800561258,11298893061096491176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9104 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\RouletteCrack.rar"1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\7zO45356A78\Info !.txt2⤵
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x000000000000049C 0x00000000000004D01⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5342be62313dab4970ff22b7fea8d0873
SHA1f73558f6b8e5f3f40c5051a538c8fe2e994cfd05
SHA2560bc96704325f901d169745aacf06f19cd3bf24445dc9c8b1309f20d06d8fd6a7
SHA512651b3dfc0bfb7b4f1b416c67827ba0ba8b3c34244f094683787888a522822dff6c7b9d8bbe7d605b2785bf3992999cefc5531e0eb19f72cb9c2dcb39d10b27c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8ed1a305-c625-4c3f-a29e-4466d69596a5.tmpFilesize
186B
MD5094ab275342c45551894b7940ae9ad0d
SHA12e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e
SHA256ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3
SHA51219d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018Filesize
162KB
MD5a1d9428879a7aaefb214e7f5dcc707c6
SHA19223cf3d285f0e612e81da3f0a53c98ec3abc7d6
SHA256dd9a76fa10002fbce9288c8fe3ea9f399f22312828e0d7518f951136db93f10d
SHA512677e4d3ff3c3eb194eda739a23f6131d9b612f34e608a19839dd5bba983748f93c8174bb1159b498b914ecff0f5cd366520d38929178ac9e7e4326c7ff60a7bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027Filesize
1024KB
MD54322f0449af173fb3994d2bef7ecb2e4
SHA1b6ee5c6f76b8eee448f6b4b2b56fa1ec39653934
SHA2560502e6e2f3fc54a30dea0eb07eb19a395c7ea6fc273321a49a4cc977a59b7cc9
SHA512d8bae6131a5a8a1fcabb2d7efebc6cdbba27955fb77484a5d87dbce7a237c0cd5e19b74b4dad28312929ad732d3b80cf3d7f15f059c88438d0bc6ff9535ceeef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028Filesize
63KB
MD5fef7be0a77d4376636ef2d2d28fa6592
SHA1ce6dd02844490cd25721503378c65af06dbb866c
SHA256780eaf7fa4981b105ff1b161e270aa614b89ff92ebf71edb6382c5f76fc58d66
SHA512b2f3ecf3e85f24dfdc80ef4ef08acd2184664501118703e48e919bdba740e1f2824ec85197ddacbf880642b248b7e2a4aafc1e08e0b5f98235d0351c123fbaee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036Filesize
125KB
MD5a2c5e515e0df71ad8d207970d0549a48
SHA1aeb09d987c84cf3aa934e6d9c5e27f7a7769d173
SHA25601882229efde9f463f5e63a4dbcd41c9a11a6aa59db54cc7b406296970311231
SHA5125498f006c19af6dddb1dfb56baab777bb1512d72c7ee6af36592dcbdda4b681f9cd9bad16c1de0415bd78d497ac975668a2b68c42e0a43200ab2f396129ecd14
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038Filesize
16KB
MD549295de6ccd23cf80b6418a2d209868f
SHA142a955b4560bb22cb9b5b39577f7a691ea345018
SHA256d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa
SHA5122954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039Filesize
240KB
MD5cdc43315c0285713ca11e4e0a34d93b6
SHA1d2980603d702cfed4caf0e4a4ef50ca71a30497f
SHA256f66f225943e79310a4bc653955dc9019b755913eacc687be1d7380db39b08ec4
SHA512564f8bc42d8c181df46980591c5aff9b669c116933d628dc33f25c0d90dfb89a3874ab637f82541cac74178cbce8cd561454313c9ed08039a8771d9bb6a1eef4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5e42077b85df235_0Filesize
39KB
MD5744d73d3250c217ec611f7a344d1e44d
SHA1a1bb5fa672db7d7f61556082741e76b93ae5f9a7
SHA25641a75bf38691797cf4b8caa31a778f33f6741c3c6195e08f9457b25e4e758bdd
SHA51220ce5e2a139db7f51b34fa3ac59a75c813fa2ef4454b6bf1d515896ac7c91df817aeb9bc0b692b8fcf0e1387838c9913ee50c46ca5dfb6a7cedfaf736d3e3c48
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD536002a139f7595dc45ecda5bfbc121ec
