Overview
overview
10Static
static
3000.exe
windows7-x64
000.exe
windows10-2004-x64
Ana.exe
windows7-x64
8Ana.exe
windows10-2004-x64
Bad Rabit.exe
windows7-x64
10Bad Rabit.exe
windows10-2004-x64
10Desktop Puzzle.exe
windows7-x64
1Desktop Puzzle.exe
windows10-2004-x64
1Memz.exe
windows7-x64
6Memz.exe
windows10-2004-x64
7NoEscape.exe
windows7-x64
NoEscape.exe
windows10-2004-x64
WannaCrypt0r.exe
windows7-x64
10WannaCrypt0r.exe
windows10-2004-x64
10Resubmissions
08-06-2024 08:50
240608-krvyesae91 1008-05-2024 16:15
240508-tqnx6ach3w 1008-05-2024 16:07
240508-tkr3mafa54 1001-05-2024 18:02
240501-wmf49acg3s 627-04-2024 08:46
240427-kpfeysff8s 1025-04-2024 21:25
240425-z9y55afb7v 1025-04-2024 21:16
240425-z4pphafa97 1025-04-2024 18:27
240425-w3929sde33 1025-04-2024 18:17
240425-ww4a5sdc8x 10Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
25-04-2024 17:57
Static task
static1
Behavioral task
behavioral1
Sample
000.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
000.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Ana.exe
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
Ana.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Bad Rabit.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Bad Rabit.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
Desktop Puzzle.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Desktop Puzzle.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
Memz.exe
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
Memz.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
NoEscape.exe
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
NoEscape.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
WannaCrypt0r.exe
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
WannaCrypt0r.exe
Resource
win10v2004-20240412-en
General
-
Target
Memz.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation Memz.exe Key value queried \REGISTRY\USER\S-1-5-21-259785868-298165991-4178590326-1000\Control Panel\International\Geo\Nation Memz.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
description ioc Process File opened for modification \??\PhysicalDrive0 Memz.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 5084 Memz.exe 4924 Memz.exe 4924 Memz.exe 5084 Memz.exe 4608 Memz.exe 4608 Memz.exe 5084 Memz.exe 4924 Memz.exe 4924 Memz.exe 5084 Memz.exe 1224 Memz.exe 1224 Memz.exe 5084 Memz.exe 1224 Memz.exe 1224 Memz.exe 5084 Memz.exe 4924 Memz.exe 4924 Memz.exe 5020 Memz.exe 5020 Memz.exe 4608 Memz.exe 4608 Memz.exe 4608 Memz.exe 5020 Memz.exe 4608 Memz.exe 5020 Memz.exe 4924 Memz.exe 4924 Memz.exe 1224 Memz.exe 1224 Memz.exe 5084 Memz.exe 5084 Memz.exe 1224 Memz.exe 1224 Memz.exe 5084 Memz.exe 5084 Memz.exe 4924 Memz.exe 4924 Memz.exe 5020 Memz.exe 5020 Memz.exe 4608 Memz.exe 4608 Memz.exe 4608 Memz.exe 5020 Memz.exe 5020 Memz.exe 4608 Memz.exe 4924 Memz.exe 5084 Memz.exe 4924 Memz.exe 5084 Memz.exe 1224 Memz.exe 1224 Memz.exe 1224 Memz.exe 1224 Memz.exe 5084 Memz.exe 5084 Memz.exe 4924 Memz.exe 4924 Memz.exe 5020 Memz.exe 5020 Memz.exe 4608 Memz.exe 4608 Memz.exe 4608 Memz.exe 5020 Memz.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
pid Process 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 6140 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 6140 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3700 Memz.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1492 wrote to memory of 4608 1492 Memz.exe 100 PID 1492 wrote to memory of 4608 1492 Memz.exe 100 PID 1492 wrote to memory of 4608 1492 Memz.exe 100 PID 1492 wrote to memory of 4924 1492 Memz.exe 101 PID 1492 wrote to memory of 4924 1492 Memz.exe 101 PID 1492 wrote to memory of 4924 1492 Memz.exe 101 PID 1492 wrote to memory of 5084 1492 Memz.exe 102 PID 1492 wrote to memory of 5084 1492 Memz.exe 102 PID 1492 wrote to memory of 5084 1492 Memz.exe 102 PID 1492 wrote to memory of 1224 1492 Memz.exe 103 PID 1492 wrote to memory of 1224 1492 Memz.exe 103 PID 1492 wrote to memory of 1224 1492 Memz.exe 103 PID 1492 wrote to memory of 5020 1492 Memz.exe 104 PID 1492 wrote to memory of 5020 1492 Memz.exe 104 PID 1492 wrote to memory of 5020 1492 Memz.exe 104 PID 1492 wrote to memory of 3700 1492 Memz.exe 105 PID 1492 wrote to memory of 3700 1492 Memz.exe 105 PID 1492 wrote to memory of 3700 1492 Memz.exe 105 PID 3700 wrote to memory of 3720 3700 Memz.exe 107 PID 3700 wrote to memory of 3720 3700 Memz.exe 107 PID 3700 wrote to memory of 3720 3700 Memz.exe 107 PID 3700 wrote to memory of 432 3700 Memz.exe 110 PID 3700 wrote to memory of 432 3700 Memz.exe 110 PID 432 wrote to memory of 4968 432 msedge.exe 111 PID 432 wrote to memory of 4968 432 msedge.exe 111 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112 PID 432 wrote to memory of 800 432 msedge.exe 112
