Analysis
-
max time kernel
635s -
max time network
636s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
12-06-2024 12:21
Static task
static1
Behavioral task
behavioral1
Sample
7up69l.jpg
Resource
win10v2004-20240611-en
General
-
Target
7up69l.jpg
-
Size
12KB
-
MD5
0b2814fae1c1db46b9c61afcc1a63f49
-
SHA1
0f4700cd7aa6713ae76c6ffd8804340b0338c301
-
SHA256
69f43617b38f34ba3a45a9bf75829568078ce6e6b86cb75c2babd2f891810e4e
-
SHA512
a267d1f4a5dce71e7e64ef8dcac796248a884c3de8adbe011f31c171613a415339c2f2973e1e0b62375c473aa019666b7008af919d0c979c2eee3cb2fdd93286
-
SSDEEP
384:ahv/XX5Ry8NCVH6ZYklmwQQc+8WHxvj14UxeuEjCB:adpQbhiwtQcTWRStrE
Malware Config
Signatures
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
MEMZ.exedescription ioc process File opened for modification \??\PhysicalDrive0 MEMZ.exe -
Drops file in System32 directory 1 IoCs
Processes:
mmc.exedescription ioc process File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe -
Drops file in Windows directory 58 IoCs
Processes:
mmc.exemspaint.exedescription ioc process File created C:\Windows\INF\c_netdriver.PNF mmc.exe File created C:\Windows\INF\c_receiptprinter.PNF mmc.exe File created C:\Windows\INF\c_firmware.PNF mmc.exe File created C:\Windows\INF\c_linedisplay.PNF mmc.exe File created C:\Windows\INF\c_fscontinuousbackup.PNF mmc.exe File created C:\Windows\INF\c_display.PNF mmc.exe File created C:\Windows\INF\c_proximity.PNF mmc.exe File created C:\Windows\INF\c_swcomponent.PNF mmc.exe File created C:\Windows\INF\c_fscfsmetadataserver.PNF mmc.exe File created C:\Windows\INF\c_computeaccelerator.PNF mmc.exe File created C:\Windows\INF\dc1-controller.PNF mmc.exe File created C:\Windows\INF\c_fsreplication.PNF mmc.exe File created C:\Windows\INF\c_fshsm.PNF mmc.exe File created C:\Windows\INF\c_extension.PNF mmc.exe File created C:\Windows\INF\c_fscopyprotection.PNF mmc.exe File created C:\Windows\INF\c_fssecurityenhancer.PNF mmc.exe File created C:\Windows\INF\c_processor.PNF mmc.exe File created C:\Windows\INF\xusb22.PNF mmc.exe File created C:\Windows\INF\c_ucm.PNF mmc.exe File created C:\Windows\INF\c_fsundelete.PNF mmc.exe File created C:\Windows\INF\remoteposdrv.PNF mmc.exe File created C:\Windows\INF\c_fscontentscreener.PNF mmc.exe File created C:\Windows\INF\c_scmdisk.PNF mmc.exe File created C:\Windows\INF\c_media.PNF mmc.exe File created C:\Windows\INF\c_fssystemrecovery.PNF mmc.exe File created C:\Windows\INF\c_diskdrive.PNF mmc.exe File created C:\Windows\INF\c_camera.PNF mmc.exe File created C:\Windows\INF\c_holographic.PNF mmc.exe File created C:\Windows\INF\c_fsinfrastructure.PNF mmc.exe File created C:\Windows\INF\c_smrvolume.PNF mmc.exe File created C:\Windows\INF\c_cashdrawer.PNF mmc.exe File created C:\Windows\INF\c_fsquotamgmt.PNF mmc.exe File created C:\Windows\INF\c_fsantivirus.PNF mmc.exe File created C:\Windows\INF\c_barcodescanner.PNF mmc.exe File created C:\Windows\INF\c_fsvirtualization.PNF mmc.exe File created C:\Windows\INF\c_fsopenfilebackup.PNF mmc.exe File created C:\Windows\INF\digitalmediadevice.PNF mmc.exe File created C:\Windows\INF\c_smrdisk.PNF mmc.exe File created C:\Windows\INF\c_scmvolume.PNF mmc.exe File created C:\Windows\INF\c_fsactivitymonitor.PNF mmc.exe File created C:\Windows\INF\c_fscompression.PNF mmc.exe File created C:\Windows\INF\c_fssystem.PNF mmc.exe File created C:\Windows\INF\c_volume.PNF mmc.exe File created C:\Windows\INF\c_monitor.PNF mmc.exe File created C:\Windows\INF\c_apo.PNF mmc.exe File created C:\Windows\INF\oposdrv.PNF mmc.exe File created C:\Windows\INF\c_fsphysicalquotamgmt.PNF mmc.exe File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe File created C:\Windows\INF\c_sslaccel.PNF mmc.exe File created C:\Windows\INF\c_magneticstripereader.PNF mmc.exe File created C:\Windows\INF\PerceptionSimulationSixDof.PNF mmc.exe File created C:\Windows\INF\c_mcx.PNF mmc.exe File created C:\Windows\INF\ts_generic.PNF mmc.exe File created C:\Windows\INF\c_fsencryption.PNF mmc.exe File created C:\Windows\INF\wsdprint.PNF mmc.exe File created C:\Windows\INF\miradisp.PNF mmc.exe File created C:\Windows\INF\rawsilo.PNF mmc.exe File created C:\Windows\INF\rdcameradriver.PNF mmc.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 20 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
mmc.exedescription ioc process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\ mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006 mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 mmc.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName mmc.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A mmc.exe -
Enumerates system info in registry 2 TTPs 27 IoCs
Processes:
chrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 16 IoCs
Processes:
LogonUI.exechrome.exedescription ioc process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1" LogonUI.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "206" LogonUI.exe Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00 LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808" LogonUI.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271" LogonUI.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1" LogonUI.exe -
Modifies registry class 5 IoCs
Processes:
chrome.exeexplorer.exeMEMZ.exeexplorer.exeexplorer.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings chrome.exe Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings MEMZ.exe Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings explorer.exe Key created \REGISTRY\USER\S-1-5-21-3169499791-3545231813-3156325206-1000_Classes\Local Settings explorer.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 4004 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
chrome.exechrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exepid process 4860 chrome.exe 4860 chrome.exe 4284 chrome.exe 4284 chrome.exe 3704 MEMZ.exe 3704 MEMZ.exe 3704 MEMZ.exe 3704 MEMZ.exe 5016 MEMZ.exe 5016 MEMZ.exe 5048 MEMZ.exe 5048 MEMZ.exe 836 MEMZ.exe 836 MEMZ.exe 3704 MEMZ.exe 3704 MEMZ.exe 836 MEMZ.exe 836 MEMZ.exe 5048 MEMZ.exe 5048 MEMZ.exe 2584 MEMZ.exe 2584 MEMZ.exe 5016 MEMZ.exe 5016 MEMZ.exe 5016 MEMZ.exe 5016 MEMZ.exe 5048 MEMZ.exe 5048 MEMZ.exe 2584 MEMZ.exe 2584 MEMZ.exe 836 MEMZ.exe 836 MEMZ.exe 3704 MEMZ.exe 3704 MEMZ.exe 3704 MEMZ.exe 3704 MEMZ.exe 836 MEMZ.exe 2584 MEMZ.exe 2584 MEMZ.exe 836 MEMZ.exe 5016 MEMZ.exe 5016 MEMZ.exe 5048 MEMZ.exe 5048 MEMZ.exe 2584 MEMZ.exe 2584 MEMZ.exe 3704 MEMZ.exe 3704 MEMZ.exe 2584 MEMZ.exe 2584 MEMZ.exe 5048 MEMZ.exe 5048 MEMZ.exe 5016 MEMZ.exe 5016 MEMZ.exe 836 MEMZ.exe 836 MEMZ.exe 836 MEMZ.exe 836 MEMZ.exe 5016 MEMZ.exe 5048 MEMZ.exe 5048 MEMZ.exe 5016 MEMZ.exe 2584 MEMZ.exe 2584 MEMZ.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs
Processes:
