Resubmissions
29-02-2024 15:22
240229-sry9vadd77 10Analysis
-
max time kernel
385s -
max time network
382s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29-02-2024 15:22
General
-
Target
http://f
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___3ZO9108_.hta
cerber
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___2L4796_.txt
cerber
http://p27dokhpz2n7nvgr.onion/A33D-2056-61EA-0446-9668
http://p27dokhpz2n7nvgr.12hygy.top/A33D-2056-61EA-0446-9668
http://p27dokhpz2n7nvgr.14ewqv.top/A33D-2056-61EA-0446-9668
http://p27dokhpz2n7nvgr.14vvrc.top/A33D-2056-61EA-0446-9668
http://p27dokhpz2n7nvgr.129p1t.top/A33D-2056-61EA-0446-9668
http://p27dokhpz2n7nvgr.1apgrn.top/A33D-2056-61EA-0446-9668
Signatures
-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Contacts a large (1132) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Windows Firewall 2 TTPs 2 IoCs
-
Drops startup file 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Drops file in System32 directory 38 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Program Files directory 20 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 5 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 19 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://f1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec85f46f8,0x7ffec85f4708,0x7ffec85f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15123359521206590662,3634012242104291609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15123359521206590662,3634012242104291609,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15123359521206590662,3634012242104291609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15123359521206590662,3634012242104291609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15123359521206590662,3634012242104291609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15123359521206590662,3634012242104291609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeb99f9758,0x7ffeb99f9768,0x7ffeb99f97782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1892 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3052 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4620 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5140 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5488 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3324 --field-trial-handle=1944,i,5485088283039671830,12905178671769058269,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffec85f46f8,0x7ffec85f4708,0x7ffec85f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5732 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5680 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4132 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2692 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,13871773871703196058,9786164387036361325,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cerber.zip\cerber.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Cerber.zip\cerber.exe"1⤵
- Drops startup file
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\SysWOW64\netsh.exeC:\Windows\system32\netsh.exe advfirewall set allprofiles state on2⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\netsh.exeC:\Windows\system32\netsh.exe advfirewall reset2⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___NAINN0Z3_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}2⤵
-
C:\Windows\SysWOW64\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___D60O2OC_.txt2⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im "cerber.exe"3⤵
- Kills process with taskkill
-
C:\Windows\SysWOW64\PING.EXEping -n 1 127.0.0.13⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\5eb363b156a84ea0b103249bf835e2af /t 1728 /p 38281⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.Mamba.zip\131.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\131.exe"C:\Users\Admin\Desktop\131.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\131.exe"C:\Users\Admin\Desktop\131.exe"1⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001Filesize
195KB
MD589d79dbf26a3c2e22ddd95766fe3173d
SHA1f38fd066eef4cf4e72a934548eafb5f6abb00b53
SHA256367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69
SHA512ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD52fda3677c6db82897dce70a496ea0b26
SHA1c1202001d9cb75b8981b37b27689338f2ffaaaac
SHA256c619b344e5d7036bbd98d21d08ac7c6d1744366431a88149d405c9f56473cbd1
SHA512a80f7e7111a840bb90a10bca517a368e6d5fa84ecd1a018deba98620e748d23b2ddfb390fc23a470b31ce3ef96436893b926993b9e856ff259fcc490307e8e86
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD566f41d4374391003381e4c1f204c841f
SHA1588e8766c4bcf37cf7958c66857c0ab703412525
SHA256774c09fc66c0a65d453abd001fd28d02364fa7b79b07e51d2481a659dd562cb4
SHA512b11762fa36e5044804812a4739a324a5c6a9b1629bd6d5b4106a1cf2e61aa5eb1e4b4edc002ffab60c757aae49a87c7091e015cc7f781f2181e6a254c51addcf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD5f957bca20edda47adedd269d3bced437
SHA15d9aecb307ef8f350a40cef8071b857cbed15d55
SHA25625860a313ac009175b9f51d9d43c9a543ef2e50f0ccb9a6346d3a5feee9e0e5c
SHA512687ccc784fc62defe0e644d916ea044d0a90560a152b34e8feea55e5fed759075b572d7fcb19e25d471e92c74baffbec18d25ffc7084878be1ed74156b2e0246
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5aea59811db05ac4c36c693a15d55cc8e
SHA15607a911fc0e2a2cdbb59f5ee8ae7e0a37f9be40
SHA256bce835581da9d7931bf026d8c68edd95e548d198e3df6c03687a68fe8c4a7977
SHA512231d2238b0b19ccd201d5be2f86becd4ffeddd462848d1ddf2a898a4bd48ca047da463f362af017626eaed146f31da8f431cb7d77843b93408cb983462aed412
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD50f3fefe630bdfae6a36e8e8d5e274d7c
SHA11b6ab32f85e454537f7bfd5130a2261b4e9fdbb6
SHA2564548f7db8df042f7e8e8b3a284d0b8401eb359dbedceb59666b3b832c1e31976
SHA5127f231493b09656ba43f94bbadc54aa0833949c088b39aece6e6cbf4ff409162b2b2a88d8de32c7057d0a1a1614483c6b0ff1ceb3f72df8347a556ca053ff9af8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
371B
MD52b9bb035eb90a14a8f7b91d6e6c45f3f
SHA14ea60ad3090037ba2e4937b75368a000158840aa
SHA25648f7e1d69eded2d5ae0b0af60a901e67a5c7102d818a080a0430afa217c74094
SHA5127e00e3d11058f6ea03ca14be9bfed460fcab2438504381aeb4daccdba201de74eca64a4182722c57443dc262401f0b2360dbcc0932721cda736f7f91bd6f28ce
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD51b919017b7ded4a18eb9e8e80cc48d34
SHA1edd2606233b74462d7f2d8444fa512eeecebc164
SHA256ec88aff2f0bec225b8ef1458df28b5187f7ed1e6821de22d96dc6ec2e44f3aa2
SHA51215ca7cf7970fe593490a3577a9bc5c3812ac3ef959b431bd822fcb3a129cf7c3acad16cdd8cbe1ffeb4349a0399eca127eeae2a79a7da8391645e69f5d5c50bd
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD525e21dbbdd6e13037b0c65245a9efdad
SHA1093f1b5c5d880fb9172ef7458c8a3c9b06920f2d
SHA2565a23406991f3a9ea7ac9f8eb3a12db480626a97f91f361e0fa5c0b33b9b3e9b4
SHA5122b9df7d38ea5099440c45ccec08051758b760d07e712fed475868dbbb3908f14778dd46353d0cfc62efef23f935a7c4fe8131a92f12a324835936bb9c7bcbcc8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5151aacf7142aa2fb6293a35eeafee297
SHA16aafe65c5f426ec240cce9b1ba309b8ab482604a
SHA2563476d7ffe905821cba7ccb4e18b60aa3659067a14df4a00d763f1d6d6818a027
SHA5125e927bf53d1bb59942f9cdc239cf6f71f407b0f2f60267a386044d5d1ebc9c6fa18ab9a49f04c3f539b76e67a3a677b89941d01903babe509a50b83d057116a4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5634c2de74a6613dfefcae07cca044e08
SHA12f385d813bdc47c27ebafb93fbe9ee2195a6def4
SHA25636d86e095f8c192157cf77ac1940683b1fd3547fc1f018f34fa15ebc6a0cf119
SHA51261c356cf2713a257282f52ce4aac182e51c640769d539ee898b0ff9d2d02b1babf39b756d057e1695c294ea535bb89f9fa5114353cacddc17f0382c3c8d1f2f2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
15KB
MD5445db10cdb1ea07dad7b48745178515c
SHA1afea8a60a00a462284dd38c5b11a710930accec5
SHA2569e9c87c4960e46bf7551e6c86297703aebaf56242800578785048fe02e1023d7
SHA5120b36ea51716d6cb7d3f9e5973f7ef728047b97c114252431eafe4fb2b7efd1a8379b5e0cee93c6b607cc644461de3ace3aa881bc5cfb10d8b20ef1399ae9336f
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\fbbb6156-2228-4d27-938d-3886cc3ef0a4.tmpFilesize
6KB
MD5882a0a6fafa7e75c70fc8733f476f115
SHA1f1264f64de98f67dda9a7df1c3ffa68fc785be78
SHA256ee98bd4e13de6ea05bb9155fee2396af3778474104ad07243db2e31a27e9f662
SHA5128a8d3b1db21e37cb198e1804c3eb0162205acb5ac9711fdb9781f38dbb55d3e59d55104696711350f5653973c7f1d4c717b589abf2e8cf7bf495f05f157db082
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
254KB
MD5bae8871619a8f858183b59d4d009de22
SHA1800cde7ce8537228162d121734c79565eaa76d00
SHA256ea2fbd53e5195dd10e22a6845ae614a0661b12f14132a80d7e86708f986a3b54
SHA512d2f8f1cb13d81bbfd5bcd888bd304cfcf21f2a544211e517e1822852bb22adcdd87f2c105d08fa05ec94dd6e32fe2a2474e1fe1a3cde1a4e08575a1380285108
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD534e3f8a801e516ffe03376f78a8f4185
SHA127c4fbc447793098152e84f8dfa5a502e1971558
SHA256699f84eb9111da3d1f36a677b68ba1f8fbaae03771efdc638e0b535e38dbd979
SHA512189d30a8718d675f1a895a74755a1c1b2b052948e3794bc6da48e1e6d5cdf3e1d3cf8a3fe5a09c960a91ffe25d35621b180db00c06426c0c578300bcfe409e11
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\47c89acb-b967-4d9d-aa83-a5c2efffc53a.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0Filesize
44KB
MD56683977906106c429b1ab0874fd792ce
SHA16adc5bf6c58f8ac4f2afd18e092be3dca763fb46
SHA2569832d382517b3c1a7a9b50932f7e8d9c09af145bbc88aff3bf2323323acb1907
SHA512ec6006d0f4a7bc38b62001f10dfa2e210936e2f81e85a6b7328b484057be9151d0e17eae2e24404830b8ecb2c9f202782c0255ce198e6d34f3bb8ca4ff14f608
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1Filesize
264KB
MD51917337f5d7f11afd4e320db7da3b9fb
SHA1de6144f34add8f3e1379b9c3ba53b869fc882793
SHA25631e635108b429c5582064809a8c7de81860057d3aee636bb2637ff4ad42af5ef
SHA51218a6e9aed275427de372748534ef5505139f917f30b2aaa267de56a837cf49ed7f79325d0466eea817742de9ec3206ec3d4231d661565c7888435f8c3c69ac25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011Filesize
20KB
MD58b2813296f6e3577e9ac2eb518ac437e
SHA16c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86
