Resubmissions
08-06-2024 08:50
240608-krvyesae91 1008-05-2024 16:15
240508-tqnx6ach3w 1008-05-2024 16:07
240508-tkr3mafa54 1001-05-2024 18:02
240501-wmf49acg3s 627-04-2024 08:46
240427-kpfeysff8s 1025-04-2024 21:25
240425-z9y55afb7v 1025-04-2024 21:16
240425-z4pphafa97 1025-04-2024 18:27
240425-w3929sde33 1025-04-2024 18:17
240425-ww4a5sdc8x 10Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
-
submitted
19-04-2024 10:18
General
-
Target
Memz.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs
-
Suspicious use of AdjustPrivilegeToken 11 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 52 IoCs
-
Suspicious use of SetWindowsHookEx 5 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb99e63cb8,0x7ffb99e63cc8,0x7ffb99e63cd84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9228 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7400 /prefetch:84⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8388 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8264 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7772 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2504 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,6282842534729650420,1554683933518362376,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb99e63cb8,0x7ffb99e63cc8,0x7ffb99e63cd84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb99e63cb8,0x7ffb99e63cc8,0x7ffb99e63cd84⤵
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD557e5c5a9236321d336e2c8ce1eeff844
SHA18fd4288af72ba3f7a0ecc5583a9265723fefc096
SHA256ae6496cf397848bf3139858deaf567e3df991bab5a7704a0fa7aae95474872d7
SHA512bc3f24afe6ce0494022d8201a01a60239ac5cfee54e0650a337036817056424b418cb636d58d07e5034dffe2226906202b56509e4cc07562c0b60f618c420080
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5493e7e14aceba0ff1c0720920cccc4a2
SHA1468f39cefbcf14a04388b72d4f02552649bf3101
SHA256a0dd32ed60115f661a4ca537472e0d4e230ff844d56a3db766299cf4cd817842
SHA512e16c748e4513ea10bf7124cef7b50dc5f3a1802205af9228e0c33fdbf3c24286739db08db4b813079ed7cc36be43d7457f4c26f00ae3126a2fafd77d2696107a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039Filesize
99KB
MD54c95bb247502ed2f7c6256a286aa4da6
SHA150d42c3c78040364b5f4507ddcd413c075658701
SHA256b8d20b032e83ac4d8f97929325a86c510f1c44d4173a13361f86353ffe6b27ac
SHA512e1357d7e6f9a8c6f78bc1d1df50782b5127716b248e75e0f39a58cccad35f6d72445f170942ae27d43d35b66d168ad29a58c0a28d913ae2500b92f91051629d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041Filesize
198KB
MD5319e0c36436ee0bf24476acbcc83565c
SHA1fb2658d5791fe5b37424119557ab8cee30acdc54
SHA256f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1
SHA512ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD5bdd2e1600f1a2bcda17165ce3ed86edd
SHA1f2fe0f11bb7a4dc137103a100723eee1577dcc72
SHA256433f9f434dfe2ca2af176d947ee51875cf365e7324a02367e3eba9c71314634b
SHA512144e6ee45a6f71d70f4ce6e5a8e72a262b5b5aab5f2970a1f974df3b71538f17f7e9c2dde9bcf7e8103d1d2cc4616d4771703656ec9b7d307ec8bb657b5ffd43
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
13KB
MD55ce93d06765d4b3177af610068819b38
SHA1f31b00f0b4edc2fa5eee785ad23493cb026b9b95
SHA2560120b47e1335ff53b4db0c5315829e4a411fac8c1ce49fc1aabfbb9b0f1402eb
SHA5129911dddd6bb34b935e00b7325bcded5c2e4ccb87a0d44876a127c728d5414af6a65fea1bf98af22838b60de78dd5beb51a006828107761d8b48687b8672e8ddd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD51712d7f71dfcc806b7b4c31c926c2135
SHA177a31eab8757f64ce772bb6c16f3f0912570e6b9
SHA25630bccd4bc3d6fcd6f7caf809e24b0ca1efa5ed32978c59e7be1b149967f908a2
