Analysis
-
max time kernel
1200s -
max time network
1174s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
-
submitted
26-05-2024 02:15
General
-
Target
https://ia902606.us.archive.org/1/items/malware-pack-2/Malware_pack_2.zip
Malware Config
Signatures
-
Sets file execution options in registry 2 TTPs 14 IoCs
-
Executes dropped EXE 7 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 51 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Suspicious use of SetThreadContext 2 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 4 IoCs
-
Enumerates system info in registry 2 TTPs 12 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 2 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 60 IoCs
-
Suspicious use of SetWindowsHookEx 16 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://ia902606.us.archive.org/1/items/malware-pack-2/Malware_pack_2.zip1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xa0,0x10c,0x7ff96215ab58,0x7ff96215ab68,0x7ff96215ab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1496 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4476 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4820 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:82⤵
- NTFS ADS
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2748 --field-trial-handle=1812,i,16886596609159833619,13301782791244414941,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Documents\YouAreAnIdiot\YouAreAnIdiot.exe"C:\Users\Admin\Documents\YouAreAnIdiot\YouAreAnIdiot.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 14522⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 780 -ip 7801⤵
-
C:\Users\Admin\Documents\YouAreAnIdiot\YouAreAnIdiot.exe"C:\Users\Admin\Documents\YouAreAnIdiot\YouAreAnIdiot.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 14322⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 488 -p 1248 -ip 12481⤵
-
C:\Users\Admin\Documents\YouAreAnIdiot\YouAreAnIdiot.exe"C:\Users\Admin\Documents\YouAreAnIdiot\YouAreAnIdiot.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 14322⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 484 -ip 4841⤵
-
C:\Users\Admin\Documents\YouAreAnIdiot\YouAreAnIdiot.exe"C:\Users\Admin\Documents\YouAreAnIdiot\YouAreAnIdiot.exe"1⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 14362⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 3124 -ip 31241⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Happy Antivirus.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_Happy Antivirus.zip\[email protected]"1⤵
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F41⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Happy Antivirus.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_Happy Antivirus.zip\[email protected]"1⤵
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"C:\Users\Admin\Downloads\Malware_pack_2\Malware_pack_2\VineMEMZ-Original.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe"C:\Users\Admin\AppData\Roaming\MEMZ.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe/watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe/watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe/watchdog3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\MEMZ.exe/main3⤵
- Sets file execution options in registry
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Sets desktop wallpaper using registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.yahoo.com/search;?p=snow+halation+midi4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff970db3cb8,0x7ff970db3cc8,0x7ff970db3cd85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1744,15144878005939508450,4098016183349333476,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1856 /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1744,15144878005939508450,4098016183349333476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:35⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1744,15144878005939508450,4098016183349333476,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,15144878005939508450,4098016183349333476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,15144878005939508450,4098016183349333476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1744,15144878005939508450,4098016183349333476,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1744,15144878005939508450,4098016183349333476,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:85⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ask.com/web?q=bad+ass+mafia+toolbar4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x98,0x9c,0xa0,0x108,0x12c,0x7ff970db3cb8,0x7ff970db3cc8,0x7ff970db3cd85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,13590837861086126172,15762939053667500887,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,13590837861086126172,15762939053667500887,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:35⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,13590837861086126172,15762939053667500887,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13590837861086126172,15762939053667500887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13590837861086126172,15762939053667500887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13590837861086126172,15762939053667500887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13590837861086126172,15762939053667500887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,13590837861086126172,15762939053667500887,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=stanky+danky+maymays4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff970db3cb8,0x7ff970db3cc8,0x7ff970db3cd85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:25⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:35⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 /prefetch:85⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5016 /prefetch:85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5008 /prefetch:85⤵
- Modifies registry class
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4368 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1788,15886565513675784389,7285068565553216429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:15⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x108,0x12c,0x7ff970db3cb8,0x7ff970db3cc8,0x7ff970db3cd85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://search.wow.com/search?q=smash+mouth+all+star+midi4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff970db3cb8,0x7ff970db3cc8,0x7ff970db3cd85⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/4⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff970db3cb8,0x7ff970db3cc8,0x7ff970db3cd85⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]"1⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_ColorBug.zip\[email protected]
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Security Central.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_Security Central.zip\[email protected]"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Security Central.zip\[email protected]"C:\Users\Admin\AppData\Local\Temp\Temp1_Security Central.zip\[email protected]"2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Security Central\Security Central.exe"C:\Program Files (x86)\Security Central\Security Central.exe"3⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Security Central\Security Central.exe"C:\Program Files (x86)\Security Central\Security Central.exe"4⤵
- Executes dropped EXE
- Adds Run key to start application
- Enumerates connected drives
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\sihost.exesihost.exe1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004F41⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Pre-OS Boot
1Bootkit
1Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Filesize
264KB
MD5c7b34a1a7a3b78db9b337a96800f95ce
SHA13d700d10d5f0a3f06f826431638eed7d2f42864e
SHA256bb316c4edbb83650154d7917ff8b34d08902d5531b296830f484e470a1c4f854
SHA512a5d4b3849d38c0162015e702ddce94bd4c9b2b19fce6c6394053df0ad6093f072de3a72c0d853072e1438784efd597d18bcce42b64ccafdc0fa956d2df0bcdff
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD596d015737fb101988f7ff2731bfbadd4
SHA177a7be80cbfb76e16d599a83ae039271a59f8723
SHA256e9924911e0e0d7279426e5a6b7fff2b46b2d33ba1c82b0d519284efab2f709de
SHA51291ea16f2ef0989a780e172be2653f72f9d3fe8af6b9b55d24dbd57e28abba9074f39a65b66038662d2e4a213299f13889b1eb3b2d7d757bf43fa005d4e0ec1b2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
524B
MD508cf7b92157a976cacb654632187fa7c
SHA12b3633e65241d08f0b717e4653e8e4cbeb5816cc
SHA2560815becd7bf0cb54d9521714e99d58cd03aa3cc3ee97d085eed671d5e417589f