SHA15231dd5d64afad51d83ce15958fd19ddd4e7bb43
SHA256769ad4e900e801123677cd9b843d604506c181dfbde359ae92bec52d86b7bd67
SHA512ae48c936613ade7d7f5a99b9ce79f23f4640edc1a27272b5c2ddebf9fcc62b365878356f5fa3d97c0aabf7ea85f832fd53f01146db714b62c5584f4822a7dace
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5715c05e88e73641c57042789cd33aebe
SHA1162c765fc6ec04ca03d3f186846f15275af2fd2f
SHA2567078aa5daf7a5526b9ec814d5fa952421e2b256ab5e75c286de4f6240c38a9fc
SHA512dc145f6cd6369ac6d6fa7c0c60b167aa7fcbe9bcdff67f3e1097291ba48503d75b4236653a84a97f64efd731ab14e32716b598fb20b7f43a984cc0db3d592a4c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5817263f96dc2ad887606a1b58bfb73b3
SHA19192aa16838d7bba9f118afc1653618e53254bd2
SHA256edf7df59cf312686388bbf7b70c6a56e52ffba429184622d9bb78d45ca734137
SHA512f0a808d88e8221986946338a9ff9f81cbc92045432ff706184e8b2c5297ef4b242e88673fffa03ec212f3fb7b8171cfde244bc6c9926f7d06a1860d77173b89f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
16KB
MD5ed81bb88d4808d78c4f5de3b8962b8a7
SHA1be57847901cc0c6b0db7f468613c24625b0edde9
SHA256cb2196a53cabd33ea4854bc4d1cf4a0be27d1bcbb56b5ce1345d61caf155abcf
SHA512e71704d58ed5bbf490b31d80443efa7a21f70f182b66013cb0fc00469ef7d8ef5196e3072bdabdf6a4332fbb716ed075d57f37d0c501f50fef2ab20a20a8a6b5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
18KB
MD51663bdfc50ab68f17293a0e905ed12c8
SHA1e07b433f090bfe7df4be38080e59891b099b5147
SHA256b2ac85f751d93d97442d0973b7af67469a8054670275c455b4c1503a7242d354
SHA512c040ac95883510f39d820a3d13328f98083d154d71a03c2a88d57aa32e8c5b02bab7559b08c5e6806c37cc04de5a7850035d1c49e40c49029dd7693ca77fa19e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
25KB
MD524fb1040f4905f2b3a97eb663de02b1c
SHA1cc9f22f239793c8ebe5985e01e449f5392cf5448
SHA256de4ab1da62784c9d19ec6999ca10a93fa4fad6ddd6410b053af32434c6010eae
SHA5126bf47f3636b7879bd7dbd623ab6546455bb2a869274074878ad92e479903a7fd2a02b4eb85606ac9c83d3228b4c08761a2393f2b71eb890ce0b7efc8dd1c4907
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD5dddbf945e71bde640aeaee3dda07131a
SHA1aa8f0c75354f07ba55541f48f6cba4661460d6e5
SHA256c374033a9ed2e0e117dbcc13eac67843b3e1ce666ce03ec6a6aebd1cdeb71bfe
SHA5124cb1acb36a2fa23505046197615ad1b19dd3acfd25c83cc63648bde997815777d1d782b20bd5c7eddec22e7d2b17f891444be14373ee74d5853d80116291e3a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD527d57b6abf6e2d0a7f634d906f8270a7
SHA1d124476ec36572f33a54632dc216b9603db10441
SHA256d893f98f6b49fec91ae067ca5411a5a7040f2f5f6c7f690b9a1630c04188b706
SHA51230a9eeb07355e7e64cc13196a21af623ef358631f880cee436c0d149ba0fa568a5d4346722d35766c978c9eb01b0809096d57fa3f21d0a820d11ac3fcf8ccaaf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD564e3e4dcb1aaf595684b66a27b0d7f9c
SHA1642929fb30325aea9c9950637be6e2c22e6115ad
SHA25635dd6a0a8f2236e437298c989b09465d91f7b62f21d8356ef7677cffd8f0b7c5
SHA51289d2a91018d8e7b6d608a4e3e5f8163405ac3097626ce3a0d0d99928a86166ae21dfabd83da6ccb8446017e5db49e0f3a3fa6cf914317556774a3c7fe40b0bd0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD5e1ec5be38277a564b10021146c362cb8
SHA11a569fa8af23b6fee379eba37d94a3e24f63aeb9
SHA256daaf25e935a88df7870fe4a5a86e13316be46dc9714cb0ba38cac0cf8e93ff38
SHA51263c820d25bb00c306c7923ee628de17a3d7674329d69d9c90bd51b16ecdef1bc1ad3da2484b977aad3b9d3d951cf236919a4707b1906e8f4ffb57c74e5d36d77
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5929e5.TMPFilesize
1KB
MD581702ff466c4b90d5783a65eaa1fb480
SHA17b27c59cd125a1152ff5a46e202fa23aee5f69ca
SHA256a61b1306a5c9ae1a88a6856ceb7878ddb3ba2983d80967e3be36009be58fdcde
SHA512ff30c4d8d1d36a6e55359c532c4fb0bcf41615ebc894238567081d11b98f51593ccb0773210016f1f3953e8985ad5c15ba50defb80e2975d511f2f1315653002
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59929e25c6115a7fe80aee4300f8f8b9d
SHA1d9581f14c4ca4d195433e3c0cbd977016be5b91b
SHA2566b625a05d4d31674f154a6004e6910daef297a3baab8339b7fdeed308f44ac4c
SHA51290d78beaaba7f8684e8c4cb85507fb16ca7eeeac3ea0e6cc4fce1840eb5e8b308858968cf2c4729c020c4c7fe02df039aa1003c0cabdef8c11436786c1b3e306
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5828f74a6cf6d674212084deb6f5852f0
SHA13e440580ef9bcf05e2acc513028c716df3a40b19
SHA256906e097db751fcfc9ecbbb8eb68a75a9ea901d85234b98f4118524471a753696
SHA51244d1fed4e63a58c59abe55a1abebfd9b2c940d710e69127b7ce04e9e096f4edacd1c990ad4d0f7efa8aee8894c71ad6a2c8672bcd8e795a11db132f080f42f22
-
C:\Users\Admin\AppData\Local\Temp\7zO45356A78\Info !.txtFilesize
236B
MD5b3a16e467c11f79822e685f2fd7d227d
SHA104b9f75e34ca288219268fad823fc94394462faf
SHA256c6e75ca895bc94d0f9585f5661cecf0baaa1f995a83f27f1945fc7afa74bb751
SHA5128e151c528e8a81ce2007c8da8e274c380ea37f37dfc5303821e26b1cdd84d82dfbfd68d55dd6a4f71a75068a7c982e16706cfebc46824d825cfa9ef747987da1
-
C:\Users\Admin\AppData\Local\Temp\7zO45356A78\Info !.txtFilesize
236B
MD5b3a16e467c11f79822e685f2fd7d227d
SHA104b9f75e34ca288219268fad823fc94394462faf
SHA256c6e75ca895bc94d0f9585f5661cecf0baaa1f995a83f27f1945fc7afa74bb751
SHA5128e151c528e8a81ce2007c8da8e274c380ea37f37dfc5303821e26b1cdd84d82dfbfd68d55dd6a4f71a75068a7c982e16706cfebc46824d825cfa9ef747987da1
-
C:\Users\Admin\Downloads\Casino.exeFilesize
274KB
MD5083e9f77cead831250c14df6e0ff0323
SHA1d4c534ce57964b55627c6ac53c8fc4841396f404
SHA256f68686a3cbbbc790fec813d6251011706598c2a29f6d6b819f14583bcfce8c7c
SHA5121de8bdfef8f4ecd0d2625751ec07aa184c2dde9c1f75a04acdeb704ef2fd5f45572c06c578d51df989f6beeef6f9833b51d477a06ce943b849a0b44c16f06644
-
C:\Users\Admin\Downloads\RouletteCrack.exeFilesize
8.6MB
MD560b042a0bcc77276b7a836a720dd8a92
SHA16c803d1126e316b9f9105fe961062fd14652accb
SHA25620bd06f7860c6f910c594a249929e32d92c4693c86285d1adf59473bb4182a17
SHA51206238654323ceee5cc03e4a2dfe246da0961ac778d8b5ec9978b054fccb25397a944792b8b20bae0e1b1ddb0b8e2f858e1d2004f1262ce198dad4aece51efd5f
-
C:\Users\Admin\Downloads\RouletteCrack.rarFilesize
2.7MB
MD5f555e9ac9e16b840037b1b13a2ab4030
SHA10255bda3231da53136ed53edfb41a679e694534c
SHA256306a3bf9047c84cd3949f4e6b0f972bf13f3768d5d75197834f70ad6e1d43a09
SHA5121ceae09e9198e406e0eb3fd5f137e3a6fece8e188b3b76b3a47b877c2c059e661f2f927db8b1683f995907c5432026834b374551a2a22784fd7e3b6362a57b2a
-
C:\Users\Admin\Downloads\RouletteCrack.rarFilesize
2.7MB
MD5f555e9ac9e16b840037b1b13a2ab4030
SHA10255bda3231da53136ed53edfb41a679e694534c
SHA256306a3bf9047c84cd3949f4e6b0f972bf13f3768d5d75197834f70ad6e1d43a09
SHA5121ceae09e9198e406e0eb3fd5f137e3a6fece8e188b3b76b3a47b877c2c059e661f2f927db8b1683f995907c5432026834b374551a2a22784fd7e3b6362a57b2a
-
C:\Users\Admin\Downloads\Unconfirmed 186961.crdownloadFilesize
8.6MB
MD560b042a0bcc77276b7a836a720dd8a92
SHA16c803d1126e316b9f9105fe961062fd14652accb
SHA25620bd06f7860c6f910c594a249929e32d92c4693c86285d1adf59473bb4182a17
SHA51206238654323ceee5cc03e4a2dfe246da0961ac778d8b5ec9978b054fccb25397a944792b8b20bae0e1b1ddb0b8e2f858e1d2004f1262ce198dad4aece51efd5f