Processes
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:1492 -
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4924
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5084
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1224
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5020
-
-
C:\Users\Admin\AppData\Local\Temp\Memz.exe"C:\Users\Admin\AppData\Local\Temp\Memz.exe" /main2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3700 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵PID:3720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:432 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffff88d46f8,0x7ffff88d4708,0x7ffff88d47184⤵PID:4968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:24⤵PID:800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:34⤵PID:1056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:84⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:14⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:14⤵PID:1484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:14⤵PID:3016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:84⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:84⤵PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:14⤵PID:1864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:14⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:14⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:14⤵PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:14⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:14⤵PID:3224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:14⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:14⤵PID:5336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:14⤵PID:5592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:14⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:14⤵PID:5452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:14⤵PID:5728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:14⤵PID:5444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:14⤵PID:5468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:14⤵PID:5568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:14⤵PID:1840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:14⤵PID:5620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:14⤵PID:896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7712 /prefetch:14⤵PID:6576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8080 /prefetch:14⤵PID:6664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6623934720999259030,8102388362783521339,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:14⤵PID:4492
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free3⤵PID:636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff88d46f8,0x7ffff88d4708,0x7ffff88d47184⤵PID:3956
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵PID:4764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffff88d46f8,0x7ffff88d4708,0x7ffff88d47184⤵PID:1156
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵PID:6504
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff88d46f8,0x7ffff88d4708,0x7ffff88d47184⤵PID:6520
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser3⤵PID:6220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff88d46f8,0x7ffff88d4708,0x7ffff88d47184⤵PID:6228
-
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1588
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2304
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6036
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3f8 0x3ec1⤵