SHA512c2332a1a9adc9bf8eed36b09f745b58613d4f512959ac80552d411b7474d94a4df416d8ce2cb7a81deaefcd2cce08e2aadcfb50934ac217102d7d0d664138e8a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD585715fefdfa706529409ce0c644f8f8a
SHA1b382e2640f4b7e48b511ab0a67d1cced9d99549d
SHA256f1f9510ba565c8368c999cd57330305552d32ac1004671b560bd4c0844adbfe0
SHA5121c73b0dfafb4b1af7c08b2f1cd7989f5ae9dae904cbcd9f8a0fa0af2b2d192b8759238ba425a6603492185a1bd8d12d19259cfa09a915eb545d0af8bf785e74e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD54e7b2a38ec2ed98aaf5c7bbcc0bd4ad2
SHA104d8ed95665093c47e6ee259cba81c9a6020b191
SHA25640928f23e15a996a1e003f293362e79d41e3358810660110758d4fa6082382f4
SHA512c1f44db37069d2b12cf26a2a49e1698ea5a58b4158e54c97cec2a004985dba62c439935eaf2af77f8417ea905d5f191054098f4677bb4a15b43690bad8a3b1e2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5ce6d64f86a0a0b30a07789c3e37bde2a
SHA19cbad82db90b3afd10424f1fc4539415b77395dc
SHA2567292cfd6e22cb326054e0688a2f4d6862bae8acb08f981ebae0d1e5c34823250
SHA5128f80de45795dfeb682c6dc50f995785d7918e6f428f23533a4371231140f82c81c90dfe8fab1eb5c54114cb087ef43fa5f272730f7f9afae42060f2dd0bea13a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
129KB
MD5851e35363e081db1e78bd665427237e5
SHA17fadc6c9ea7762ca5f9281b7f80972d7a5217c79
SHA25690518719ec7065fbd11a2128b283f0ebd3bf9781fdd29faa6150d11b2f0f4fef
SHA51240a3389dd0f6d2ec111321b567ea417604040267f82c9dd8835600d1c67619603c49b060eab7f60cb1ede5c32c78102cf35aa3fdf3f3bca3b229c6993f99178c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
129KB
MD53e4a236904c6d18aa497aca6fd4ff565
SHA12e8e6740507e6d55c77bef7081c07b5da7a7eb6c
SHA25608c2b0d6a175129bf2e64750c444e895edb76754020882bf367189bbbb3c5948
SHA512bab16bf580e9ce1398e39bc02939844c82ca51c45f8ce5c1cb023b50af84ed71c4210be884a0df20fed43e8878e33f16572c4f35ff083594df209cfca73279bf
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
94KB
MD554ac5a432d3ffe0b130b0ed4101f968f
SHA16055cab3ffbaab0f1fdc22ab7ea6e389ffe168dd
SHA256d746f9531818b7e21481713c26f77ef053b8ede8efe0db31a86a64b60e9b9dba
SHA512563f9106ee8d588a0e71a86225e38779cb9594bd578bd5d52c561389b6e195922bd0d2f934b483db74a562ea4cfca776f209b4ca7ac29d244213eab923bb0429
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe595b74.TMPFilesize
88KB
MD5925b59a7361250ee5341176d61c6a901
SHA125c57003113e720d47518cecbb3c59556ea9dd5a
SHA256a369cff2231a99b06e58fefe9f0d10dd45e6f7ca5f8f1506943f77ab66e202aa
SHA512450b287300d4db2d7b6de18825c220528a7438d52f465b67395d764f380a500744e28f1bc4cbff729d3fd5146c3989dd27957eab94382ebf1b6fdcbafdc60275
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\[email protected]Filesize
1KB
MD528df963c88836df10a200a7f3ddcdaf2
SHA112c9058ad17a0a186021a145aad09fd32bb8fa2c
SHA256d61f44cb34af871284be7ca4dec205a1bf8ca747b2efbdb84a14e7df0ae3e85f
SHA5126c55ee17008aad1bec0abfd8ad48d5d86b3d371b62eed0418a1351ac1c747a1226fdb3edb46480d6da4bab9c7dab3a05bc8958cc7e83cfe00419afb7531cefff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c1c7e2f451eb3836d23007799bc21d5f
SHA111a25f6055210aa7f99d77346b0d4f1dc123ce79
SHA256429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800
SHA5122ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56876cbd342d4d6b236f44f52c50f780f
SHA1a215cf6a499bfb67a3266d211844ec4c82128d83
SHA256ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e
SHA512dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54984aac55596bbb1a4ee09c6c37e5116
SHA1f96bf2d3eaee0d474a2fe48ff4161b925cbc60df
SHA2560a8c3457e0160e4bfdbd520bca23455c99a2b10c6efbcc7b26e477fcffd7d7a9
SHA5128bb3374899764977e033b701e60bc1b4935e41662fd511636c350c69b0d6d35a571e2fa25baa35a51254111199d9635dbc29d94aa47184cc30b8ad9496ccbbca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a3c09dc2af37641e754bf2f872544c2e
SHA1bcd96ffb6edf1edea52acad89f312519a202c303
SHA25625200997d25e8d2977abfe372fa8ecfa0542dde1e3a4d0f27b99832c14a34286
SHA51293bb874bc5b803199a16b0790b5ff485fa3b8179023ca2dc599c23c5fbb05e6df3c91188b6d10675218203085d38644ce70e3b6e6f678a8cbd3944a30c718e83
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d01aebee95127f9cfa80f0dac20b5ac0
SHA12e609d915007672b399676088f232151785c75f9
SHA256c028a9fbecb14baf649e0d0a6bbefaed9f5fa91c64db0ea0e27a1cdb291f8a04
SHA51213f4dd3f9047fca8dadd0b06dc86e4dac9d702fbcb9ca202aab105a5afd11fff93d57a5037008e962dc6a113e892dcae729e2efb90657090a25eed9374f9639d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001cFilesize