chrome.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exepid process 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 860 msedge.exe 860 msedge.exe 3188 msedge.exe 3188 msedge.exe 3188 msedge.exe 2080 msedge.exe 2080 msedge.exe 6028 msedge.exe 6028 msedge.exe 4792 msedge.exe 4792 msedge.exe 4484 msedge.exe 4484 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe 4684 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe Token: SeShutdownPrivilege 4860 chrome.exe Token: SeCreatePagefilePrivilege 4860 chrome.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
chrome.exemsedge.exemsedge.exepid process 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 4860 chrome.exe 2148 msedge.exe 4860 chrome.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
chrome.exemsedge.exemsedge.exepid process 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 4860 chrome.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 2148 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
Processes:
mspaint.exemmc.exemmc.exeMEMZ.exewordpad.exewordpad.exeLogonUI.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exepid process 5904 mspaint.exe 5904 mspaint.exe 5904 mspaint.exe 5904 mspaint.exe 3208 mmc.exe 5388 mmc.exe 5388 mmc.exe 3432 MEMZ.exe 3432 MEMZ.exe 3860 wordpad.exe 3860 wordpad.exe 3860 wordpad.exe 3860 wordpad.exe 3860 wordpad.exe 3432 MEMZ.exe 3432 MEMZ.exe 3432 MEMZ.exe 3432 MEMZ.exe 3432 MEMZ.exe 3476 wordpad.exe 3476 wordpad.exe 3476 wordpad.exe 3476 wordpad.exe 3476 wordpad.exe 3432 MEMZ.exe 5040 LogonUI.exe 5016 MEMZ.exe 5048 MEMZ.exe 3704 MEMZ.exe 2584 MEMZ.exe 836 MEMZ.exe 3704 MEMZ.exe 5016 MEMZ.exe 836 MEMZ.exe 2584 MEMZ.exe 2584 MEMZ.exe 836 MEMZ.exe 3704 MEMZ.exe 5016 MEMZ.exe 5048 MEMZ.exe 5048 MEMZ.exe 836 MEMZ.exe 5016 MEMZ.exe 3704 MEMZ.exe 2584 MEMZ.exe 5016 MEMZ.exe 5048 MEMZ.exe 2584 MEMZ.exe 3704 MEMZ.exe 836 MEMZ.exe 5048 MEMZ.exe 5016 MEMZ.exe 836 MEMZ.exe 3704 MEMZ.exe 2584 MEMZ.exe 3704 MEMZ.exe 5016 MEMZ.exe 836 MEMZ.exe 5048 MEMZ.exe 2584 MEMZ.exe 5048 MEMZ.exe 5016 MEMZ.exe 3704 MEMZ.exe 836 MEMZ.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4860 wrote to memory of 1948 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 1948 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 5088 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 1548 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 1548 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe PID 4860 wrote to memory of 2444 4860 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\7up69l.jpg1⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa95aeab58,0x7ffa95aeab68,0x7ffa95aeab782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1960 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2268 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2888 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2896 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4412 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4616 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5000 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4380 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1112 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3376 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=6088 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6096 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5392 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4600 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4404 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1164 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=4556 --field-trial-handle=2136,i,14059672996467329523,2512146949692321188,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"1⤵
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /main2⤵
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffaa38a46f8,0x7ffaa38a4708,0x7ffaa38a47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3036 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,1913787061004381918,11823434555829501076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:14⤵
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real3⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa38a46f8,0x7ffaa38a4708,0x7ffaa38a47184⤵
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵
- Modifies registry class
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"3⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\mmc.exe"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffaa38a46f8,0x7ffaa38a4708,0x7ffaa38a47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2292,13882392028026409340,751886179000424232,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2304 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2292,13882392028026409340,751886179000424232,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2292,13882392028026409340,751886179000424232,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,13882392028026409340,751886179000424232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2292,13882392028026409340,751886179000424232,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffaa38a46f8,0x7ffaa38a4708,0x7ffaa38a47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,2062740438844731921,15873106799423995675,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,2062740438844731921,15873106799423995675,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,2062740438844731921,15873106799423995675,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2062740438844731921,15873106799423995675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2062740438844731921,15873106799423995675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,2062740438844731921,15873106799423995675,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa38a46f8,0x7ffaa38a4708,0x7ffaa38a47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,13396584409445086413,6248638962857059985,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,13396584409445086413,6248638962857059985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,13396584409445086413,6248638962857059985,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13396584409445086413,6248638962857059985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,13396584409445086413,6248638962857059985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:14⤵
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122884⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa38a46f8,0x7ffaa38a4708,0x7ffaa38a47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,7316292208782232393,16434716188721271614,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,7316292208782232393,16434716188721271614,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,7316292208782232393,16434716188721271614,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7316292208782232393,16434716188721271614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,7316292208782232393,16434716188721271614,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffaa38a46f8,0x7ffaa38a4708,0x7ffaa38a47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,5685452842061911087,11685344461808228019,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,5685452842061911087,11685344461808228019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,5685452842061911087,11685344461808228019,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5685452842061911087,11685344461808228019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,5685452842061911087,11685344461808228019,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5685452842061911087,11685344461808228019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,5685452842061911087,11685344461808228019,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4116 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffaa38a46f8,0x7ffaa38a4708,0x7ffaa38a47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,6469960896839574663,13118910454836060165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,6469960896839574663,13118910454836060165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,6469960896839574663,13118910454836060165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6469960896839574663,13118910454836060165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,6469960896839574663,13118910454836060165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffaa38a46f8,0x7ffaa38a4708,0x7ffaa38a47184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:34⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15621905378440943391,13402631628506432736,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:14⤵
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵
- Modifies registry class
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\explorer.exe"C:\Windows\System32\explorer.exe"3⤵
- Modifies registry class
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\note.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x2d81⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3fa4855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006Filesize
202KB
MD56a16cbefd2e29c459297b7ccc8d366ad
SHA140da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe
SHA2569462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60
SHA5126a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000cFilesize
68KB
MD5f0c27286e196d0cb18681b58dfda5b37
SHA19539ba7e5e8f9cc453327ca251fe59be35edc20b
SHA2567a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127
SHA512336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000dFilesize
327KB
MD51e2ee40c5ffe4aa418ee58f9007792a7
SHA1f28b05c74e22d0b0ffb9552c8bbfd122a03dfe87
SHA256ff9665f206508f2662d1b4137ad427d6eb983f8cbf86d5a28e68ac116169bb5c
SHA5125c67234e24e394c5d02c80e26514b8480a2330cebe98fb07906c035a868714a00c8e2845c9f26d13adbe3f5de4088c913979d46ff2a0739b0adf9a35409b7672
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000eFilesize
133KB
MD5882137361e714b364468b09bb8a5ab37
SHA16e0d7bb4d18d847de81ec96511a0bdf2d6ce7663
SHA256ac0c2ea45cbfa4c887ab3ae3dd8e0adbae80eda8c26c19560380db71796aa6c5
SHA5129445ad07a4ad54edb0428244fe887f17acce86c2896bde02e01d6d2037af852f1c49ee89a3d30a10754916f21abd8dd7e9fd16523da9f82b94ebeb0f9a40a6d8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-indexFilesize
2KB
MD5518bb268123ac4927eb6d4fff5dace2f
SHA1904f30d07ce0828eeee51b553881bd8268ecca85
SHA256243440191e3f87ef517b84b75dde134fc7c2d55302c604da2a44065fd4981dbd
SHA512bdc5b24d1b30a2073ef6c2be5a83465f2e305ff7008eea78cf86c225a24ea5565639cf03ef744ee84b40c380ccc34402492151bd6c2a03fdba73313a1421261d
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD559856fad34cb09270290650d3760ae4b
SHA17fafc11653bb03daf14f737abcb95c73ad55da41
SHA25664a3ef308ac4fc6ca116943c40039e13519463a8f1fe8a25f05e65e330cbdfff
SHA512de0313c446bea65eb6e091703ea17812589ee6d4d2556fd2677ae8f0010d1d0e4385fedbda6645383f5c079c112861720fe1322b771aa2d29edc6e75a9cd75d2
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
168B
MD53c9b5aed8b3120cbb9fff231bac0f3eb
SHA196b7f04decf5c75265875be14b8737a327eb0966
SHA256fae962ea49198b35673453538aadd605c13894473d498f2813e791ea85578866
SHA51245ab40ac197888de19a031caee5a12526c439ccc9b12f6bcb6c7e7e2eca020616256946220c04a6d206509645c786d58c78c9303c76fc6b7cff2fb444d75f899
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD5fd357de6c270db923745711d9ed6e931
SHA1aac7891a40af32e2a1a2f720e13efec60f8a827c
SHA2567b9e95e91b72f79d11fb3d925a4865d29cb8327cb1ce2087b7922dd96f6273aa
SHA5124ff9a921c52dbb4225ad92514a2818b3a23d858fcc132c94a516d34328366dc0dde9c915dc12da34465883e233a577a6b112da72eed29589959a69c74c1cfca9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD5ffe7402c76e767fe37eb22031f6b40e2
SHA10d9d70a2a86bef799675471044dcff48e4126655
SHA2560a57af5294093f53dc4d9dfe4db9686fe728fe2b3b9b796fe3aa5fd02eea49c5
SHA512f0d78ad4288a50d21689a6e46bac127e385b619af9f445c37fd823a7037338f795eb73ce01e557b09cf8605a58be31405a37ad103c1dce2546f61c831251007c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
2KB
MD595ee3d169d6453bf1d80e1f85d46e926
SHA1cd152d8f371df5defafa80e8fe3663ed337c8329
SHA2564e186ccef82cb5362c8461fbf11cdad820293440ed3c0580cee81439bc604c03
SHA512506bb02e69bf0700d4132036ebc4b4620458eb067706c9cc073f4fe41c58078987cfdcb8defb9c919ac9b483b1ff155907a70f22eb20307cf171f79fc22eb7b8
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
5KB
MD59a78f3836b60bb937d78af03ce1a00eb
SHA1b8a486c7357fc56c67a4cec87901af6150750127
SHA25665e7c347c4d67145e2c2e5ecfe388bf60d57d1cf81fb5ba3acc8c8ffe82a8502
SHA5127115cba06408efa39db7ebc2103bdcc8d8ef5511783dada1a0f1e51b34f3bd93087a37506be2cc96dadc978ece8f81577adec852fcbaef3ea78e70258340d972
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
6KB
MD534cea96558c1bc7b77b8d878b2787512
SHA14dfa6ef5aca2b9fba18c95c48aaef0946e85e958
SHA2567c17b2023b5aa34d11c9d1e6541b2fa6f087ae06350e16c2f3dfe66b17aef637
SHA512c885435fee63f09142d2ceb9bdb7118bf4e8ed86f6d940ff968f7dfbff21422f0e507358d0fbc0a82c1a119cf6a66b8bbfed87e5e063c418ac854a77ba959205
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD543c31e1ac2db06dc7ea346920eb502d5
SHA1164956941c0e3d2a9f6d27154ca9df3037654bd6
SHA2560bb45bfbd6d76a7a309bd76f562467090b43832a7b9cc8515fc14ab8e74c8f62
SHA512c144d8badb61b90bd2fccc944edfc69a6ca151b49c86653cac36c5054ef7473173536d14df182dc52b90d82bb23e4c5cb301875721799f77f2ae6cf92237d993
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
524B
MD5c67e553743a058e0a959f52bc248553c
SHA1dbed2cc8a773044de30200afe9d2bdd784c8a0ae
SHA25656f1247fb5885582f32e63e154de59406b78b9b8c882517f0e564dda8046d17b
SHA512d49925dddefb191b5b2f93963307f94eae4dd9faf5b1acc19c1a62da7a0d55a5206b645fc975000b8ddc5c73ca4c226f1a2b5d5409b604efcc7926a1795d7f0b
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5a5882f1c43e898bfef02dfa4d66bf8cf
SHA1df242456ba54cc94c3b1c969c309b49dd460abb7
SHA25602f95087ba34ddc37c5e949dcbcdee903bb4baa666a4e9fe851adc49c39b43df
SHA512950ce607bcc1a78e3c6e5e2fdf2e8cf073984cff6b2816607a509338f29af0adf4fe5a1b44d826b868dd91e631d8efb26397d7fe840cc6d221c2fe92a44f12de
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD512dfc79a3e0a41178bcd3c0a41d03755
SHA1f6e6ef68067ad8e0bb60c301dbf94177075a7523
SHA25624fb1661033dd4cdb5474f6195398ab67fc34eaf59ba4a4eba81866792b39c8e
SHA5124e67861ecac44226ad33d45c707e6cf15baff0d797b09edab9157bebc61fda0478b54b53115eb0eb0971ed954b1f5dacadc88baf2282aea7b41e9a4a65e0e6d9
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5bf4827d76ec871ab6d760480b2b13759
SHA1d8f93a35d16f29b46fada292f9083b97df9223b8
SHA256068492c5e8af0c3017cd92f28b6042d155278ae01f87044a68055040617ab1ca
SHA512343aee491d322ba71db2b4344ba64c4c1c1844d3fea201402a004393892ac7e1883615b44098f444e3abe27782ce41c5e8bae805174fc8ada5c955d7fb6b2a37
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
356B
MD5948fa7be6928a781084fa420d91787d8
SHA180ca0737ba138f905dde0c2839c0e10ad86d6a22
SHA256a26120675ac03c5a438272fbbce5e7c4c1d0d9776750b71beee02a8e184bb98e
SHA512597ed639d68095c49f6f3e3cd52b603783ac1bcc32f247bbda61799f92dd842c8b8e220a58e4049f10c54e74677c73baac371f107a5135031b5b8827d40bc6a4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD57f6d57f32ccb2efaa8f9994975e1e48d
SHA113db0eea587a0437b5d8f0b1c2042c64cff7f4a9
SHA256aa4c8356ecc4df84ca1e99ff9d786452bec3392665f6c05756a86b3c5b59fbdc
SHA5122c7c6640629677c92a69bc2bdb2554a6da51739f1d95ecec7e6ba8eb46d9b10f7e1bfb91f0260d6a3662719f39611fdfe8bc5838eaad0bb305409ca788885a5a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityFilesize
1KB
MD5f731ef60f3afc61afe5103f08759d95f
SHA1ed186e2b374e005d2ed078d0eaf74f62c92eb130
SHA256c5a53731ad5f7971d303358cb4d31ca8ed8f55ef96cad2502160af0a7a824904
SHA5122374fed0dac30530ebcb2884969bbf18a2c38f7a45a0a3571b6ac5cb7f95972a9453e0d61c5235bc8b4a1f802e6ffca5d58685d2b7803eba526fb850d4946663
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD524d98ee8fe46ecfee4edf78361766bc5
SHA13adffbce8cbb161a7fd4425ccd1ab276ff17b5e0
SHA256cf714a72869764ba23d71f042b856a88888c81d9cbbdc28be19a8cfbb99aa755
SHA512cc5ce9fb6f03306d3071de0090b03d292961f77c6815c04beccf484899c2f4b254890b89500fc2a126ca4148bb9557839034924b5f7f2496dc91167dc1a08927
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD59f5a92700a154b9ae0ad1cc1b0297114
SHA1a7d77adf4199f3e9cafd5401bf5e749fbf04844a
SHA256336e2a3045383854b4ecf42f9376343cd01e54cf37fb59caf303b4f351883b8e
SHA5127ce204d7180f2ffd3856f4dc36a644b24f22ca57ddb7aca421e83537e22579611795381ae37d1a679333786a802adb5f9e3049c8c0f56607782b124882be32da
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD58fc1da577639163049abaed9051fdbd3
SHA190e1a362f99c1b2b463846552d3eed024e06558d
SHA256df7afc6ec18337350dea5966bdb3427f687799693491301455d87caf9bb2080d
SHA512bf5cb374b9a9b6725a852af3688412daf93b19c7e25f55c49db17ce2cee2f55ac0a785f2ab39ab704b94c34821fc35725df50dd3597fe568d7db1a910c240627
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD520480ef611e9ab44a5d16dcdebf4a550
SHA152ec4318cf1bd61b705fb90202bce5b942933874
SHA2563623e03249d00cc352a3d70bb7425e80fc00f4c2acca149ea1b3b3ca99ac1b64
SHA5121ffa05243f8f2c600e52cf57b08210c4ce5a3a11898390eea3a4ff1db9d42056f0b98f1e8f9ddc4205b36cee40d4773d2324f37c684c953d161e78264544a030
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD598dbd1445561a0531f93bf56c6d26055
SHA1cea5fc160d3e53b3128b1513e706a72cae038037
SHA2561775c5b7bb61e7e65c89932c0b49e3329e17b0d007273489fe7e45f9200f5bd0
SHA5124703216eba80a7053d4dbf9bfaf2b358dd7075f275320cfc8ce5b8912158b217c78aae7bbc5fbb5e8bea963f2e691c8e031b75798bf8cbd6f366bdbb3288aeeb
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5c06558f549b24d72ec3a5efea1f2c3e1
SHA1e87f083f1f43ca928a4e5bc04fc853c63b2414c2
SHA256777718df6defc899b4ce6f6c23d74f1f17c7fe85b640ef649ecda0e35cf2e890
SHA512b6ca388fee69965fa9872cad4b852dc313a9484532b903b3557c319ee035e1f933fc7895622e5a6d21213f70702e957a892fabdc203ae725f18d60ac108359fc
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5ec4fa43b639427cdae4ea248bee79c3f
SHA182f824dc15c806c060109828553d242c7ea8c241
SHA256c41307026ae71aa0ebcf7b4e2f3cd22c7471dcc5f159e7a206c760f35615cd4a
SHA5121035eab62a5fe53f6330613f836d29a2f3c4f3bf04be6159091ed448f79788e6320646d6294b79ccf1dd6e3444c7b3d3ec0a331b32c2edc4074fb0627162f42e
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
6KB
MD5ca1ea9cce1090b994aa3ba72ef86afe8
SHA17bcd56b12d5ae538984995dadc4b62df0f69b409
SHA256882a0650dbd2a8bc3796e7447a069393d0cbcb684b04c678e0a84bb01fb040bf
SHA5129ec9da04ff37cc5245280f28b7954ada831010655c55270ab058b43a124caf60c1d4859dc367b7ff5815208f964914afa6e3c634303cec608dd6dd0df2823489
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD5ad40d260beb0c6e3a34e1b60502a92aa
SHA18d3848eeab86b1e706476cca425950cc8b6c5e9b
SHA25655f3cddf739451f376f08826370b0846dc30399a4f3b0af8185588220a49866e
SHA5122ba3a7f0f7725ad8f49eeed7189efde62dec9432f48a086df53839da526b424f323ab94a8446e5f7a264ba10bbdfb456887c2a061bff3cbed063bc2e29108f2c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure PreferencesFilesize
16KB
MD51dc2280fab9aaa2a572aa1269947aeb0
SHA179204f5f0ad7db622432c7f2a549eb6dab1c9b29
SHA2567207e117a8eff460cbe9f345d2275019c0b72d21372cdefa22a3d2a2b056b0c3
SHA5126f4e4c6337daa170f07a4e8126de74943dde613d3043418926d11b5aee4e4a0bf4d1034c87816e693de0f05616e098d66a8f8d6ee89c1e9a25a027417ffab27a
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
273KB
MD57bc62fbd932c4b2bf491bfc06eb791a5
SHA1cdd5aced156828a1826affda384d43897dbe59a1
SHA25680442f16629fd8167d584ee896ff51c7050af88fbdff87b3a9663eb48d2beb17
SHA512d50905e4742346df42a156591359b375f41eb4acc683cdc1efe689da61f3f1eaae32a441f394c7a9efadcd9144a50f1896b6af791e1b56c02e4f1937f47670b4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
273KB
MD58e80622cbcc4aac1f0a4bc6592b805be
SHA1b96c715e147422e7ac669aa3663cdf78738497ef
SHA2561b3069bb0ba5fc48788b60d76dc38d73819bcf8c80ba03221e1a3f896d59747b
SHA5121c84fb97e4edc6ba0a24697af3248d18b097613cc9a8452346e6dfa75981d625f65da401087df7c2fe7911f85742aa020772f831725e09bc5aee0dce40e7c82c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
273KB
MD5dc4bf0a3d575179624e2c5f58f8246d7
SHA10f2fa0dd852dd819a04bb091ae870815c2976142
SHA2563144710c06a7782f464f177e46066756ab716efb15dad24209d90ee658087f04
SHA5123a7df09116da1e64e09e60245b169140d8e216da49174d3581d0ade9661c5d9a0e17ddf836ead84d7381bfb97eb633748c9aedef90a1c54ace17bd80bbfaade4
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
273KB
MD5a246f609442e462f2927f67d3d890094
SHA1d23d501414e3c13ca4753f6d07aebb9da54ec01c
SHA2569ed91943212c86a718dda94c30858b31b80a8ded89203cbbae5d9803615d8488
SHA5123ba6cb0fad89db4f6f5c1a3cbbe4845241b4b3a1093ceb8a3ebdbfb0ac57996d34ebac76c0e93eb7a900032308ea06b863c9a29270023854879d5eb8510c8fef
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
97KB
MD509dc871fc0a53f252dd58fda4358d5a1
SHA1261d57f3fe3a601493cb240012ecf666f2e3fc42
SHA256caf48dfa3252b1b9c9b1838a0f2ac4a08d8c1efd3b111a2df79d0b852908e37f
SHA51221e540121819d06563d20bf2946709b1b0435ab0d67bc5a12227ab4539797d4cf408a3ac525e605284e5c65d6255ff627a7f9a20447ddcc3f74aaff3ccd96d02
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5afd1e.TMPFilesize
89KB
MD5e1939b146c85b5863d652f445ab35938
SHA15ef0371389e7375335d545685b99482326ae4b9a
SHA2560440ce38e6af14c2fb5a23c9d30f4203d830dc3d7cd17ff8db3c8b54b0f65b6c
SHA5124b527148128b2d375d856c8046b23c4e4977196ed6b8c54e32b804715c8b7030fef88a887ee0b47065fe6a470bb43bc70d7a6f91334441d898c74f11cda4ac22
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1Filesize
264KB
MD53077d8c4d3af5bffe841acfad94523cd
SHA158c1521c5270237040522620cd0ab78fea7b3461
SHA2569b3301085c2740353b0ed150c185c292e983a91417f351566921523265473a9e
SHA512a6eb77ca45cb6147b7ae392a1c112b28c6fb9fd35903c2195d7699065963930ff7f759201c93a40acae86e5d9674271213d487dcdbf87dcb1bd3cdc51ab3aad0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d15dfaf9f2181b8f6ae4649c04546cff
SHA155f11648952c3561bd2c079c95a9520117f0dfd5
SHA256de64ee66c85ee7cd26b806156c7484e4658c3dc479d9ddb40a9b99c28115e244
SHA5125a351597bb8c43bd5c28c810cd5e3947647c6f8706fdad0dcb1918a83d3c020b58403db7756bc6e71520ade5676f9a2bba1c9986151a4d28c4b62cc1ce8e1558
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5032bb22b1e61f5d73a5c750aa612aac9
SHA11198999f9e6a3c3a2c12d1ba13fcea12d684aac0
SHA25617114337cd38e72faabe58a8eb89a47c7106eb411e571e06048ab8d5befdf191
SHA512642909034bb25ee32504bea1709e4533d4aa62417d9903ee9d8340d7a3e0ed1883d4c760dd389eb75ff8fafa946b40bba43b764ce49b7305ef5aa243c327e465
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD56c69c99cd667ed711d0ec3c1d03382b8
SHA11a66f4b4ad996f8476303780676a04c4da9abbf4
SHA256cebc548174880a2c1f4afac6be8d625fb9c12b31cf3eb782c27cada368b7393e
SHA51260e2ccaa37e0f3912b5d940eed255b1ad8bc0199cecec4a1a016986b3ee9fa87c1526e1e3064eb55b77b7ba2a51588674dd6a386b2cf18d2ed6e940ca0285d94
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5739dd056682d6afa781490bd563f3d13
SHA18c97b4bf1ccd5c4bd0f0b4b91f7de8dc31d10d13
SHA2564f41ea0044b0c4ee2b743166f4984393fd18ec0b2e0c7a7a2e341a4c433a8ade
SHA5126f8e663ffd0e4084fe740d7c580c947067928dca191ebebdc53a2e970ec1816d1a0d00a8ed83a92a5e786489591377265701b28170d74b876a1bca2459f95df9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52dd90c9adb9d6480dfa88367ef9a0ab5
SHA10f751903d5e69e6841818025ceb1ff06717baf0b
SHA2563463fb68cd984a3b25d5a6bd04778b244bf530dfb28b3952c343ad374336f896
SHA512089daadbed965585751110dbdf43c2b1eb3b71176f7852a2de075ab0b21d55831b3631c78c5c6e7f12b278de74da2cdbd3c6ca9c2f9f70cf4905123758afc6eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59292203348281d77b0b74c62f089d872
SHA13ac9c5daf8d430ebc0bb28b5b47848833579a255
SHA2566ca4ce04afa7e5d5a280ec02d480059728e9e4fb9994163bfc49f63f547675e4
SHA5121bfb77e956edd23ec0cd56ba51966d846320d7aa9646a2dec7ce30dcef14166dd1d9427c3db1787298b26ba997c8434df333fda6747c1e60bd7d5785f34d309b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD514962f766004de2533f6e368f7ca3d26
SHA15cf8f1471431b31e4f14e9ca16921721d581f00b
SHA256aa77d3fc88108ca9820e533d89851809738686d85562e6ae98fe62be1f95ec9c
SHA51266ca833f8545a442971c9d2f377b25b3e962e478cb2ebb059314015feb2fade4779aa44ef289d0e2bfadff760c922e9b30144147fb50d9766d6ba2c413104f90
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD52ef7c02598ec79dd1090c56aab0f1176
SHA11c9934614f1aaa592573bfddbf2a1a802e77a943
SHA256eb31ee141d70105d2386dc444f5ff674018f57cbc02a8667bb29ca0ed2a94a54
SHA512740974f4fcde8e29aabeccc2d728f86f7e03d7de1981bf079694e4ed7f067aa1244153fa2cadb26cab36c647248f278bfe3e7e813e589e75f46e8683901a990d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b4a74bc775caf3de7fc9cde3c30ce482
SHA1c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA51255578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c5abc082d9d9307e797b7e89a2f755f4
SHA154c442690a8727f1d3453b6452198d3ec4ec13df
SHA256a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\062f7c7a-38e0-4607-a1d0-0baf2f37c67b.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\61e90150-7042-4051-9fac-732cd38a899e.tmpFilesize
7KB
MD53a59509b8fac80194d95c4276d50aefa
SHA1b267256ea76bb6cb6b0d883d7d4e19bd6c7d2be7
SHA256e17f650d329fe2f3e81321801548d025e42b995a0e2ba4c1a1cc31b8fca50be5
SHA512949f18f20ddeb0f42c81a55c22dc79f5d8fbbaa098dc183b5f96b0cd3f14f263a38b6186f3aa9bdb9ee7741cb0156ece28e1d146301a6007b427c6e0ca73b421
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a76587f-5c79-4bf0-b082-eb73d6addc3d.tmpFilesize
3KB
MD514fdb2d2d7070c4cc7af8f9508a25409
SHA19ab43bf7d0166a88bb8cd237aa01e8421e42e6d8
SHA256e8c422e6f0463121daf1ffcb072903e34a14726f112ff119300f8b72c61511e5
SHA512c1688dfc4b84501ced3525662ad489fff867f9696aab95a4dcb6c76059858f2e9807982abcb4292af570fcd6ba110137b6a73133c130c00a314043aea9d95f94
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002Filesize
24KB
MD587c2b09a983584b04a63f3ff44064d64
SHA18796d5ef1ad1196309ef582cecef3ab95db27043
SHA256d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0
SHA512df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015Filesize
24KB
MD51fc15b901524b92722f9ff863f892a2b
SHA1cfd0a92d2c92614684524739630a35750c0103ec
SHA256da9a1e371b04099955c3a322baee3aeee1962c8b8dabe559703a7c2699968ef4
SHA5125cdc691e1be0d28c30819c0245b292d914f0a5beaed3f4fc42ac67ba22834808d66a0bfc663d625274631957c9b7760ada4088309b5941786c794edad1329c75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
648B
MD5daaaef2367790333de5595587e2a7fa6
SHA17ab1fb66a171787730d4ac0ba546b50428a64058
SHA256f95e85502e6b1b01f37879a3c4353275235f4cad2c16a534f6fad18ecab5313d
SHA512a9697b33b0aa3e8be36390ecbf4fd9d3c59ef77225c9182bc4ee35e6d3ed8249d0271b576ad03470fcda80e0726ba444dab80cd8d8d4119526a4acf2d392b620
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
648B
MD524013edaedf0c9a66bf29843e2a60eb0
SHA10ac69f690487b7b0acd04848f01e7acc001d009c
SHA25656d8fa4af05cac7a5a965053af29f5bea36e5918b2c3a528147a77ebf15dcbbc
SHA51293c335a7f1bf2cea4095882fa331cc671b6e7301fc8a301a1ae2d340232446a132c721484e3f695731af94f8c951a526c49382998b008714a7fea88de2a6eb98
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
408B
MD5207bfa05353c4dc0bff0b26961f0901b
SHA10659f7c98f0bf2c8cc74c466c8ebc771c8e5152e
SHA256bc0e3d584c8fbc27b2f2f8e5da022debcd164ed2c00fa0b44e545de8e68f1b1c
SHA5125678b835cfd772566415e88b492630eab37b10c7c4ab93a6f6363ec35a7a0a5211beb9758ccc69526dc4b90eb8149c3e35af13e765828d60627fcd2ff40794ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
744B
MD525612e0a1bf5deae9e490e560ba0e57b
SHA1602eaefccbc23937a940e668da991a8fbfad5d9c
SHA256027c9b2b27f337b62d633741304a40f71cd48456ebdeeb173ebe8e29ffe1f2cf
SHA51272f568b2d25acb05b74a6491d1ae33b6c699f845fde31ce6d0a29e3239ee0c7501091a09da856956b472882a1f79adfe967f337d9f53e04de5171a87cd8f2654
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
20KB
MD5c572e2ed9946189a6af97afa56ad0418
SHA160bd86ac2c8a1f8e5527b131082e548efd221759
SHA256ccfeb962d7998ccded6c48ade6ec88f8ccb1b20eb52fde7241367c2e70acaaa6
SHA51235b6ab3d29342dd45b0cbe1b214e3d9a4125a1c521918a05bf9f9b1fe9ad396f89eea2eaecb1fa43115ca402dbd056a4f07ae775aa62e91b220eadd79dff0f49
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
20KB
MD5af31863518a47f873e1cf9f792ce23e2
SHA148ea66981c56eb3a61c589479409f9efc1c82c08
SHA25676cdc56eccba3ae5f5875cb10f0eb496deb907029d12b7cec7deb6163ad1b908
SHA512b0272b92b50397359fcc6278a8c30cc2c85057128f4df13147a32195c40e62e40c7631addc825909e27b2945423709806ad64b278faf06371e5ad047b2246f01
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD5052a0332d7b20396947d4a93d3cc56c5
SHA18e8cf88fd0fd7896c405bed87930002f93a8c129
SHA256fca8ad6b2f1a9ce1c0f6cef2e19a9da0bd7a9841f2b51c7df1245c81a492973b
SHA512611eaadea1ec838113c7c1ee02dfc1e31fc7c3a167194bdf676d2d4fcdced6df583459ce27020493315b80685f9c4bcf6c519f8031bb7414d803f275453eddc2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
124KB
MD5f2ab0363d0a688b530842cc8c70b9ed4
SHA15783005a79157d3b59c8617f9bfc9a48eea9a60e
SHA256f8e7b5befe07bb4db73f44ce2a934054574e40660e5e4b4a83bf2c02958de5a4
SHA51228c24aec381f56a4c52999ee7d90a69a44c48b78148a745448e6c28b93fec20958b8624e33807db0a96dc7b0c150b7d558320a343ff2f79a4714f0143182f70d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
1KB
MD52c63354fbc678577989372a90456e4e0
SHA13bcaea0156fa48b2d55142bb319919c22f3eda83
SHA2565b79e2d8b42cb3f34ad7ea6d6ef441e45d8a5036637ebada9043f095223c37cc
SHA5127a94ffa4847798908479480cf05385e7be3f23da290530e0f0f49f6167af095591c8b57e3ee63f2946d7a3df2e8484bff96d78219948b32d48c49dd439c906a9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.logFilesize
2KB
MD562d090d9850d0a827295b7e6e276d376
SHA194f319b78d684f7d1be66dd1bd60c07c94b859cf
SHA256448bb33674d8d7105b8823f7bbd2884fbb1039aeeaa5a07f074db98781d94f3f
SHA5121f4c7ce4f4c37e0ab916b5f7ad8a51cc7a0c8bb6e751c0e76442b7cc7d4564356104e6e87493ca51f57c63a6fa744c08646dbacaa8aa1db1c1bc4ddfd0a72fff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
331B
MD5ce7501896d2c4d18f5924dbb81cdbba3
SHA1d13722100c039ed00d7405ae8e9d96170eee309a
SHA2569bfa83ebf55798063251737faac0b2833fdc2be9d95757bc716f216c62a905bb
SHA5121480dbc0a89a29276288d01a967be16b0562a1b56a2f5903d75f98ebd7e3d1e16f021e2989d07463996c97709dfd18dbbfdca9c2e35f70e0c4bca0b56eb292ee
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5b298effbaca8714c1ec498c9c2ee5ecc
SHA16347b44f4de7802c6ad95aa6b0e8384352b326dc
SHA256dabe5a6be34d6f55babcfb73c8306dddcece2ada2e61c8a7b97f675edc6308ce
SHA512495e1d8588f2c444bb0c9df1b9a30350249fe68e4b6be85835cd30453861ebd90399f41fb43d34063c04e8fbdde7f5e8bd179b4bf4884b22934cd1dac2fd8dfb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD556bf131b76a6aaef07af2a1efdc914bf
SHA12749ac6699cd06d66d09c5cb2c23764caf46966a
SHA2569ef297b33abd482e3331838c7c8fd9a3c104530850f1f392bab836d39c35b2c5
SHA51234883a08d26b4e8797e947e1ca01d8911a4a7a05afde421d69b7614256b10471dac5ad1149009c05e530743b13739c0e930adafa439433318a3413884eaa4a4d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5841bdf42a37aba49365912b34197eeff
SHA1b58cdb5aa881eb6983de2a38f273cd9720ba2b30
SHA2564e9733131749c2d3c60a1b4d2113751ad2dac12dfe9dffc67dad0d810d1eb17a
SHA512b792da4a232f5ada644f9703836b06640d997496150fdaa061b2c5aac671e054a63b3ebdcf0cc8654d4426e47fd1340a1731b4cb07ad545d153930b77ec369fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5654ef782c0c30e69557ea4b2afc837cc
SHA1150b806ab8106874bd5a915acbb48ce68b245afe
SHA2565e6634441deb4cc3206dec61b6c2a2dddd4c2b6e88c2122c124a66f8df1ae04f
SHA5127010e3afb3e7083a63fd81b9d671e09dc5ac978e17c59c861d08a126fc7950a22a817b760bcbd394234406f69c87f1abf29852980c1d18986a6fbc190b0ac730
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD54a04f92f510369b49f2001d8ec7d7a09
SHA114fbd5ed390c34d07ad60cb6a44051935fb00312
SHA2565cf1a40665a0dbc9e1f05c98f78a59df9240946ddf70a891df365fe324ad1235
SHA5129ba2fbee44d1620e37face4588f756bd7f8db7ac0b4dcaece58e4c484d70de5902bd7585c878624d42d1a496ac65329799f1b4d4226c58f9fb2d2628c6c90364
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5fb93cf2e4ff95279b3ab0c1ca88cd6f6
SHA1aa80a5fac8710e4237f5385e04058b597f8820eb
SHA25689aee16537a847309311db23a553520994f643159df06651ed95234cebefedbe
SHA51247443c7e7b49ec6d50174483e08ebc5e4423d4a35130c30edcf2b6c4e30d53fd128f66f0c3aa5a8a05bbdd45828a7cce5f7529615d6f2b30fcb10da457398a31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD569828a6327cc1e91f1b2d5a2a4cd614e
SHA1b4e4b75fe8b4484834854c83d7797968f7d6c441
SHA25650f8ab9688582517fe8121d58b30c72c2ba8da771f2468bdc4164cc1ea0377d7
SHA5127452f34d161ebe2d77124f3318112d4b02e792853349ad5c32942ea477cf7d759a204e9060b0a5822e805e2bb59779dd16a8135c1595ed58fd4ef6594e868b26
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD56d7d331d196ed94d40484ed0c8f3fc4a
SHA1cce35853c41c79ab48f0c35c283112b05724a9df
SHA256bc5b9ac2e1ed4d55acdba987e70b7017b291c82a669970901d519398a316f604
SHA512cb8218085744df2695cf82ce92a67931437bfc42f74e91207184c0c81dffb2a581c2dbaa4f454e17affa0a526ee41e7e40d70dfc0faf391506632dcb43320fe4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5b89189da739344c70fa4fe07f27c21fc
SHA143c5de6519e8962d8c26e5c2e36b1ff8425336ea
SHA256f923a199e68939021e1c3f9d0a5743244943fb8c86408c63294f5b0f445a66f0
SHA51257baecae46692a2e6872c0378d2b18218bc5a12a8761f2b2fc4457764cca07cce983a4a3c61f7c13a2c0dd0bc9958e22314c0b0cb4b91903e635aa5435f90d90
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f3fbb43ce5e91a442964f3ba7491b3b0
SHA1eb2565d33461003ce7367b1d4e8baeaf1bb51243
SHA25686b30c4ad72abb1dd71d93377a5cd9a5906f84951859863d164df4098f79d0b1
SHA512deff8eccad1ed26d5024f2644267a704b029243ebbcaa0e84820a06fe4858c930f24fa7e5b913171bc610afb790ddb23aa62f97dd06e6283252f0b47b33d63e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52aa32414fbb5c5d2250f60e041d89373
SHA1907a8174a5d18a3b65a9f1369172388c1070162f
SHA2562baa8bd8f430b353467282ef7f19a36e612a20027fba66d863879ad87b1b4bab
SHA512d83aaf0d3c1787c47aae0880a71f0babce652411879cfc50121611d28852fce57578ec8864cce522082d4348e456105433159b6b0fbaf8cdd045eb77d63bb40b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59221e4be55585a90eb51b6d3f5bfca22
SHA135ca844cb117c17cfc650a2c3e140c3a4c34dcd2
SHA256dcb0a241e8a5fabdc6d5dbfe09cbfa1cf27eeea8cec5edd2a21f0f6973f13dc7
SHA512d62787a2a7dfb3659fdbf5364489fb05dbf45ddd1ebac4bb5b078742d09fee977e41edfc78c931d60750a56342b76bc6f421f49c692c3c552cea288ec48855f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD51823aee4a1b58c01a66b69d0634e86ad
SHA119fe5890c20f0133400e407af595f501469d8bb6
SHA25695d4b9b6ee719f1227f16183eeb10c6367bf67164477a1aecec440a4ce675b08
SHA512ec625f246cec2a0b18ce27a015a71bf58696260a2f31b51b8919e7ccba8b4f5723b1342ed5bd40de13c6cc5e95fd95ff60ecda2fe65cd77b766f6bf88fd8085c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5b81be16de0a69c5431807fe59b86e763
SHA1da6a69e4a0d2282353f68c8dd42e20524d15744d
SHA25650c5d081db7409cd3d8152b141983bc475a3fc416eaee7b390bc426aadae69eb
SHA51238b04b55db0ec0c8d27396f5898660cb24c43d1393acb02b57fb4b9f81ca03cbb5fcc97c5a97cd89e8c05c8adb1d171728fd9cbb11e1bbb4c035cc424f5f86d0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD51da672f688f91d28ad243edc544ec62b
SHA16d0c9ab0f9e022c02924dae37e8149c46bdd49c6
SHA25634cd3dc3982029f1993c6392f7fe221dfa1c311a6b5659ea92c91c76cac01af3
SHA51281b5f5ba4a4bbb010c25073d36a4cac384553f78bf8c091205f19e403cf84f56c6a5ac3e2885fc3c0beb263de44b869ccd4caa839d08d618b9ff438ba71cf485
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5c128d7e10c234c5b13cb905911a945a6
SHA118bac1063a9ec8b5adde840a794b7774c7bb226e
SHA256cf7c9bfaa60e490fd57ce078111d476b309a6918cccc5fd0c7c978ebb4864d4e
SHA51208cc07f2be4222554828235fffdc84d3d4adcda50a43677c6e769dcae071b5a11900fbdd107d1f10670d1f784d0e76d1c66eebba62874d3e52bcd53154564f3d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f30aa38e2909b9d482749eae50a0dc09
SHA10526d557d1ff082fa86f53b8846f7b99c5eec84a
SHA2566dd85b73ce2f8c5dbd020e683e98adfd2719189045cbb0a7ab01dff60d591d26
SHA512d15fc15bfb5d9bd2e25efb83f5221f272a7da8da53e6224610b695820ab4c00a431b5f0ac9cf275f9e6e3c8556df49fba2aeca59ffdcebf5a0d6b15f48b43098
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD588c897dc4ebe210d962f9e2b0ceabe24
SHA12942b41f1fbe4c981e36560dc0768ac950658462
SHA2566a5e7dd0324568a58255f2d6a0153af0bdb97de90fc0bdfd6bb6c93cab3d0fc2
SHA51261954393d3777d4f1ba78940858240341f0b227b3fbd44851bceeb3c2a55867c6b60d3b6da92a867c112c97d7ffaf6eb0b3b7b86b59504f9f0df9258018f3823
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59591e56a5b42ad0f6eeea4d0d07d0fb0
SHA1693cde84f50f19e4b7f791b370040f405a73b755
SHA2563f8c88238d2e8fa8b0e4a76d21d6fe1db914d1ef095f82dcd718c305f40bd2ff
SHA51200783c51ab3924c25876618d1593bb55480d873f00a9bfcb3ca4dff2fdfe793bef9af9b95df9afa721b654daf9af7452144dbd9a768b2695d94c19e5be662f10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD530666277e5eb1395ebea2da46f2d163c
SHA17ae1dfa5ec7adad2651bba2b47ae6624567c2869
SHA256a9e53408b94da7425542d41f368c46e558c9aafd387711099025a54562ec0c91
SHA51299bf703b3bad571f7d9cd3482499347fafb7540b6154423305125c21ad30f828d0dc5b25bc7ec684b2293d3d9ca41af3698dc50876c8c869b453494ea036fd9b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5aff1d725ede5104cf0ae010482faee8d
SHA14be943b83bca6fe88795fcab0cc6cf8e0b751986
SHA2566dc32c6b9d8d7433c5f2157205603ced25ac7e3e2cf4ff933fde82e6ecb8126f
SHA5121a403bae54775ca3f06b2e27016a37642e12d4e3f24b7a8022945bba864490f62ca05a0a169e788acfa5efca6aa4d53139126bafbd9d4c9cf71ae7d78b9eda74
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f5ddcc2e28feeb37d4e9931ea1e9ae55
SHA1607c21b56cb903c808aca07855fe1cfbeb95175f
SHA256b64c501d0cf78b5bbaa684a662ad84a17e49e21a44d839f5b6fa4f8c920c4ed7
SHA5128a8ff9b2381dad91bc2e6f317e17f5ba8e90f96520e8ee538a388519495cb083042522d7c7c74a5339745fc3c09d48451320736bd60072abe225a40a86f23214
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD55e7a3d52ab1ab706e22da05e1076d549
SHA1dda8e37de040888079e278f195d74339481f5025
SHA2560ce72c90b1453a457ccc7fc026dbe17062258ee5a2cbd7fd1e131c5a51036a62
SHA512becd5125632e852c5bed4bf6172b850a4da4d8ad21778279b6a1cd16242803548a274519cb09cde492289d80ac952a16131329a97f1dda04f5bb6ec15c6143fc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
26B
MD52892eee3e20e19a9ba77be6913508a54
SHA17c4ef82faa28393c739c517d706ac6919a8ffc49
SHA2564f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2
SHA512b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txtFilesize
90B
MD5e3cbd104db51adddc6add065d1fdab4d
SHA188a50365860ce45bfb6bcc419fba79bb9bc08df8
SHA256204cfd8049ebc97b77ca359dac7f7e0b2c694aa273de2c38441cc3c9b1fda73d
SHA512e2197906eb654a958a2adaac8f9375e904612cab2cc06b01355f3cc5bc8c7d0f37be8b43f530216eefaf374629a0cea1a8fad717e7c5e90a6cff34e7ec3d2bd0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bebf3.TMPFilesize
90B
MD5f94798866c3c5b9504549f66873d976a
SHA18d4f93dc192f1e4b1f5ad6116bc680f2b43d4e90
SHA2567043331ba94e02a4fbf9f1060fe3539fa64708d8b239bda41c4cefe903c5685f
SHA5124d4101c7a1d54e899552938f8d66a4c4447a00141d93816dee71f7ddefc7ba5635357392a8915d151ec8a079a520349d5c339fd7a8eb24e7c975821393dba8db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logFilesize
5KB
MD51bad7ff6869e4a965383cc7dbf8369e4
SHA1efe8229a1143a31738f704d1361c955499b075ab
SHA2568e0ca837a485117f666387e1fdbfb86f5b0ac98894b7895d5f61397657bdea9b
SHA5122e9b9b44ce7938edcaa847542317dab34214635fb5d33ddd18e02083c324ed69b51066200b5e150163ec46d1133a1305a31c3d6a432f2bfac98c514bdc1b5fb5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGFilesize
319B
MD5329ac349af69646e6624e298cf8e4a36
SHA116b652d5215214f8441f63f768235eca667f8467
SHA256aadaae078c1669c77d09c53759063a56da579e3e3f288d896368d8ea573a97ce
SHA5125bc228307693695af24727339ee094d0d4ef6286c577c52ff312b61712c32b6b11d2e604ebf9ea3d0743baf9b5a153888d7d790b67627fecc3fa278ccd803997
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362668758631338Filesize
6KB
MD5ed264318863f5ab62a02bfea925625c6
SHA1727faa1be5566c09d928160663575c6826b86d0f
SHA25646502127e26f801d90fecfae430251de177b429144b7cf24faff1b7d625445c9
SHA5123e2d87bfaf27d8cec4d90cddedaccb23f7fd9972b7d2b075b96e913bd591bf848bfc8b2de47073a3d7108fe153958ce652d39a1bd93012858eee02670f66b707
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13362669017945229Filesize
7KB
MD525b8279276e3e8eeedc0b0e0a48605da
SHA1666d4fb4c2a7f2cb985a887f8c21fa0ed0b92828
SHA2569a9797097146c7cd95f73000d63fac7abc0bfa98fb256936f7a7c3e35581cd10
SHA5127405c9e1f594b7759f255e764431a70ab9464c9872c8e589f3ef4488efe84c7603b1887797ea09da9270adf957292adefd8b768221d80ca6361f46c061cfb019
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
112B
MD5a3d85c7d7390339e58abc7da1998e642
SHA156bae2325ee8c9fbbc0d7b58893728dca719e3a5
SHA25677665f3eaa0a3850664047389e49e951d65840afeb224a5d1852acc059e92041
SHA5120afca1af6fa036a9dde9b9e1fe9d0e51e3f80b03af58d68b8c55e65899145449eed2f8c0bc0d13bb7f4361632cf2b57e78e3885a977b374e5df27c09611aba93
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD5b8c81a4de2e90e0f1045198dc31f4337
SHA139d117c74a5ff9731cc553501acaef7e5d354d6f
SHA2566190535d0114c15705edca8aa6f52df921ed2d02b8ec4bc5328c782ad03edfb2
SHA51297a756a45ec40e74e753fdb626cb7f88ac46b04aa7dcc33fd1b6b5222f3657ab3c602e7be710571ed4268b23172db7214f4aa414dfc2ec99589582de47933373
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD5965bf8bb6a1738fac7018fef0ac54e5c
SHA1bb07c93dfbaef2da6d5252537abcbfc26ed63d1a
SHA256cc26900b502061b689ebe74ceabade45234c5611c42a42a63ec00882288e51a0
SHA512f25249c34089bc7822cc9db589fd39346922a4721fc1b81acb867be909918b2b90456102b397056598df8f89b6d273477368f1bb0ecd1267bf8d0233cf13c5ba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
372B
MD541c454ff4df7536c7314aa2288d6a4c8
SHA1fe97d0e73ddf4797d7cf797a88133ac8851f4a1f
SHA25600bc85f57b250776a768786b340542333a13903eedae17def082d0d0f15a3a16
SHA512d12c59a0dcd941edf03fdaa5ce7729c7caf0c10c3c5788cdb8f3b1a39294c84c7eb108079575a1f9c31a601f926aed2c521ae03dd3494ddcfe5310f563dc116f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
372B
MD5de574167c55c8dfe8008214eabf50021
SHA1cccc8f8bfeca84a698dc0727224a1c4b1a264646
SHA25668d2887cc67049f8d399433b6500c4cbf4433479265a3f7ebfcf23b558711076
SHA5129155bc3ec9f1f2e13279768d04805c36be8e3a8c889aded05b5c05ce43924e7e7db8e58ad6215da0ddd9c3829e7e2a4d6f73abbf82eb0e684154d470365e4f81
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
372B
MD5e2558e4acc5347d2a7460cb1e0c29434
SHA13d8e82f797a10e7a01236fd88109da18a32ddd4f
SHA25615adcdbe28a59aaedf2444ff007a95b3e46e394db1c531f2c53a830c4f5b7112
SHA5122c0a4c337de568a80f3d1d3c086039843c9af76503458f4d680e8e97cac60e8e8a0b409e1371375e57be3691ca74570cea17db6ba82fbc15aba9e1d16f5afae3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
706B
MD58aadcc1b43c3fc11314941d19e93f9b8
SHA192ec8ed04618e76f5841ada52a95b512ffd31d33
SHA2565ed0a4d548209772f313e99be095c4858a152066f248d4bf06322b1d7b029581
SHA51244ac43ec7b2d0378ec3cd67ca375de76d64b6c832d093631f7e28ea87cdb3322d9f269e9ea65c0c4690762e5e6977ca9587be1fe45378afbc5c65c49ff8f984a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bf2f8.TMPFilesize
204B
MD58f4f651e8b358791f6b51f09dac33461
SHA11108d951eb624e27b77a81d859ad101bdf54e669
SHA256106ef8c6cd33abddbed9ba71ff258d091bee941d40be716bfdc1442e4a60feb8
SHA512c0c1de69ced006ff232001edbf7a4c580de950265ec920ac8be0f1a1c164c6097a2d4b8df911897fb63378738d0a11c7b65d576e6611d5321c4d3d59fb8fe51f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD547401c5958b23b758ea03344633c4e45
SHA1d5b255d80607472bafdf8debd2b2ae772f089986
SHA256c503ac260aa0064dc01cfdc440d4b97592d43314e5e62cb789d7c20cc7bdc1c3
SHA5126b86f05c8da62da30c65a0ab6dc07a29b49e3037cddcf4dec5381e50e5adb91b3580627dbcdef5f671a2c16edb60de8847b0dd96b67ee08160489e9ba3150c69
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
44KB
MD5bd1ee48ae8ffe7ff489fcf549e94ed19
SHA1cad5d5cb1e6605431b621fd324a746355ca3dd0a
SHA256ad9356da23fde913d22aa1fcae1a5e1c7a24c5ed02842e119be4409670fb86aa
SHA5125ed289c4d9c16be3f62bdd06627639fc9ff653ba5da56daeee413294988f67bdb93a8cf358371fd61c5645addd0dbfdf59a4ef2b63269449b364de0decce08a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-walFilesize
1.0MB
MD5d1c7d82bf9de7cbb3ccf16da026c0e42
SHA141184de39bacadd41f9f5eaa16631e987fde044c
SHA256e220a4f56c50c34e5128697a46a47fa304e3dd77be082454642e500e9c7ecae1
SHA512f239c3ff19ca8378cb2417056590625a285803db6a98f1ae4bf3686a6fca3d46cb47a16765c9e4fd7d190740aeb91388f5e3a4991e2bd49284da71b87d366415
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0Filesize
44KB
MD578362a7ccd4b3c7df819f85643cfad11
SHA12877bcbd3310b698178ac5b9475ca7f138690b31
SHA2563fbb81bb7f92f1a100458cf800607e56e2c688794f358831b9cc1dfab2d019f2
SHA51280388e6c5ae6a16a6c812ca73761399b1945aa35a1faa74baf72b93a897dae91e2f16e36f1f638da2baa6d32be1ef3613267464a4caa86e7ae04647d76c02b86
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD50a675ed3d69aba796d88621f05b901b2
SHA17d43ebb4e244f99e4b3ef732ea98e05fa7cad94e
SHA256f80bc038e11feb614530e9733a368d1806a6756fa1e8dedd50c71a206f3a9de9
SHA512af15737ff6407fac3ae11f90b8d49444b77c729724fe975820012f254263a49fca11627c55a11fcd33a6fdf00d8a9ef40da606ba11e1f454dc3df3006d6bd6c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD529ae809fac29912460f3b9f77526bd69
SHA1753855b64e0b531ddc2bfc9c76dd153ce9e4b83d
SHA2560ac45e4e5034899c28485c7baf6e5a43187d0b51c98ba4e06665b229ea08e189
SHA512429094ec1aef0f3ed1359bd6421b09c57752add6537a21ae3c75794293610f5e2cedac003ddcb71053cb0f545d63a0f0a82a1c2dadf9bbee3cf03ad1698d6edb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD564d2c76cb07772f41e3c93d2df701a92
SHA1d7acdf7abb500eb21659f34464315b32e46ec71a
SHA25689200c13caf05e914aa90d7a74bd4ec68a56f3e0c158a4348c99cbf2b894bc3d
SHA512167892f0a8f9e8f619615a2e6d474e2b7d70ba804e6998962a0578736276a6b3bbcd8c912d22b422513e0131e54f4364c7a106b97b199478e363c84ac1db6d78
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD58cc7e95bf96faeb24cd1097896258b01
SHA170f22a7d8dbb5bb9d2dbc24988b1f67e495597ce
SHA256494bb4274c1cc8b55cc143f746d5dc29baa9d4de8d02fcecfd04114edf1f3ed4
SHA51262b2c4f4e38c947f318628b442c3a8ef2c99cffaaf11d1b093c11408d912e8b1806d29a69a1e0237ae8c79315e28d6b28b620511fac82c102d6e9c38c0f117bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5c6a26c3351351ab879d8837a76fe8741
SHA120564f16821179c60c49b33cca10a4190b412bc7
SHA25606fcba8ec557f272ab14dd519bccddc6c4417f21cf8faeb14315aa85ef6f6c38
SHA51232657d6bd73c494f42db8f052159b531ea7a30c8471e08ef407af387447da0f2a254de89e9f775f25eef3cb5a3498a7a95b68a6a7c75b600ff16d57276fa922e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5a05b4ba39d88384908abb9ec0b333e20
SHA1454c2f7115caaa1dc5c2d66a4c4227173ca1d38d
SHA256a0044035237efffc08f85add4b78b999f180b55b6d98a5acc7c14348f62f30f8
SHA51265bc996b6d9439e9568f88c68bb9f6f5d1825874cde71aaf04a640e567e6d6afdcbd0aa462a45e3fb4d40dd278ee744ba37c5d145a02eb715df8b36c4c6a7f72
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50e5702fdc25e33fa16108944410f4f68
SHA12c6ba32cbc0367b84911666f6c41311f5d4ed5d7
SHA25672f677856ba3c26ea0024bbac46ddd19d92e68f038db0da1f18dae51cc905b23
SHA512721fde12cb674360d6e89d036327f96220eb9aac58487f190c36bdc4260d5c3e278bdcdf4a8b8ebfd89c2c1d69c7625617dea81afa1716ea093a07e45aa5b695
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59f4cd2b4626accafc67fd103a7074cac
SHA10f90218cd94eab7dcfb13aa8d706f3d06e8cb3b3
SHA2568c2fb59011d1a88fbca3eb65766b99d941b6f71286f83564789e7f829c6b32b4
SHA512b4054da984b86330e0d9e087a05f2002df098ae3d093b2f385ab5fce77b8155f3980f4ea630989bb3813831eb32b09ba1a19841d07368ad0db562170ebb32e8c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ddf7a0085fb37c764e5b8d20f9bca702
SHA16c8f44560522567292b7aacc88210868e879e833
SHA2569308b7113d937cf4969736f33a0dc50e70f6ca39f5a381bd30cb4dfe65e6995d
SHA5123af61acf57d4063acf22b19b7085ee9816d619fe0338d17d355110654a480b59fe59c00a96e1cabd9636b7a9c3eaadb6be3b171a472a53fcfb5281a4e3543942
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5e70858eeb29efa951ac8acb3674ed2f7
SHA1bb29b4d618e791ab2f2eac893ea663453a07cc92
SHA25692f759b77b9f4eafd8924375283c1b1980eb0dbfab9bef4f4f428deee0cec8bd
SHA5129ab21892d71616222a706220ff9c40a8d9d4f7218030b9c69bf70e891c41741b01b1f009e5a6527cb220709cee759bc7a79cec2cf42ceb3db6dd8af0ca4cfbda
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
\??\pipe\crashpad_4860_JAVLMYOPOYCPGCLAMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e