SHA256befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d
SHA512a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015Filesize
59KB
MD5063fe934b18300c766e7279114db4b67
SHA1d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd
SHA2568745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e
SHA5129d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017Filesize
153KB
MD52f3c7b5f9221520efbdb40dc21658819
SHA1df12f010d51fe1214d9aca86b0b95fa5832af5fd
SHA2563ba36c441b5843537507d844eca311044121e3bb7a5a60492a71828c183b9e99
SHA512d9ed3dccd44e05a7fde2b48c8428057345022a3bcea32b5bdd42b1595e7d6d55f2018a2d444e82380b887726377ab68fa119027c24ac1dadc50d7918cc123d7b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018Filesize
28KB
MD5b61de4c8c3c3a79f3d0eb839f206c485
SHA1fbf741475be23d6cb0c6147397c305fee2c45e0a
SHA256f7dc65d6317d95c8c85ad0d9714ed9271bf969bf7a8adf1eef04a9edc845829b
SHA51271aac5c20ad910dd33850afea210b3dbfbac4f6835e93a4bb7723b3b42090aa94a6c78d7ea5c508130e5de3fa45a0c7439426075c6d38b39a8b4b7dd5d8dc2a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019Filesize
19KB
MD59c9826fe7f73c9653a44e461bd02aa59
SHA1a5a393937e2f6d0295e076d7681c055e6164a666
SHA25608608aa6f907b9e5b93fe2db70c630c4d0d31199752a0880b129d52cb0213d17
SHA512f7f2d655bc1df5166329e97732c959c7ec4b9adbd298e44ccb603991982485b64783b88e910dc0d3c3a18d14a0465f885dcfecb14847c1cdeaace62c301f111c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-indexFilesize
3KB
MD515bce88cec9a96e26c5ef4a48648caca
SHA1678c8b3b2ae0afb0f0604268d217609150406683
SHA2565f7bec0b85e15af0db08e2009ddfda887f6cbf2384e8153cdf1cc4cd97f0cb15
SHA51245973cfe06ea35490369fdf4511a2a45356fd0d1781bb95597bbb51d32203d23d2892058dfea83cd91b5e2cfbec33906c8fc58a6b676c1a97722a499512b7b7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD57aad912a88d80bccaa7488a3d1708b1d
SHA1f0c5fc123b33080b54aa6a0d77176cfa7299429b
SHA2567a55dc788348b996f23e5805c6e1889a042af50ca975a66829382ebbf04f1780
SHA5129f6856c7670aa0027033bc3df74a3b55e15ceb8c157a0af4486bfbe09166e95c9347da7c82f664b1299ca63cf6e97838ab1e78f122da51eff69b11988967b169
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOGFilesize
319B
MD504efc2ad4f22b662049b4c6d59850da1
SHA1940a7eb7b028c5d1c9b0a170f85dd72eefbf96bf
SHA25675b6468ddea76fb50906a5d16c9f39b255aaa897c3d6ad52d4d9b21eb9f3f5e7
SHA512f79832a521bb5323782b11c8e1a532070b5eeb77a12e30557af9ac79995fda0e73cd252f88acc82d655cdf412037b31b3e809b3dc1ef51dbd82fb7ab9f3dc442
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
6B
MD5a9851aa4c3c8af2d1bd8834201b2ba51
SHA1fa95986f7ebfac4aab3b261d3ed0a21b142e91fc
SHA256e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191
SHA51241a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
331B
MD5d9db1a2e218cf497a35674ae5fb50829
SHA139a191d6c91702986b620805ad6a5120b85bbcc9
SHA256cc0de23553f2e64f07bfa0fc4ba851739c842aad215d8dd5e3cca92ac970014b
SHA5124963e1bdd7e09f0a7bd811ab4af299e971df56d1b080126e09c6f017fbed27bed08e51e03032008416f6fca2670194154fb7fa0421bb7694dab753d7498124d6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD588c813c2e19f600d1ab902ccc98bff43
SHA10a25c6365c0bdac8c41fd3e994d185549de20242
SHA25668ef04f2d53362d8cfa8ef7c129ec05a75513579a7535b6091a5cc03dcb6ec69
SHA512315d216df050d9c2eeb90f8c21270b8437f3ea32250c76155b29afa9d6919a9430d7c1eca10c731e0c6088c72dd2a3fe5f896f7d3618153b4ca6de79feca52e8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5a917a8751781ffc6f619d16dc7f7475d