206KB
MD5f998b8f6765b4c57936ada0bb2eb4a5a
SHA113fb29dc0968838653b8414a125c124023c001df
SHA256374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef
SHA512d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD54c17859a5b5bf7e492b7db7533b9224c
SHA10816d6fe5a41cd51966ea69541f523c57fe3cd81
SHA25648b7c56e9be174128ea7926bdff5330f20e8949b62f3e340d7fd3ffcee2487df
SHA512d470aebb7be1044e554592b021848bbef75336365377e127d3a444a9bd3a41bc2defa120e4b99c6ca7f6a76fe49ee4ac95cc32c697849b5eb3d63ac3b4dce66c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
696B
MD544945d6a5ac247d68a400cf7cb7df821
SHA1b2369a8a52b3c6ddd1e3a7be559a734d7feca244
SHA256d71713da66c8b0ee9c217528a798c7b9c3d87d45e86a7c6855f34b84ec8e982b
SHA51218778b675a5a76a2561df223da95718b45efa1081d9c9c907aae847a35ca7e5289301ea0d4fb1e2842ef265a16cd5c6b05c38aea0e5c3e36fec97995e0fd1448
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
20KB
MD595e08ee630985065de5960429a97cb46
SHA1407e926c10660058e6b722e856b8752c76268964
SHA2568a78393b578cadee5565927df774aa8c74f16e78ebb658de92321c574fc91b14
SHA512e13ea9048f2fe0d27d236c1a239c2fe6fd3ff98e990b85d0ee3db756c6e83e83e53b6910cf04230d2f5fcf22c85f3fd5adc5aa55c40f28ee9b739d61ea5ace4b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
116KB
MD5f08902be005cf874659ec6e7fef3e9cb
SHA1977276a5c235d71b1700f63ac52b418c284ae3b9
SHA256dd848e2b3110b96cb095d40e85416ca66fa8b7942b63388f0359fc4ebc7e2030
SHA512c4c802b6e3aa94b0e9a84f0efda81abad6d7863d6ef3db38d347ef2b27a4ae8666be6cc1110570ace91c8ef76cf044da5fa0829004c8a79727d7f5ff13e5be42
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
2KB
MD5649a8e15c6b5b83464aeae65eca71ed3
SHA17382dd095ba8fb44fbe958ff47228841fa3d9d59
SHA256c18ae2ba4f06cbacd9a7fc63b268588d3b63010b0ebc6758148d7c49cfedda65
SHA5122a4e774a9be9f4b16672ca0fc0a98b477988b0c4415e4c65c6ced91603b9bbc36aefd926266950bff06b6dc68ee8b459975c3a65aead3c80b091a669fc87c2e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
331B
MD594e7fdbecbeeecfa47aed4e204b471ba
SHA145d4c1f641784cd61179e96dd635c27b7f37bd50
SHA256eb022dd42ab69a2d4ced9848743ad381f9d5d686ac99349b717fb9488d19433b
SHA5120d595297dcbbf6bc7a2fcf831e0dd6764004d673f2a5e1b7867454c36963a85408d5577f36aa6cdc49fb42dfd5508d1ae26c8c1bc7a87fc6eff113a150983bcc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5c6969961ec3e4c927aec524fb90127c8
SHA1856eda2408239d9f1cc9affc9118361d82875415
SHA256aa35cccd08d8f5e6f2c876d757d752e4b1105c01f83532c67dca1362dc3dddac
SHA512fe5cce54f963955c7cbe6e172d4486b872ce53afb7dce444c9dd07f76b590c4c091d98921fa59c88ba86b36cffd030ef1bab7ee2ab86fae59a6f7967498b5b2e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
252B
MD59a64c01d1dea4efa300e7b6fc61c21ab
SHA1c804ea034c914ef09e02b80b07da44d64fcfd95a
SHA2567e7468a1d7bd4196b1beb1a9463e645d50107bb83fd128e6f85b562844cd5729
SHA512b1bfe33fa342a035eeccb346d2d3186d8881640154ad84260dba457042eaa41c705b099c5cae26fb2d8169bf4bbe9f993bcdbe5b29fd33124c951d950eab6fe3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5be47dc0cb600dd24b6c4342cd821e8aa
SHA11a3c521b6294be7f6fcc3be44215ec80e02b8187
SHA2566dad41f918a33bea3c3635e385d0df8e3ba0f0f90096b4935c1083fe65bfa830
SHA51239a615a56301529d1be868ac24b3bb57b39921a2245a39cb7b0af3f5a2f14d6527b6802226fe950f191adc490503b61defc1522c10abca533ebb32d4598364e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d6abe643bd6ed4a21cfdfe34857d815c
SHA152a783bc91638bff1706f9b30770f109ca4b8eff
SHA256e1aa2ccca84cb3786fce36ea678fcca38097bd4aba23cf9820a6d3b84e4b98a0
SHA512545796cd63d6303c9c4ee4e5fe5377a7465b93649f411c72ca107ad457cc91a1530bb4d475cdad9fae6cecf88375d3a0d8765ed98d13ff1d446d9b514c2a0121
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD51f3cafbcf485bea61411895d17581760
SHA1c1c5449762d47311da81362ddc4f974a57e61f1b
SHA25630ee64a3c20656cef60aed3cb327b261bb2c111fde1484b8da4a44e9dd02aa95
SHA512fa5e7f68ee52883432080b06a3d416daae019863072c9c1433bb557082177b7eeb1d3e7ebf7e3f93eafe32b82637d2b0c2b26f13312673d4d282001e30b93f52
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD547c949c78f7197d977442c9de99818ee
SHA16474aebb609bfd0c7e1f127342f67397beed45c4
SHA2561ab4115668d6b00d8ac795315ec698f20e666f19e9e02f816240f66ee096efa4
SHA512de0ee74016af6a5f6e488313e2435f102a3a7e0eb035995dd9115cfc22a47a263894036510be7a94e78ee02933593420e16d0d666e26bceb4cdbfdbf67b8fe70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD522a479a6f2bfb8098b4c6f41f1ac86a2
SHA1e9d6f684fa5ec9cbb5a3b77a25efe8974afb14db
SHA256089a44a56e6e25f5af01b4d118bd415762b40f87d2312f8903f54fbd5dcbeef0
SHA512cd49ff4f9ac523b0e208cc16429ad7f7ac07688e49c65eddf5d1f1d1b3e6eb7da7cf6a3ea8d176b1f57659d0521a73362f1e54b2fec2dc810c6880f5df94a28a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52cd6e5957637bcf9e0c80dbc33a57c5e
SHA15d702d8e2d69fc287f88758f5a89b1dca9ac897d
SHA25629ecf6e2e59899b06608e5f4d3b2aae92e34911bec0e3a278a24d4d4fe041182
SHA512305c17e19a4c394b34f0d45aa18e7e506e2bffc83a15e36f1ce0314ea3b87ff700b5f39112711dbf0731ff9e366ed08564f1061cf11598004a76901a7a162619
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5afb59310291a0894b6b09f459c4dce3e
SHA18ace8b5279f3468491513441ef1c046bce274354
SHA256d7ebf29d18a4515e0170b27343b47ab8cbd213da51de2b22f16edf22fadfc5a5
SHA512efef61221370bb57a1fbf301d68e0e84ab6586ac0157735226cf29fcc14b61470db026c84e6971d50c801847e8b188815e189972690b20697f6cbb5e2857335d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD594a912a3d482a266e220ff3dc9f63f89
SHA1f166aa9e8e1847c24d1191c59085c8179a6e109b
SHA256938cca3e47989ba0edeec35b8d9cbb41878a40ea921e245c02ae199b14373e1b
SHA51296dcbeb76ebe8419c4bc874e690f6f839d556ce83d554cf7178dad1ca167703027ca577328e59ce30da391220965f42f6b62194c9ab5d9c3cce3a9571b214d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
96B
MD536f97f89fc9e3748bb8c27e409c6dbc3
SHA154bc32bde638cc513c02dd9b9ec8b2ef4c99689c
SHA256a7a5167cd4e3dbc84737a8bda6df5834ec686271ca2f7edf8a703e5e3524845e
SHA512ed7b0c679930a64330bd399403baf71d5d61f695d88413fa2301a16e6e3b3157abec4337d0512f9afa27509612b78a8174b82002c5578b4aeeb949d7703947e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5e81c1.TMPFilesize
48B
MD55d26cd8c96789eece4a870b8b1369d13
SHA12be81e67af405d91190f29362904bd5dcc2bc6a3
SHA256801fd0d37e96fa65957162db86b53e45371a5fa057400d92f6f93dad78eec64b
SHA512810f725323f434e1f38ee2402159042b82fee72aff2fc7d2e772c2fe3008244663c722a5807f3e35a3ac995016b00e46c633a7fda7092455038c4d418381a259
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logFilesize
137B
MD5a62d3a19ae8455b16223d3ead5300936
SHA1c0c3083c7f5f7a6b41f440244a8226f96b300343
SHA256c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e
SHA512f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGFilesize
319B
MD53b811b6b0b9084ecb0358f668bc26948
SHA16313b1b20bc9977b4a7001ec49802f7191a0aaef
SHA256ef9b1f5f7db15ba3348b03414da4771b479b7e534d60f827e811234c3e5168d0
SHA512736d3415aeb2bb3f069f11f8aaaa68c02bd52ae3ecf2d2bdfff09c056624b084f72b5dc8c2fda008822d8a0db107619d5697be70af474c466196bce3db90f052
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361164005264427Filesize
1KB
MD5092e9562431513d7ddc7cc660dfc5a07
SHA17d2aef9a628cacaea36c77548376b20c79628bb2
SHA256142075205e7ba9c3e6e00d734e1c72773127b117202754148bd2c0763443ce91
SHA5123310b7584dd11fcbc30c7d0b93b0300cefa1da518e19922732a50a8e164c0d7604761fc45f616d78ef2e0c9cc401b3bfc6bdbb37096be9e2407705081666217b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
112B
MD5a4547628934b95d198eab6d9651bda26
SHA1280999408d0de4c2799e16a2999f7c6585bf81d6
SHA256cc1599d962f654fe9204aebdca4fefedee065dee82903beeed5dd8cc05fbf1bd
SHA5125de52da04c7b7e54a584939c087127142a3a16d06a5bba5d738cb28a4b196af7e875999bc9f9ee8d5345d97b774d92ffc45954b06ea97cbd280c4a32721cd34b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD5342326a2d7360ec3dd80fe3ee08ce82a
SHA18b991ba96d2da208b19a5ec121a84489518b4521
SHA256e8eff8c04c2bf91ea2517731e18ee6be58c478cb2670c005531f3722ae925c2c
SHA512a52e92520a28ede423eb69eafd682783684c6f18a33c871ebd672753efab520bc88123878f1d746c0c6ae00dded7cda28f9060b4834208e74ecdb01df460a04e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD516917e558d9bacde5e6d8932be67697d
SHA10137b62f55a209204b951ba1332e3c612e0318c3
SHA25615b5cf4dcf25837094772c9ed4197bad8d32a13e4d642a190de641dd4ef9d934
SHA512bbc3dd67508e5053e324556e6eb295edcd88390749e1f2015f58bbaeb0fb48830d917d3ff7631eae7b2fb4e8a687f37cadcdfb498c3a30e805df0a9271bca63e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD59d7e4ecdb365140dd0ddd712354912a2
SHA136efe0e4373e8adfb329b7efe835c774341b1a48
SHA25695ef120c833751fa328db62bce63250e7ad4de0338ca04de7440ce7665cb8aaa
SHA512c7ef341ad22f273a5287feea5e58632be7248bdc5e8b9279822b35b8d425704fa0fb5a98647cc136bd9f654ccef14e5476d8c5e502bafe5ea63268f134c8140c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5300229171c4462232dd508a10434910d
SHA1600bce26053aa35313937aa36b743c5d05a007b3
SHA256a7d39cd8cf7e8228a4a78aede29af4234e66d804e5bb9fde1a5518fe70209c92
SHA512a296d9cfb2787f07f8be2ab5b820c21fe87137a668b0193b06d3b99cb1cb7d792006801f965f2feb7cc7231abe17d5c66c3214d4ccae01a079562465b9036fc2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
706B
MD50c0b518ecde5550fbe7df74ed5cce9d1
SHA13fa97fcb200099cd51443bdba4f306d6c1c6788c
SHA256e22d6ca67402fd9afc6f1a2ca90be66f6d28a1160085740fc0c45655824454a5
SHA51255458c034087c51f78579598641daeb43c0b8c8078098d648cb871f7f9831c56a6cfc6764a37238b7adab6f77712098fd98598fdb21eed5b8576e55e383551fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD552a945ced864cbf537aec5d060c48e31
SHA121e2c02bb616f6196e06c49e287fd8a70451d2a1
SHA256c26a41ae66f0839a427bf0ec84726368ac0cfcdf0c7e000fab238abc72130236
SHA512b661ce123410d030a2331538117ca6cd05c9ab57bb0e093d382df778f948345248dc3baa030633d1ca7fd4c9e783c23e8f04203376c9a0104cd75743a5afa040
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD589df417cb323e4eb51c886a572afbfd8
SHA138596795c01502c3d6b9af5a7ed744fb4449bd2d
SHA256287f6520436314df42dea462ffa52cb1527e27672da255a1d5b3834ddba2c21c
SHA512ab6e370205a10017e2ab6fc877e149963fb149b1eca28ac342b3330fa71a1972efad2c6ab79337a06bb11e3a78b0145f8e931aca3631b6797006a7c8bdb43d59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataFilesize
112KB
MD5b3b48773e58cfe61c630b936a97736e9
SHA113a71d2cf6d0079fcb78b136a25c9bd90b248364
SHA2568cfc8ea6c0d1ce8b41e6b5f940762c0973cfdc950d5be4b33464ad1cee662860
SHA512f6a9fedaae1150d1529e397359d1ab9acabdc0aa6f657a90f1295e46d8a1746fb6dd7244c808e1317157c20f1baf3bad14fa788c320d0e307e7c3aff7613d8bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cdc93d03-f85c-496a-87a4-ad386da3f8e4.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
44KB
MD5bf6ac5087fe17eab44f8675c1c8ea162
SHA1915b999a4971e9d579e116d64abf1cfa261d9a2e
SHA256f48075ab3bff4d1f7338289f6f4ad1cb7ea2e0b1237f17a26e407532099a7e86
SHA512489a02dcad2c3e843fa68bb535a8a4cee6ef75baa168c91c45a05fa5686b61e7ff5743c630329a99d76e1fc6ef861520784f87f5572c9b9caf38fd7e948d44c4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.logFilesize
19B
MD50407b455f23e3655661ba46a574cfca4
SHA1855cb7cc8eac30458b4207614d046cb09ee3a591
SHA256ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7
SHA5123020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
319B
MD57df0b23a309e05f31736cb19912b935d
SHA1f91875cc26aaaa04826c828f51996adca188e650
SHA256a11cbd8a19e86765cc44ac66cd2519b528bd979154370bdfd8e3f7872823a1c6
SHA512edb51800a6d46b26d734b51308e7ab7d9cee8fb7b73cda64e031e5ea6cfb0938f3b253cc2974f1edf09df03c16e6c1ffad44c9427225fd3a39e5625782e782a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logFilesize
318B
MD55417cd28cd80ab1961b7e46032fc6200
SHA1d2942624e390ee9c1c0261b3be4a59530940d718
SHA2563c4801cfa86fdd9118f0547756d4bf06182249d6f2dc37c31875c5a487de645d
SHA5125b9d498ff11ea2488b1b86142bc508a1b41c4c2fcbc6f8c608e286d3f9345d4532779bbb78572692f87211d53724edf70751fa0abfed431587aa552959c2af21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
337B
MD565017dc93415231254e0aac414d4accd
SHA1930ad3d1a9eccfb24e71f038a2af8797f376302e
SHA256c966308bdd3870abbd1538d4e6e241f730b2c24d9b07d0eb03448ca49cdc3858
SHA512712e4bdccea1160bb05adc893329c49bcd6d1fdd09ddc1b1f953a7366dc5964bd060c18c37cf5333f3fceb854e8c25b856416eb70a0ed89c7546a04d8be30dde
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0Filesize
44KB
MD5e46cfc657a0dea62e0aad408e5cc2c0e
SHA1fed128a772edfdc723601ce07ac0e712d71c019a
SHA2564eb6fdabe44411fbf6cead731f29e304b72f23b8790953fa3a0b2988f7b0ecad
SHA512072c6f263bd8cb429d1f82fbe14ce02deae3d4829e89b39118be1a2712dbd96d68af515c003cddebdd01ca4f5a204d173c58ec7bd5206c3106a46dbcd538d644
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD5e85000d294da6c28e7c381b7e700771f
SHA1b0ffebea296641a2daa53f6aa5e4d26f0286741e
SHA2563f66e3935bea81e91c99ab621faea0936ec8dbddbadadf9aac4605c8d7dd5292
SHA512281668b9667c5228ff5ac0dac0c478ea9f734cacaa8d053086933a994eee274fe60a5007d91bfde37d3f085427badfc8f3594b876cbbf10569d4ffb752d420d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3Filesize
4.0MB
MD5f26089a51905ca10903a50f910832cf4
SHA15bc8b1b32e85de217bdd0cbc5be5c01f14955388
SHA256058ba57d39b4d19cd2c3c38c3db701d77cf777e94446d7a66df6e6478c593e0e
SHA5127eeee21e320add841435e172021b02652b7d4c18dd9ba4c9352a58f41dde6926409904266f891ca0e81eda5331be7ccd99f4d924d326cbe90246cee0b287c2ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001Filesize
17KB
MD5c163efe909c3e529ef27177fd126f9d1
SHA1248d4c24fb1fb7f8d6f37629cb04b8175ac2e8bc
SHA256f816041d56546ab402df3210ba540f9c3e645a2ee7b4fd4608a6da48749b6489
SHA5124613a2bfee55f12b8ef67a01a45f164ecd40ece1c3e41f419b490d8ab5e112a66257806585e1c024b421677e6453e07ebc6c68faba5ff7cd1efda99afc55a1c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002Filesize
22KB
MD5fb9a772830112c62a2c47ec9657aa433
SHA1a4fad3a77fb2ac5c7ad0a84e48abfaa56bcd3789
SHA256dec8a5020e30c4a096b263a8a14c2e6125163a2fbb5c3ca1323282d481bbd169
SHA5124c3a15f11593065206e0e5fff3efd91e5be84bf5ab5e2e0b234a7a7b74c9954528fda2ae2e8034c63daef53919d8b8464ef8573bdc021081013d1bab349523d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5b29bcf9cd0e55f93000b4bb265a9810b
SHA1e662b8c98bd5eced29495dbe2a8f1930e3f714b8
SHA256f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4
SHA512e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a60dfaf7ac1b80793350d69226157161
SHA1a8fcfb8341778dc1259357be528b170e01513024
SHA256654620eb46c608689c85876965ba3db7c9f8a5f3d979377c4cc1a0dd17a47a1e
SHA5123c8eaf953ee1e9297e0183326dc647f04e6d9da68b80427a72859783b6efb7d22144763c6bd59c193b2dacecdfdebf841c7fe98492eba397ce3148ea1760d73f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5bcd09bb6c676f75521f82952977e81c0
SHA15416839cb79fc5d393177065f5f2cd44238d8d15
SHA25634154edba859b78739137c5241740ccddbbe5cc3b708b36214792b60b25fb078
SHA51274a2f6b77611ebc7611ee3f9ff568f756c88d0aa2af78827af34d1b21e3349ce783d2c19ed7f93b9b0ba554887cba67be3e199780951fbc9c66d4e625d7884b5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50a7e8165b82eab3bc2e2cc195580355e
SHA10c3af0d6762472320af41afe29a96be195572ebd
SHA256cdbc27d5728853c423ccfa9a915afa04487e84c44813dc345d3273e25511f47d
SHA512a5105f4fb37ff1841e1354ade13cb4a7c345aee53b51ec1a056d12fd7576f25e2e7a3d4bb5aa6b6b0927cd251725ad572a92024f8a4e6886aca8fc0b8f16c30e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Roaming\Data\2.binFilesize
353KB
MD58766dce04feb646bf62206d64d6eb0ba
SHA191c5d588028c6c949e9cbcec950bcfaa35a791e4
SHA256f87e1ab69bef059744ee9244f37b0f21ef7d7b06fc5245094cfa22637ef6ae9d
SHA5120bc8fc880bb94ad55a732f2be207d88a6bb0ae8d97f91819e889d04420a71ae5d91af21861bad351c5fd7f4e944c1899b17df326bf19d310cc31a95fd38ee6a3
-
C:\Users\Admin\AppData\Roaming\Data\8.binFilesize
408KB
MD55ada580c290b53327fc8db29d5cd66c5
SHA1a504aff6a9fa93bf4ccb69df17b5238804c659f9
SHA2565dcf1f4b285a6dd70ec7acd77eeb5752a3d381a8a697eafd394fcde615f3ba63
SHA51236da1958e7b4fad5367b257d9343c4eab59d50b01c610514d48eae2d0eeabf7efd06dd8fc63551a0a7e11df91aa3ceb063003cdd9c30c6755431ba218524fd49
-
C:\Users\Admin\AppData\Roaming\MEMZ.exeFilesize
21KB
MD55761ae6b5665092c45fc8e9292627f88
SHA1a7f18d7cf5438ee7dcb4e644163f495d3fa9c0ef
SHA2567acabca3631db2a73a5e20abd050097e44390ead1d74717aed936601904b73c2
SHA5121d743b407663e00a296c2ae45cb5a05a0866657afafbc9e8220e4c1839cbab2c09bf2a3510ec8016f902ccb7254edddf2a3412e7f5a4cafcabbeb5724a67b46e
-
C:\Users\Admin\AppData\Roaming\data\12.binFilesize
5.4MB
MD59e0ab3181d32ac9950dbe1026b197207
SHA1d8b53f3a93d5e2df9507b6256f2e414712347256
SHA256a3091d14161d268924a4d6195f820c64b1811d6afbd6948dde29e267ecb56cae
SHA512424f8f0a6e945fcd831ca0d0f73f898dad0214f38cc477cb3be8b161836e349cd5d629444033e134e2fd6b8c85cae088f177aea4e26d7192a4f60a5739584c2e
-
C:\Users\Admin\Downloads\Malware_pack_2.zip:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
C:\note.txtFilesize
133B
MD5910efec550edf98bf4f4e7ab50ca8f98
SHA14571d44dc60e892fb22ccd0bc2c79c3553560742
SHA2567349f657a8d247fc778b7dd68e88bc8aba73bf2c399dc17deb2c9114c038430b
SHA512320de5e34c129dd4a742ff352cfe0be2fac5874b593631529e53d5fe513709ac01f5d1d3dfae659f36a2a33aae51534ec838f5d3748cd6d1230a0f3d29341442
-
\??\pipe\crashpad_1360_BBNRZWVECSYLJTLDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/780-122-0x0000000005DB0000-0x0000000005DBA000-memory.dmpFilesize
40KB
-
memory/780-123-0x0000000074A10000-0x00000000751C1000-memory.dmpFilesize
7.7MB
-
memory/780-124-0x0000000074A10000-0x00000000751C1000-memory.dmpFilesize
7.7MB
-
memory/780-121-0x0000000005DD0000-0x0000000005E26000-memory.dmpFilesize
344KB
-
memory/780-120-0x0000000005B10000-0x0000000005B1A000-memory.dmpFilesize
40KB
-
memory/780-119-0x0000000005BE0000-0x0000000005C72000-memory.dmpFilesize
584KB
-
memory/780-118-0x0000000006190000-0x0000000006736000-memory.dmpFilesize
5.6MB
-
memory/780-117-0x0000000005B40000-0x0000000005BDC000-memory.dmpFilesize
624KB
-
memory/780-116-0x0000000000FE0000-0x0000000001052000-memory.dmpFilesize
456KB
-
memory/780-115-0x0000000074A1E000-0x0000000074A1F000-memory.dmpFilesize
4KB
-
memory/1248-125-0x00000000749E0000-0x0000000074A8B000-memory.dmpFilesize
684KB
-
memory/1248-126-0x00000000749E0000-0x0000000074A8B000-memory.dmpFilesize
684KB
-
memory/1464-193-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/1496-187-0x00000000038F0000-0x0000000003900000-memory.dmpFilesize
64KB
-
memory/1496-191-0x00000000038F0000-0x0000000003900000-memory.dmpFilesize
64KB
-
memory/1496-188-0x00000000038F0000-0x0000000003900000-memory.dmpFilesize
64KB
-
memory/1496-189-0x00000000038F0000-0x0000000003900000-memory.dmpFilesize
64KB
-
memory/1496-190-0x00000000038F0000-0x0000000003900000-memory.dmpFilesize
64KB
-
memory/2768-192-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/4152-435-0x0000000000400000-0x0000000000414000-memory.dmpFilesize
80KB
-
memory/4336-136-0x0000000000B60000-0x0000000000D52000-memory.dmpFilesize
1.9MB
-
memory/5676-969-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5676-957-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5676-954-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5676-958-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5676-955-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5676-959-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-989-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-998-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-974-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-972-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-978-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-979-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-980-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-982-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-983-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-984-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-985-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-986-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-987-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-988-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-970-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-990-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-991-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-992-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-993-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-994-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-995-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-996-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-997-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-973-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-999-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1000-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1001-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1002-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1003-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1004-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1005-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1006-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1007-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1008-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1009-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1010-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1011-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1012-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1013-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1014-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1015-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1016-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1017-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1018-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB
-
memory/5756-1019-0x0000000000400000-0x0000000000A35000-memory.dmpFilesize
6.2MB