SHA5122f0627f19bd3faf303dadf688160c7e0fc1693fb08e906a62d3caf37c86bd2eaaa314b7232111ee85a8a3047c1ceb5cccfcee200b27b5fb73c5163072cbb5689
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
13KB
MD593c75606ec056e936e333f1f75d3589a
SHA1b641c52b7fdccba24a8e03e2f58f0721e58bca04
SHA25618535296dd14bbac5a8be7cbabbb7f3c11d9b8ed03652898fbf21c97c9d3df3c
SHA51254c3256739e0b53ef81d3b463c2c986076b91fdb81f40f57c09ba2d293a795128f9422f02298b8ace94afb4a9e8dc03add353ff534fbff6002b56a743c06808a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
12KB
MD5b4f10cf537d65662c0882c0363a12827
SHA118a54492a0121cacf02276c6a1017e9eb35dae6a
SHA25646ee24c6f606ef669032ea9e7d0730972c825c29d7dacc900eebe2bcd5dc1db8
SHA512b9534d3de65a40c6f9211f61548288e5814c050ab99d7f348b4037ec806da979fa876bb79621a8254aecde64078624575e0885c4bc52d571700c663d46c3a86e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
14KB
MD54521a703e6544c3a9078bb1c2422fded
SHA1a2abb64a03e9272ede5c5bf175e674f34d5ddb52
SHA25654a03fbcd7035aba4c4b1a99c3b37477e9ca8f8e2fb043192de84d2f90f234ea
SHA512aa29aede4945a7521e63686c5e6d7041df177c73e0c7d627854e8afe61e3c43764ac868aac7eff7d4c5a641dcdead9f0ce4b71f6eb1125195f878427a240d381
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\1d6d67dd-46a3-4096-8002-e2c7cd8f9c11\index-dir\the-real-indexFilesize
600B
MD51d24325f2543e7c1996bc9f25ecc70a0
SHA1f55dc9645ce98af0a1c76f9ac04a8aef88edc4bb
SHA256c413d0ec25711e8155a5d6e39a3f874214e69e5a325c1a532121cae6fa4eef9c
SHA512521db697e8b418e793696c216574703bb0af38c256555fe7dee59669e08b033815df49b7671839fc6ece10e9f98b8d3d7628ffc2f95a9fe42cdd9b51c6b88eb8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\1d6d67dd-46a3-4096-8002-e2c7cd8f9c11\index-dir\the-real-indexFilesize
600B
MD5fa38d1f7e497d8940c06955e5d207f13
SHA18b6cd6bf7503b28624f83a12504875d268510458
SHA256726fbc721dd1408a1ccdfc6c0715dedfd35d33af4081f066d47b8a210eba7d2c
SHA512d8eb36f8bd2ccb262b37aa958e291576c15b6584e3b2357c1c149c9370f89260502be5946a24703580d46f73e4f8d6217fc3339af760c454f7b844473aef35a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\1d6d67dd-46a3-4096-8002-e2c7cd8f9c11\index-dir\the-real-index~RFe58eedf.TMPFilesize
48B
MD580ce5b5680bf8a453861b5b29efb5712
SHA19ca45904d01eb5aa40ced196b8737cb745c29cf1
SHA256b5715ce23c637563a4a256192731307bafb70ab1dd477363361b4b5f3e1be5a2
SHA512adb59d0608707efe75e059e07e5800be74e868217fafbf62006f9dc3f75eaf316547cc38c311b5d1779098c49d644c24ed5f0544b2eada4f0b979679546c2839
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\9343b04f-f2ce-4f39-9da3-be4fb6c28b9f\index-dir\the-real-indexFilesize
144B
MD522df576da8f081edd10493486d8f8f34
SHA1ec7045e439dbe02c671784bd61b3f3e98c039f58
SHA2568f2a51e224adab72ecaad341d29c6e724e705f0b1be0a7aa9fc12556e87f9701
SHA512d76079f0a70f03b928772ca76d8609af310b6ace32700dd0e42797d667734348821ad5336b4918eee06977fd597f482ea0d0133ee97b6bcc360f0419eadc496e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\9343b04f-f2ce-4f39-9da3-be4fb6c28b9f\index-dir\the-real-index~RFe58d24f.TMPFilesize
48B
MD5a76f1c6b89045fb88814e247c3273976
SHA13a43c4d6a546126b5ee015a6667fecb02ba4bef6
SHA256135a91c4f04bc726eb0dd5be347ce2cf630cb0ff690e9959953b5936a299d304
SHA512ac525e6d4a3f7bcfcc2ea58b1ab33d584af74fd67406e82192c96202b4d8232548ca6c78b1de2e40d410bc3322963a558a233d076ce08f2435b34f803d4c1231
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\b8bdea49-ad38-42a3-b5fc-843569401917\index-dir\the-real-indexFilesize
1KB
MD5dc1df2f09b0db46d822e77b2817cddc8
SHA126b878697a5360f8af3afefe471184eeef643304