- Suspicious use of AdjustPrivilegeToken
PID:6140
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5cff358b013d6f9f633bc1587f6f54ffa
SHA16cb7852e096be24695ff1bc213abde42d35bb376
SHA25639205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9
SHA5128831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259
-
Filesize
152B
MD5dc629a750e345390344524fe0ea7dcd7
SHA15f9f00a358caaef0321707c4f6f38d52bd7e0399
SHA25638b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a
SHA5122a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902
-
Filesize
20KB
MD5923a543cc619ea568f91b723d9fb1ef0
SHA16f4ade25559645c741d7327c6e16521e43d7e1f9
SHA256bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd
SHA512a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555
-
Filesize
69KB
MD586862d3b5609f6ca70783528d7962690
SHA1886d4b35290775ceadf576b3bb5654f3a481baf3
SHA25619e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed
SHA512f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD52354ab29511c9a26a4a91d36ee895179
SHA1ed0a86b00ced7274c4fda24c814b729dcd01a959
SHA256a4fd8b9b248938d3c1ae24f82a0c8ff168996546cd117daed0c754ab35ad9423
SHA51269c1829a177e1edd9128cc7d6c123e765815f2ef05f71bbc884d0a33b9d9503c256104ab6e3e26cfa837c267a5cda9f46f89b771b4ba7c24c85f78c787453303
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize72B
MD59def2e244689db7ce5441c6daa09b977
SHA132a206f60bc3abc78dde028ea3ec7d91ad5dc132
SHA256684070c6ab1bd40d8916922f8b2fe572cea123b93e3b1b9afed891dcea683b5c
SHA5126848648d90d852027e57aacba9b544f029af8389c289e604506dc2f70d565348134813a83d4ddc3164661db0918d59d091f63b779d840e7d56da50d8ca99b2dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD562ca039ed80a9b881b48e17864ea0317
SHA1a7cfca8f6f1b7dc87b7a0ebe57cf7fefdfed0328
SHA25686fe1030af22c5181d9223759cf3a6af6815725c685232ac911081399ef7ec79
SHA5124320467ed362796748bc30d7982291a55a1496d989309cc3630d5f5354f883a9b17d09a2796fc109f4a46b9254675ad8efed458083ccb6854efb59de98004f2c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.vice.com_0.indexeddb.leveldb\CURRENT
Filesize16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
4KB
MD5ce62298af1bd39986da57c235812c82d
SHA1669d4ba0a8ef656a8f42849807022520f177b158
SHA256992bc0576c5fc9b6a53b314b1907a4332ea776dc16d75abec967a99aabd85b88
SHA51298fd7695824ea004be7e1d659dfa2fbda76ff06fc7535b4b03e2b2f94e74a8adb36863467baced8197b98541842bff3627b1ef32ab52746a19a6622823168f7d
-
Filesize
6KB
MD56bd6c15fc304f673734645924a379d0b
SHA1a98a21529e0380df32c160be0982bd8189439ed7
SHA2561e614c7a46898cf43f67d55b1e2c69bc46c4da1a63a4396984ae48a60a5a4a17
SHA512271fcf31f5adfffaa8e795e71df55559f61bfab021af06c612d9a392e827980a09daf23ec7f4e5f08136adc0c63d7a668203162d0d5f93b624d3e64d671669c4
-
Filesize
6KB
MD5b5961198dad296a97eee76b4610fd3a9
SHA140317650c1ae8e0e0ca3f0834c5166ec70429e44
SHA25625e925f8e709a874cf839eb45d5d10a0bf9f644217fbe3fc98524fc306c583bd
SHA5129e373b3e82814c19d1d2281a948409d5fda22de99feeff46bd8d8d50bf833aac487f484cca21574c30e8947fc14325bb8bb6dbe9541c3e1a940d3fb5f0903918
-
Filesize
13KB
MD5b178af8431e6174663ccaa50c89dbe0f
SHA18ae9e117195730ca0ff9b52cd85de0b0754ed806
SHA256c8f0e683e313ba258cceeffff52dab152451fbe24b215803f0978ebf140cb04a
SHA512158c702577144f2013445602a9599e6b477215c47ddf768f1b641bfc0ea483212f18c50326167ef6b63dcc1c240d3298d6a8e6b567782edb2db15cb4951bf5b5
-
Filesize
6KB
MD52c10ade220949bd0af499332517cf3d5
SHA10815a89cc4a3d99dd3e872b9ffaa122686a0ebe3
SHA256f08ff4197f9d8243ebe43968e887940511e16863d79134b3735da633f04550f3
SHA512ffa3802729e6b8d1ea2f6386812d469fda9239ba95af63d56a71379619a955cab114e2487d3f0cc0d66169ccb4cf60d29e41638934d79beabd2dd398fa6bae77
-
Filesize
13KB
MD56eb405f417242a579a2f40eb14a2c347
SHA1ffec3d1415b8e5b3d52f50fe9610a372fa0046c1
SHA2569614f8d9ba88bd9314d86c29b2c940f53d9bb7f8e89ad8acec21c41c2f7b4e57
SHA512fef4705e0e2a476e6f8107372ffd0bb1549e80224f7751753d42cb03ad2a2bd2515d74ba1dbe5ad782c5ff703151122a21f92fcd58189aa3024f0468c5108f08
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize90B
MD5731c36d5aa030f998481226080faddf9
SHA1138a5c3b294aa18455a0705b0e2dfe7d3684d117
SHA2567b452f2e39e87fb569357bbcb0309a88119cf7eae243f749ba5bdd7c9c5b8c96