SHA1288fa204c7a7f9b6a309eae137344f843d6ad681
SHA256064f9cb78a94f25816e3155fc755f77b34852ecb9c1b036555919b55aeac5be5
SHA512088eac303d6813fbfc652a5b1371cbe0ba09f9be4508324a461a081eb95af90b861b6a65d18f7a1f1a250a17ea342e750614b189caa2fa48f652b69026b5675b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fc490e3fd7c3b43ceabaa7505a2fbc6d
SHA166874d63c41999fe622738703c7f9de67cd9550b
SHA256bf2c46e1dc8104d4ecbc563558a12a375f1b78958accc65290d4b29e0b75edf7
SHA512ac453b2007340bccbc5049da1d9dc0e0a154aa4783f12d872105eb27684f05b3b2d6c5adc9c1a925aad31adfbdba19b517a9ddd75811b9948d5e371d771b5d15
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5642f683bbc59f3af9d86b34063ea5b76
SHA1b9d70e2a28d7dcae54331cbd5394926ba3204d22
SHA25641f8197803d0088ff056c83df8c8953e5feb368f558588306fc08e7387b49a24
SHA512c02544cc77c3e9bb0f223d5e75c384990dd7c1494abda42e4660ca470dbdd5d328e6d9ef52d68cb62ef60206c16d459909b581f5c3fca3cc01ab8fc86fdefe40
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD55ad4e1047161f5fab8efe344bff2adf5
SHA1284fb0c47120caaa5a9fb7cf6ca7d30c838ddb41
SHA25667f179cf4ed88d5e41e3fa1c39bf688fab92f9a938bf0860291442585bba3d18
SHA5125c3e990adfdec3f814fc3f8c953bf22fab5637ab8dac5f66d395ed636519ddc21096feab60837817f8b089c69382c6c7361e2800f2c81b7c99322e76895ab311
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD56d947c62c007d4adc8d4ff968e6ff677
SHA1c29c6d52c27848afc0067c465b37aa27314c2fd9
SHA2565f83c8f6efb48e0a3e6260f224b1fcafec7e2f825c8ac25293540992d5e4f547
SHA512359b0b735c6454829c6d4140e14c1bed32e8026e0da644dd8e138318cebcf56e14cfcd0c54f62bf13fb232ce7ff66f0be35318eba71c2f31274ddfe387af0347
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f294f3a54bf172cb61ac50390748d028
SHA1ecb2f2038ee347fc2c7cf86f8b56618a168376c3
SHA25638f9ac4505a870b677a4077659d81215ce3311d0cbf58c51bd1144aff1fbfc68
SHA51217fd5aabf4ba4c7f55df8e76ecba133ae45f8d0d30c4290fea2daa26372541982a64ca5377eb453b3857c577d5a5e5db3ba89a42607cbbabd6f2906f1f698661
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD54926f9640016730c02d202251726370c
SHA1722bf8d8dbfd3591e47330d29fa56e80ccaf3e96
SHA2565ad8d36fcc3a5cf673e3184d3c194dfd5e55f55255b6666c1a835f7848aa1bfb
SHA512ec76085d80407b5089e9f03d99ba6ee030be16917d6cba91be737d2570a27ca0070ea299502245b85030a8cd6344226146e92b9f37dd15a8c7fa7a4fa1155fc6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logFilesize
175B
MD56153ae3a389cfba4b2fe34025943ec59
SHA1c5762dbae34261a19ec867ffea81551757373785
SHA25693c2b2b9ce1d2a2f28fac5aadc19c713b567df08eaeef4167b6543a1cd094a61
SHA512f2367664799162966368c4a480df6eb4205522eaae32d861217ba8ed7cfabacbfbb0f7c66433ff6d31ec9638da66e727e04c2239d7c6a0d5fd3356230e09ab6c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGFilesize
319B
MD54ef5f230d73678d72f675eba528691ab
SHA1449018be0a8e5493330b00269b65ce1ed05b1ccc
SHA256d818c87b2ac97586ae4b703ed7cb6bdd88a012c760895de6967aa2cefe5ed3af
SHA5121825eca1c128ed65bf57a1d9cb8f491bc6d5fc9f2e625a4282945406441652759bcb128262aca9038d54f7110fc6fd9e4f05e1fc323e68820919eb6f1966bb39
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13353693745168827Filesize
1KB
MD5cc9ea6a18497ad072b3c8bb995cf5f2b
SHA15278bb4e49db97d78f15e9a3e1d4c09478094c5c
SHA256ddd3eb4ce586f3db5da80eeb26f9e6e31ebd3a5db824cf4f59655fb2b0e70473