SHA2562376fbe35ec583cb83eeab5fad7bce109e6df4c40bb107233b2ad6783287b4a1
SHA512c298c843f89bddeec68c029075e2b99bf21536b1ab4248d4e01e5e750c77150e57bdf336b68d2809460df8e7c6286b35f3c37f94a4229b69d42acc7dc014da32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\b8bdea49-ad38-42a3-b5fc-843569401917\index-dir\the-real-index~RFe587e82.TMPFilesize
48B
MD5f931be32a2f5c68536bdd35a557abc7a
SHA14722bfc9fa23265082e5f43518d3fc1cab5723ba
SHA2568d081ebc65958fa06dd6fa561d0d22d79a56ba7fcf248b05683a1bc8c54fcf70
SHA512d6c8f6c06086b9e5180db97faa39bd6d36a5bfb47f0609bf603f2ea3fb31ee28da75a8b21df21479576d4a81e6cc36273312b599fca93008a9174a7f56cc0651
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\da826850-de5d-47ef-98c1-7724d6986590\indexFilesize
24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\da826850-de5d-47ef-98c1-7724d6986590\index-dir\the-real-indexFilesize
72B
MD59ecd34b7a83fce12e9e50046d523b98d
SHA16c5b8cf5b48bd8c9d5e07035de5b8e599dbd8a82
SHA2568198af79aef1a1001f7263e93b750458721d34747d3db4748c79ebc074df7961
SHA512092d22b2ff35a576bc0355ef92d5c9de6bbd9b381fac75be15e95f60833b15c9fd7138fe1eade85267d9f2ac380ddb66b4d194e6d7be9e02e6d818626e47cd37
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\da826850-de5d-47ef-98c1-7724d6986590\index-dir\the-real-index~RFe58c84c.TMPFilesize
48B
MD57ed52537632b7fae6b0541f5c55e83cb
SHA12f156ff47c3a0432a752da3c7947c3e40161076e
SHA2562009455303be60560e994dd58bb9c79f17f8a3c768e05c4f35ba7859d32a777d
SHA51294f8dd1a8ab913910cc7d11ead25e40a94fc8cdf458caac7b0f85307c6c33decbde16ed5f16963b4361896cb08197e15b22710f19af624c5dfe26a128b8f2699
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txtFilesize
176B
MD5d58f8781d62d0a2353a3b5f3d00b8429
SHA1ab8064e9093ab1a63d248a70e19087852f972ef8
SHA256bc505ebb31a157a67f0affa258683e4e90c6544a54001a996871e3cfd934ad05
SHA51229a64cf2be2a7342db5bb25a92922707800684ad2dff3f3320f686b43bf828d36b2734c21012e1fdfa7d3f4e1ba7aad984847d81cc3a8fbbf0664e3d3990b8e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txtFilesize
241B
MD50ff17c8f55bd88a4ac239f96f0d7f2e8
SHA1369f8dd00b25a30d8c182facf67a810bfa61079c
SHA256621129dbf29ccf7ed8ed0f66ae1029c46214a18db2c927f2a5a9b27052b1590b
SHA5127e227463cf78109a88e46e1ea2e97b377c0efc4bde264b3be02ead6e21c62a823a4c54a76573ec2eba0de60ccba463f79046e775dbc5d5fbd59ebbf1f876a7db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txtFilesize
307B
MD5fdd0d5a97f040b71cc4c28431ce43058
SHA16632af26b89bfc2a0fd952037fc2db13b6a480de
SHA2568f02552f18b22116edbe26ffc3a8a76d2dab2686a20fd6dd0ae67bb8af209635
SHA5127bdcf79d4aa92dc1cd884a3b85c818d7d6522b9e2f64190a9ba208b1edddcaf124c894fb904d284b73b85b451910c6b628646b8bf7039cfdf2f55c562a10360a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txtFilesize
302B
MD50f22c55cbe085f9ac0ae07c2e445b29d
SHA16900ba458554cd206565cb7e775fe9cf6fc8a5ee
SHA2560d47c5418297199ad6b925ffc308cace7dc4e9bc666d26d11c6796cf4b64b531
SHA5125c34751cea3b3be877a639804d7072d2e4be3f86c1dc32f7f577d420b41690f62d4914828b32e79f4b2a0892cbfc0d036292cf493ea51438dd7c961f90db8a45
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txtFilesize
302B
MD576f2fb48a259219780585802926e765e
SHA1f73a47b482a85bdad5e2b28daafda1c6dda44ff7
SHA256c3b693d70f3c4fd431233aa62d803944c07f11adcb1fb7012b6cf886f858153d
SHA5127aa16e5eb078d13c6a5657d64b88de8f97ce338f6222e6214068d473652be0e44beef013d8a3dc8245eedc47c4b676ab8b666450ef7492fca99adb1824ae72bc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe5874ed.TMPFilesize
119B
MD518ed827ddefbfd7c32d1a0bffa755344
SHA1ceb33084b90f84ce48511a89812ff1a00af3c6ab
SHA2567b83efd2edeecabe2c1b5bc33425dde5917e81979d74cafdee177f1936c6a9d8
SHA5126fbc50c59f518d960ca2335c5fe3531a1c805dc1cafd53e04b4ea7715968d093df2b6026551158b0777793f83801eea2fad1469ff32e147d84bb26a99232d4d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD51cd92231bb5730bc88413b59dd678dea
SHA1bbd789447c46afd0855e15887bea1b2b125dd00d
SHA256c4a964ad1484fbee3a78eb9f19d8713c85485b62501b310bf3b97eba8c519bac
SHA5124b322c7ab42de04192b01757c20ec6e47b21df9b003356d0f968414e5f49c907973b87aa8725b01c654b853da8fe96efd276ff34848c9d138a2907a9226c0481
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe587366.TMPFilesize
48B
MD5700907fb4768ac8391763a02178c6e81
SHA1c82703db199d95c8653468672ec1fff969fc45a3
SHA256720779148f0c8303d62be959d57d382a57ae6ea099ffca691ec0dd6bd8ed3ff8
SHA5129d4c347c698dbc41bd934602c71aa7ace77e95ccb7dd46172abd55c88f87864a8983270221cd5cb05e6d8773be8087460fa6033e52cc601acfdc55ae0b7c5c8b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD5d40088c8a91c8e9726dafe04a3cbdd8a
SHA19c4f4d16df8155a077d5c4a8fedbdec532f3cb40
SHA2567c3bb4ab9bedf2b4e164d7dc0b1c5215550f3ad61fa5ebde65656d38d10491ae
SHA512ab1a4db65fc000d0ccbb561d41844c2f128c2b46869a5bb7d8c11e327e1c3b4468669ed6349f1e2c5a723caa5a690288672c61fe725bbe17aa10bb182ced2461
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589cf7.TMPFilesize
3KB
MD5f0ee0d061749e848bf740456fb8f34dc
SHA1032c5a943d708b38c395dde949aded65af76279c
SHA2566355953bb3ffe4f4bee75ec1da26a8e00834fc84c3e4459f0ee7ae92f592584e
SHA5125521dfa79750c65336b6db1c090bb4cb1511e19a320f27820f9fe0265f25be41e71e443a92acc3b3a58c3b3586dd96e1f7552daef6bb83caaaf75f648226b492
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD573be83266b8fcf900a2b2f68cf7192d6
SHA1c213bb50470b5fe530807ec62cf8a4ab1179bf92
SHA2565cd1cf7d84c91809523bf737ce6856163791729e8aeae65b21924512661e974a
SHA51266f0e6eeb8714b8f05b304935df8147ba33badebd321b6392ee3ee3febc95d2d9a8e8ae3945cffffdcd5951bc0fa2981b8ec9ab9018744a165e66e25f2693091
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5b3a925f5f4fd11c74ec55c4e6e32bddf
SHA14a8b9e50c3be6c1ad89262d9e01e5a724fe65105
SHA256c09eb3d04c4f53f55b3339eb99b87db6bfd866967834de926d9d91a539397261
SHA5127e5d5fb778be66ded4caacadcfd0e4530da1f93d64f4fafe818c3feb44ddc86bbc06c1999c563815d1752d1a49dc8c8910fdba438c94c9500ee979fe4f218d3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD59ad68fc12802fb48352b07cd653cac9a
SHA191b036364bee4f0a19469796dbcfbeec301e9af9
SHA256a6658a09410833b1a13ad27448bb76279c8bc80b8a2aa02b5f9196abd1eb32f9
SHA512c7c1415e4b2e74e757c7fc005b0422a0c260a20a4cf6ff4f76b54a13e3305fb90f8442bdc8017f82c7f89d1b3bda22839035115b1d4635ddbd74822c9321a759
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\LOCAL\crashpad_1960_HSRPRAFUJWZQSQGVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2672-1759-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB
-
memory/2672-1761-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB
-
memory/2672-1762-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB
-
memory/2672-1763-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB
-
memory/2672-1764-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB
-
memory/2672-1765-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB
-
memory/2672-1760-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB
-
memory/2672-1755-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB
-
memory/2672-1754-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB
-
memory/2672-1753-0x0000000005CF0000-0x0000000005CF1000-memory.dmpFilesize
4KB