SHA5123d9ff3704759b619172c5c226c0df03dc25d86e35cc1950f8cab836511db47dc3cc9829cba21a89053a4ba9b2e2eff3e053ea17007a0271e3316b429c5993a13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize26B
MD52892eee3e20e19a9ba77be6913508a54
SHA17c4ef82faa28393c739c517d706ac6919a8ffc49
SHA2564f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\46d55544-a3dc-407a-8b7f-fb0fd656ba20\index-dir\temp-index
Filesize1KB
MD5882cb6d987872f0bbc8e76a3364700db
SHA138e72fc66f002c4e18e24fa0a5d5d0565067c846
SHA25609222be9b6cd684cc6cb5824ef106a85d82f34842e8dd48a576df27a0ac4e2ce
SHA51243e6f65e9af8f3e0e7de455f16e82ceb22f5bd62abafafb2b0021cccec087dba78066cdf398417d401b0a96fe6a0d5d12eff9d9708105a88feffc9a9472030cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\46d55544-a3dc-407a-8b7f-fb0fd656ba20\index-dir\the-real-index~RFe597044.TMP
Filesize48B
MD534acd6fb6a5620e29951238ff6b3eeb3
SHA1421b2365f53c2acd97712e3410266f66fc5035b9
SHA25609129ad2870f50c5adcba1cf122bbfa4f581dfd37215d7d714c7cc4d51604373
SHA5123258235dd38df572926d367bd76793730fe94754827066f42308f8b9386b1a2147f673ba433519f1dd39792f87c42fcc1476b58e1593ae9c08b6e1c655aaf4e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt
Filesize115B
MD58c5c9f3ffe9c91e9bc9c7ff757219943
SHA1b75e5f889b9519418b65f3246bd7fc904759a0bc
SHA25682c2d96b6a18258527f172ace5913275e63eb20b7b2cab676c2332a5ae9d2a92
SHA5129d86c044270ab6ba14a0eec058a4a056b479b23c6315f09aa022072f23921172f0dc33f790c71604a5339d51261a7f132f7e99f7c050debc97dd4cf1b2781c92
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe597073.TMP
Filesize119B
MD5327d868860fa73c72a62238ff5e3abc6
SHA1952cde953313314e74da8d057906b0a332ce1c73
SHA2565688fc8cb7ecd81ee132a7cf381e6530752f743cc49a21a17792492f1b8546d2
SHA512c848d09ac5a66ee5111da5c6df72bcf8616c3331ab7a87878fffde571c419e7f027e67d610acde5bef1a118e983a9d945a8e4d47348ea9e175483b8d9ead6f50
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize72B
MD5c7c64c0da08a8b08eda736d101ec42d0
SHA1516165fe7ec3834eb2226aa21e7d209e0f8d9b78
SHA2567b3cd1f9fb9d69892daaa7a9401e9b6c0a12f0d093fa4d64cd751c6a673276f4
SHA512d490ef908b32cbaf438fdaa825a8722e0b6cdb1ddc22a690a4dd633a4636a3b68c0c774187516eb5eb81370df2318adacf1e9b9df005d72bd4e8ffe1fdad52b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5963c1.TMP
Filesize48B
MD52d41a8808554f8bba675952f52e7cd89
SHA1de379ef95568c8c4a84de80a799ac611aa6ae3bb
SHA256d7c77adb368cfa85ed79a637c6eec8fc7e9ac904c43973ccbe73532ba5471939
SHA512b9bb310db437ba8f7a86297bb1ea9b5a0885c860443eddf4eb89fdc95bdb13a01a0ec810efa391ce3bce3bebc3a383894f26311afb620d8a698d68f43e448d33
-
Filesize
3KB
MD5c70553f5cf95d776b25afe1042e0014b
SHA1a813f8f757b4cd791b51797da98e203c7e9e9299
SHA25645638bef49b214ed8a2ea22ccfce411ce557e8ee7142f17b34d10b149dbaa07a
SHA51245e21ad2ba28111dd425784cd0e9cc5803bc5a6eed4fa08c8e3a20986d8f88778c70d207f41c7f7b8a787e078e4760fd6a260fbb45e8446f78028e8675fb67f8
-
Filesize
204B
MD5a7f1e4f1ef04cd2b3c8c73fde0a55c3d
SHA1b46914756a099b937aa88a912993a0633ed1b676
SHA256d0e9f7a92095ba25124fa3543bf9d5e98cb3bfeb7613ae5b156d7e1fe59a1f2b
SHA5121ea8f6a71354cf3eaad1a31841ef9740dc57ed091e07d72f79a14c377a55649690e3f744f57888437f7f4d8c49d532ec4e2c3c8433b2a7d6d2b63446fe1e9a90
-
Filesize
3KB
MD5c98d484710b79695aaa24048b76de072
SHA1f32599099447dee7824f3863775fe622f09e9267
SHA2564f6db9e1383cf8f339495ad44feb640edd5808ef893765853969922186fef465
SHA512946fe2d798ccdf13e7b3a173e74fb8724cd27ef06c85b0d835e9b9fdadd973d1ce727a32c2d0f7fc2c85a33b08cb43bf31c979b3b652356f792bffa9dc9e2d2e
-
Filesize
204B
MD5cd84d7800e4771ee0973f9156030fd5e
SHA1658a8032d70c7472f2dc5c27a499855692369a01
SHA2567287f34a3384e4a214b2c37f3837f68540dcd4bbd6790b1b02fb8db8c7eeed7b
SHA5127b7daec3fda7291e020f4bd22cb234314aec9f9d09e3f773bde2710ec00b0c96f0a8c491465fa1a32d684365bf97610f8f6a423333002e9700f12627d3c20c3c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5851389c6af152d76965aedbf2b7ffefd
SHA1e6c2377377cda62515085682db3f6379d8938b70
SHA2566788d7d54d0cc576a8fcb0b130fd093dbea84c922ab0039a6b525f029102f6b5
SHA512ba5982a846ef1723cb12eb25d0228395e103a431f854adbe4591a9394d41fcd538d0017a8a924b6d30f8dbabfc490a222d17a27d8271d25f2ce97c617b480002
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf