Analysis
-
max time kernel
50s -
max time network
49s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system -
submitted
08-08-2024 20:35
Static task
static1
Behavioral task
behavioral1
Sample
tata.html
Resource
win11-20240802-en
General
-
Target
tata.html
-
Size
146B
-
MD5
9fe3cb2b7313dc79bb477bc8fde184a7
-
SHA1
4d7b3cb41e90618358d0ee066c45c76227a13747
-
SHA256
32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
-
SHA512
c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 3 IoCs
Processes:
tata.exetata.exetata.exepid process 2944 tata.exe 3536 tata.exe 2952 tata.exe -
Processes:
resource yara_rule C:\Users\Admin\Downloads\Unconfirmed 614814.crdownload themida behavioral1/memory/2944-83-0x0000000000400000-0x0000000002E58000-memory.dmp themida behavioral1/memory/2944-116-0x0000000000400000-0x0000000002E58000-memory.dmp themida -
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
Processes:
msedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\tata.exe:Zone.Identifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 2 IoCs
Processes:
msedge.exemsedge.exedescription ioc process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 614814.crdownload:SmartScreen msedge.exe File opened for modification C:\Users\Admin\Downloads\tata.exe:Zone.Identifier msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 2916 msedge.exe 2916 msedge.exe 4748 msedge.exe 4748 msedge.exe 2320 identity_helper.exe 2320 identity_helper.exe 4404 msedge.exe 4404 msedge.exe 2824 msedge.exe 2824 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
Processes:
msedge.exepid process 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe -
Suspicious use of FindShellTrayWindow 42 IoCs
Processes:
msedge.exepid process 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe 4748 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4748 wrote to memory of 572 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 572 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 3564 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 2916 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 2916 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe PID 4748 wrote to memory of 4152 4748 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\tata.html1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8ea73cb8,0x7fff8ea73cc8,0x7fff8ea73cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3012 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:82⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\tata.exe"C:\Users\Admin\Downloads\tata.exe"2⤵
- Executes dropped EXE
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\tata.exe"C:\Users\Admin\Downloads\tata.exe"1⤵
- Executes dropped EXE
-
C:\Users\Admin\Downloads\tata.exe"C:\Users\Admin\Downloads\tata.exe"1⤵
- Executes dropped EXE
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53e2612636cf368bc811fdc8db09e037d
SHA1d69e34379f97e35083f4c4ea1249e6f1a5f51d56
SHA2562eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9
SHA512b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e8115549491cca16e7bfdfec9db7f89a
SHA1d1eb5c8263cbe146cd88953bb9886c3aeb262742
SHA256dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e
SHA512851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5317d5b7d7b496a02eab5467c362f2342
SHA16083d6b185847ffef7cc4672c6a2b880f129344c
SHA256ccece92b1ed356be5499203d28035eb0032fff39f8d15692dd111c6f4c173923
SHA5129ac40c97be1bac42b1c27060bede0a1d0dc1fa6f19937c8077e7278c7c9c11b69d6a9d2eabe7c8204b75f12d8f8f3ac3d3ae3751e6b380d194bd70080241aeb8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f32561a524bfa10b30d72b54773086b6
SHA1439d1b284d3e0cd53c771a15344bf2d2b0d7be56
SHA2567fef4f7d87a21fe3cd027f3ea368ae35db970a060414e3806d1a5ab7a858443c
SHA5128a28a479529e9a5aa7e024d8908c6a903adbdca20a9ded747ee34d149a62f07d465b8d169206d68be82d3f1f842f040228d2ae4cfa93f096cec910805f5d094c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5fa5b62bd7e74841c84f43f01d78f2765
SHA1912abd234adc7aae6c09f0fddac3bd552f74b2c4
SHA2561afb13c46e45d28f2777255b536e1f8c8fa56b96c4ba7fffc1ad27a74cb49772
SHA512568f7f1af4a7c160005298cbe5e3efa0b42626f1c0e56384346fa984b3732f179a9c1371b7318721424b84ee1a3667a888e5eefea72c3bdf8e849e74fc0325c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD563ce047676dbe5162e3cd38c0db73b08
SHA1a849c45bf0f1da4ef96328b4ec303ac028d20f13
SHA256b0d8aa5e149d035d906d15a99b2325bc7e13c67efd8f7051cdac91e023bc1e9f
SHA51227d6855f05e2f1f3ece090912c91cabf4d52bd4bd1f585ab15c5707727ca4ebe976845de689f93382e47bdda83cbedeb92b3c4395f47b2f47e2a3fa7c2fac166
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5cc4535e97e8b55e65f2384a2f1d70cc4
SHA1cee50fb24c57698aff44dbb6723518ef7656b2f4
SHA256c825964b9d4c043274e061852fafd34865cb32ca62ce11027e9f535f435c647c
SHA512f8e5b1974b86e60016c1226cbb96b990bcd0226fee0c43495b16b086cbec4be2cb1ab97a9e3722979cef568c0523c9f4eafe0d43727e292124281770a0050650
-
C:\Users\Admin\Downloads\Unconfirmed 614814.crdownloadFilesize
41.7MB
MD5fa76d2870cc344b393b82d3717b3f791
SHA15993a9b0f0ef54c9e92076d15c9a1792c6e1ca5e
SHA256630f04c4a48c8c58e99b74e546359a60fac425de6a1800b6da95bd98d5573753
SHA5120fe1d8a572fbd470dfdc08a7f6538ab9e26a67abeb27caad4f86e9f69cb5bf9f4526309c14181fe7d0d7135ca6650e945b53be26ff94a8f70f9ef4a8c281709d
-
C:\Users\Admin\Downloads\tata.exe:Zone.IdentifierFilesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
\??\pipe\LOCAL\crashpad_4748_MCJHONEDVKRZGSMMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2944-83-0x0000000000400000-0x0000000002E58000-memory.dmpFilesize
42.3MB
-
memory/2944-116-0x0000000000400000-0x0000000002E58000-memory.dmpFilesize
42.3MB