SHA51286f257a9ae41f6f09d47021ce6fae50d55150f29023b0ca67584873219275c8d953921aa008c2784cfc37ab0885543b278ae12d19154e906f73849cc6784f461
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353693745249827Filesize
1KB
MD5191a071a3d4f4d604de6f49590019f14
SHA1364d5bf2a2325b73023484814f43dafb80ae1dd3
SHA2565be63c158db1930d32189aff17ecaa89fd087ccbe6932a904950a5696c98a95e
SHA512e32c22955a389209e12a2bd4e077d091bd689cb9cdff3767666b47351fbda2de77d664dff77fae8aa1c9acc1aba8103b93339f39cd9def938da9ea84439fb508
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD534049f39cc1367ea4fc34bdac90c40c2
SHA1917f2a94309ce9abceadde2dfc09aa5543f83704
SHA2563729e82483f558fbc295af906b1fb310002e62935b9330969d0ac7db71186254
SHA512c8afddf38ad0819693cdc38d71643d5ecca15fd57d4608409fb7400adf7f12043d136982a50cf11c10cd6dfaf2dcc82326db8ee9a5dac7bc7ca73d01c1b64952
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD5d39455b712a2a1719b6cdb616a97aa8e
SHA138f310004566f945321d7c97d382799eceb35c87
SHA2566fab444c2e7536cc10082c14c4459d77251b261b4d59a346f332c4d0f5057949
SHA51225b041e9981b6c9c08d3b6362360e4204b21eb9140c3877fa571aa33087a9055db7f40cabb472d8eb3632c10408b6e1b863f31450dde702e775368887b101373
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5df6a3d9a110be73c0bd71be44f0adc8a
SHA10b354398ef4f97db93017982b51b5d2c6062d887
SHA2562fc36d0baae9dc959af9b98f79575d4b18bcfd36c694dbeef7e6d495415f1443
SHA5124a2eb8dcdfbf9eaf5bf20ca07afd797445fb6341e69092f8c5eff2476605de5e74ebdc005f215de62bd861d165222f86437aef3386a6f6e02c12faf53f39799f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD57de8f03470de867e0f28641427ba0576
SHA10a02aa3d4446a10781a5aee5f5dc03345eabce12
SHA256a23fdad7558a3f1f0e501fcb4f5fae07bda15d2df7ad23b09e05c2b978bb127d
SHA512563d9ba74c9466852adc9c8abf14a45fdb65107656ea9b25231579a8dbe3339f07f1d7d91c56fdc1f3b718105a9d4ab66dc60a3b3e945a898f1d3825d8e79962
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD50042969810736f12abac6ad2bc4e1161
SHA17788654c7931ce245f6d148df56168e02302795b
SHA2563b5dac158ac7f29104549b256e35dc7b23adc4e182eca27c129fa45e0063aade
SHA5128b54dce36ef0fbfcbb9ff8761c3050cda06d887c634d54ad6db723400f655555ee79b54c685d670d404cd3e0c44322dd55bed5112dccbab644aae3d003fb9d93
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ddf7f5d80db1356633ebd22acf238444
SHA1bd70ca29ab35b5cfdd767b42351f79aadbb6215c
SHA256bebe72e700765506ca9aa823977e8f6c0fbafe21f5d303f485f454bd0e7c0b95
SHA512c4499951489d16de2cc99c35ea07960aec01cd88463c63a5b63cb75e0df53ddf486bd6778b0b64b90ce1b0354ee439e2f8327299ebd6c7c5c628288adc730ff0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5a389ad3b89a5758d5c7068047e86574f
SHA1f609768c38284db1ea2ca0b53c0a991af7823621
SHA2561597cdea26b6f2e272d71318b5738bf6881e989cc3a20e4d8b99c47f66cbc13f
SHA5124852a9a840eceac280bda9debc7a498f7cf782fb090f8f7574dd68a3d681b88466a11eaa57bfc8fdab5a84128a317ead8a5c00611b4af09ebd2906d9be515eb4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599dfb.TMPFilesize
1KB
MD52c4b773818c0b39d5ef3fde2b25e4f9f
SHA1bdfd750d643998f6ebb28b46d484605cfbcd6abf
SHA256c89e7c983bc564fd88ee650a0e30473fced14f4e590da396c7d3deb271019f1e
SHA512d091df65c73c6498543110cde3f0a6521fcbd71bdfecad911fb88538eacf93df242e770e690c2708ed7df7ced0e37af898728ca8e0282cdddb31e30ec41ce012
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a41c79da-7efb-446d-9c9e-42e893843742.tmpFilesize
6KB
MD5d455f1b234e6b7dbd6e03ffe327f6d50
SHA177697873ae28a946e3615348f44431ceb548c0d3
SHA256c7b27fa03d85d1a209052080fc0c847e80c1b01172356fa734caa636470b70b7
SHA5126dfa778dbf79a52e98965f84008ceb8a4c56d522905e2ddbd3a8299bdb806c47b2fe92af31c8a709a84de6007ab40b97e2e3f35c0154e43df4c0e63be7854772
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
44KB
MD549e051a1819b422d903ce4ea00741d83
SHA127b5de448a28764617677d2f799ef33cf1177355
SHA2564898cd4d5a463519b718e15068b451db9f518da5b852979141d6ddea93f0945b
SHA5121d65b8c2b17a086af4fd42ab08d43594d08934128f6f44557d29dc12bb7f1d2b2536a60fcd95d4e4eecb1ef28f4e3b2dedb62e3a116b6bbabecd384965eb8f6a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
319B
MD55c7ed0eee918b06fd9c3b9dfc4a7b4b3
SHA1511770c735c62ca268dc7b366c2e8c2d9771c07a
SHA256e3fce1a3d70a54fe0af5e9fd1fe34405358d9a37a28d416d783bdc5728590c9e
SHA512fe064e42d3325688375dfd4c5687a313c0193dfbfc9774eea3837cf3e53ace2286d770f605c80bc5fdc382e614c53ae095c3c123d67c7d473410d984083d9d8a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logFilesize
594B
MD597e70662c4fa3f484b758eb5de9618a0
SHA1769b6c20767d19f4e5cd9545564e63c4ca5928b2
SHA2566e901b176e9a392d846c7078129af802df79e9061609e61edccc49e570c52bea
SHA512417cd27ea698fdec066438627f513ea154a594cc1afef227ff6b178ac6bf5fcb9588b3be43cc633ff9d13f69c6fe9754d39458128c17cd665f258096f2fb0a7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
337B
MD51cff901b9b4e211f68f34e73ba89af54
SHA17e0946a96f504f6c0428bd7f165dd7e60172b787
SHA256f5daa73efa27639301f2a5a114c1fb379ac358036e90405abc152c591f88127a
SHA5125e80bf28ebd3b6a108df97ec7e0f3a1a023486a5c866eeae3fe27ed13b1edd58593f4d4c5b20f589abd6fd89e1e1f75b59c1b7c3774a46f80919ffbb8919cd98
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0Filesize
44KB
MD5bebf5eecf6ddc85f2e16c0b26b3aacdd
SHA1d3a93e6261a40c8d64b8861133bc35e7ce6744b2
SHA25656c7023af31eb8ac090ca87907c60247cdcf162ac28ff5c597bdc9873a0c4d38
SHA512cb8a104dd8e687edefd10c58a353d75d1ca04cc63a51a7ca2a0286005135410bf3684f9db3639998255ba8ca7cd005e365debce127a645b829b612fb6bb1df7a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD534e3aaa9600ce9105c94939a03c6691e
SHA1477634b2d1ae9af6912bb540e0e7f0f0c9cc2bed
SHA256c1923a07ef2d1ad2f8e5cf3f32f25153dd239b5a81bf55a75ffd572ffab22377
SHA51215e4f19513593e02dd4d2572a925b0de3b21f0e2d03593cc52faac0b4588fae6b49573158cefa2a3593ec4e79d4be0824485af54092ea5c5fdf042a591b3ee75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3Filesize
4.0MB
MD5863545d297d288d09e15f85d31d50718
SHA178c2046e11746a63bec4997090671573d91456f9
SHA256a3b153833effad5b4862470c6e5ab0909056bc7aae657b5725c9365bfbfb709a
SHA512531a2d4d91ac2c3dc9d6e2b70330d7516e544094f923cf9f8669493e9c35e61dab7a531c7f4c5fb0d66a532b647ded24d859a894a13b401e19a82730273bd2b1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5f36095b158fc0312ed46b24d952081fd
SHA14e3fac04a7202150ce0a927cb140e4191f8cc297
SHA2569c972b9bc5478233fa21835a5a06a7ce80db5f2502d4aee7b53fab2681b8824f
SHA51218a45c1b5d4ff7e66faf318b8611bf0a4ee3593d3c7a61b16cd8de30843b285fbd72d5136bffb841c8c069425f48b1cb4b582a02c169593500694432bd11a62a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD56ad5459779c3eb91008ed7df890037cd
SHA1335be6781ec3cbe254a86a0f8f6a853be8998820
SHA256c1653a7bd5062f44338e3bed48e3af84f1bc1f0f5876e6f090ec04df3e41e6cd
SHA512c90bbdff27569d6ae96f7d6f744f67e25b7cf4003c30813d026e9667dd3c7e7b77b2f99702ec4c47c842a36f5c306ba3353818a330eaa2429d2f53e3cf621e32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5f026af82443328e79a2dad279a3a0199
SHA1b988517f71cfbbcfca4e33d9caa1df124e631e43
SHA256e2ad78f100ddd1d4655f29347c37af4fcedce104288eff83a52338a73133a818
SHA512d9aa6a48bf9563f4a1727dca06adbdc9ddd73f7916dafac60d56d80307f5094ce95a66008d8c7927e97b01481dad579e79d59d67d3c47ab85207e59c21f88c3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5575aea35e04e1daf9233d1b9692658fd
SHA19e1acb97bae6109e7ea0e919e067b78e39c8d07c
SHA256d7a48d2c67cf042b4a3e448453cf31067a6664256bc34b59772002b1594f1dc1
SHA5122c7581fd636557d3d96dc704a8afb40f45b5724c83e0dc8a971f2e677ba03c0f07c6216d47014885e4052c04e9ceb80d05807e5a0deda9283e2e02b115229a85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txtFilesize
3B
MD547981763dfafcf0b0527949e6c180cac
SHA123d6f7da9abf8d31c1b000c51338a81f5364b74f
SHA25622e946e35d40e3c5d3154bcd70884e62c0b8523c770b86faf5aa3f816bdef3f4
SHA512c2b3bacc9d9341450d09973d1271f1933c75ad5938e9aa612e2f46e9c7315374d88c410a9ab4b51e53d590ddf9017afdf742ef92e887c4faf795774634c33913
-
C:\Users\Admin\AppData\Local\Microsoft\OneNote\16.0\cache\_R_E_A_D___T_H_I_S___3ZO9108_.htaFilesize
75KB
MD5b062c7ad44bdb691f9c6284e87d3f9b4
SHA1467b7b1f1d186116eb41f180d26c67e826b8b740
SHA256aa3cdeaff5dd968f6ca87541a84376f74c8b0806ba2698b5684bdc393cbb1b57
SHA512e5b133c6f65c4a229fdae6c1773e445f264f998ac15b0b5329afe3d56830714ecd657b1970ecbc427b087d6e3796a3b3641721738aa3267742b261f6dedbf394
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbresFilesize
4KB
MD5ba7566debae1509beb0ac47056d73df3
SHA1ef0a63052e7b977cec6ccddc96daadf869301b6a
SHA2568fe9df551d60c89674383b331d52d7c5ff9a4e8d8b0b8e3147eded6425785dbd
SHA512427ca8d5b2ebacb44b58d44c80accb8fc2658db2e1ed84ef04934c90385d003fc07d50b232e39941a6a885d79f36ab4eb3b63d7f03ff01f9835a94c2b98fa990
-
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___2L4796_.txtFilesize
1KB
MD5484055f960c64b8d51e86a66cf397985
SHA130f53a6107c202a8b4c6a3b0ce4134fde39857f9
SHA256ea2d4b1d3f7a9e779dcaa0baefec8f5f8f5788ad69b8147bf425fc3fef7b7471
SHA5126cce5bbe2fbeaf37b0cd1f82463df6c7d0d210de9e9dd964ae30072c9a6e83b83a29f70da7b73e6556e254f2f88ababe4d8e67cd7d1c5347c0d3b03b1b355f1a
-
C:\Users\Admin\Downloads\Unconfirmed 840102.crdownloadFilesize
15.1MB
MD5e88a0140466c45348c7b482bb3e103df
SHA1c59741da45f77ed2350c72055c7b3d96afd4bfc1
SHA256bab1853454ca6fdd3acd471254101db1b805b601e309a49ec7b4b1fbcfc47ad7
SHA5122dc9682f4fb6ea520acc505bdbe7671ab7251bf9abd25a5275f0c543a6157d7fa5325b9dce6245e035641ab831d646f0e14f6649f9464f5e97431ab1bf7da431
-
\??\pipe\LOCAL\crashpad_4956_YYHGNXTVWRRJCQSJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1668-958-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/1668-962-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/1668-968-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/1668-955-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/1668-1306-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/1668-1342-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/1668-1344-0x0000000000440000-0x0000000000451000-memory.dmpFilesize
68KB
-
memory/1668-954-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/1668-953-0x00000000021F0000-0x0000000002221000-memory.dmpFilesize
196KB