Analysis
-
max time kernel
71s -
max time network
69s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
29-06-2024 22:32
General
-
Target
https://mega.nz/file/V9UzmQqb#yiHdxdBnKgZKIOr5a8Ka_rUojMaR6thk901zfdqCfds
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Drops file in Drivers directory 1 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 1 IoCs
-
Themida packer 9 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 2 IoCs
-
Modifies system certificate store 2 TTPs 2 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 7 IoCs
-
Suspicious use of FindShellTrayWindow 43 IoCs
-
Suspicious use of SendNotifyMessage 32 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/V9UzmQqb#yiHdxdBnKgZKIOr5a8Ka_rUojMaR6thk901zfdqCfds1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb7be46f8,0x7fffb7be4708,0x7fffb7be47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5212 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5336 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6316 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6440 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,10997288370940239782,10550235182608854723,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6000 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x150 0x4241⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k SDRSVC1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\Wave Goodbye.exe"C:\Users\Admin\Downloads\Wave Goodbye.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Drops file in Drivers directory
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/6NNYUEXAR22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fffb7be46f8,0x7fffb7be4708,0x7fffb7be47183⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5477462b6ad8eaaf8d38f5e3a4daf17b0
SHA186174e670c44767c08a39cc2a53c09c318326201
SHA256e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d
SHA512a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5b704c9ca0493bd4548ac9c69dc4a4f27
SHA1a3e5e54e630dabe55ca18a798d9f5681e0620ba7
SHA2562ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411
SHA51269c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\92b9700a-3a13-4199-835f-6ceacd43ba7b.tmpFilesize
660B
MD5ab37ac90cdecc91901394d304062f104
SHA1c85c4d513820704756461c926b2e9e6dcb9744b2
SHA256213dc8a80fc624a3793982cabc97a06b44aed6621bb9a7919ed9f98a330c03f2
SHA512172882ca78e0fb1476955798daaae6c00cf7cb4195e28f11cdfc2392aff51fb518475f655593dee40fc1f73278b5d937e4eb8ac6b7f0a2054be13e583a6dcefb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5ed6fc4f73630bca18b51a741868c1ef7
SHA16b9195b1e14a377876c33393525b2dbe997ae13a
SHA2566baf8ed15f2206451fc7f826c7c2542051502cc3679a0c839842c069cab0b1a4
SHA512804072363338e4e329062e4ae47002298eccecdcc926281aec30fc50726f7bf091ad95b10b42d164cfe44f06f32c24c0984cb916653e9d7b07aadffb9c71fafe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5831ac95ca4d219696e88f802ad3c9442
SHA16898a8745b07fd1b0a17426b89ac4a20953eef7b
SHA256fbcecacc7256e733d3dc188605be65b2089ee69d085480f7999fc838d238cf1f
SHA5126006d851d4d6be110e75862b25208f8f1ea74f83887fbd3c1aa054fe87d4ba782cb56f89e42f0c7410c8075076771d592bd2fb3901b5def189751b7b544c3b7c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5e06becb72a293ca772b17cd4187254fe
SHA1fe3e32b68e1525335591c64ac192ffc37a8f08c1
SHA2569ba9a6633dadcf018dfe9cad2a28a16f52db221cbce4270bf317a75b23474e9c
SHA512156a20302768f5856bbe6d699dab01155f9f078ba8ff7a2fb22d0ca81e719d195890da24d62eaf551692b5505d36b8d8b5eb03a6dbff7cea940f1ee4cdc54bda
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD581f4463ed155151053ad2949557a22c4
SHA10ea09e959e243b230ff7b5667a71401e41a4f6de
SHA256c2d4e3ee920945a2e2f40ec97f9f630248540d93a9d34ab98d2c8cc638e4193b
SHA5126d2dd1e855e9b005fbcdb5942678d6042a2d32a9d283471390561858d650c7e2cc405476374cbaa7b8e9c3922d9f2e566af8f02373265270ce5908a5ad834912
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d955f5657c1db279235148a7f924e5c6
SHA107de4daf703236c1d99e07e8fe89c1884b7dba3f
SHA2562bf6131ec5d6fb1a20761fe5f3b6579a22f16b86b5462613ef0ff7d9fab46a39
SHA51263099088e86a2d19e24190e45d5fd1c36630bbb82d38ba9be2c5a0fbcbfd198bdbebffbb4dd356c44e0cca4496cbcbc0084d9fae6fe5f48c8d9c3ac1e6cfdda9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d6c8d05cacb690a10835ffe711ecb6cc
SHA13769e26d4137618ebf45325a8ac73007cdc933ff
SHA256665fd88fd3316cfc0d4d535f77498c05093644c5d1f04b530460ca1614381116
SHA5120407d55ad0b07539a578e21ce9e8ea3ab0a297862f8da3c9feb85fd55d010d710d18852f2ab78197b8d56b23202808d2690315abaaa2769985ff832c3263969b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD52aa19aafa6b057f6895f91f32542825a
SHA1f8a608b8aceb89121fdf98f1f600902be7ffc0f3
SHA2561336968dc87f17f19398751317f60713cd45c6e690d58976e86549f328daede6
SHA512576f7930b069c4b8b450f73db9e2d956d6a7be73dbbb9ec1ba2754170b5487d3521c6f6d0109d2c0d0d530c02b0a4703d94856b2bded7662bc25936bda1399d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578424.TMPFilesize
48B
MD55129dfa59710a97cc51bcd888e74ff39
SHA109a3088f79cdfa7ca0c397454cdeabaf20eee904
SHA256890fd8bed3e9d7bcfb1ab3dc96b9df68bb0acf4b465422b7734e7a6350e4639e
SHA5120f27c7c861764ad30b4dbb3b05381eb46bed27fde4c4003a9269a821f0a56e4c0911d3e9835e196a8d1fbe484b8ecfd744f39ab7392d010b1ee0de3e94df0b4d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
537B
MD516af2d5bb91df80a441fa4448c32aa35
SHA1bd12c9dcdf19875ba45de154c9f91e6454b618ff
SHA25672f04dfb244ef5e8fe671355f8c70b4b5cd86808120396075c7908517c4637a7
SHA512e0c1a4092a5a8a2daf16821c7c03a10e6f951d77d43c3529485553c7896ab5aeaec236b903ad38660753573a04881a68597f9bbdd3703ee375aff6990f2e8601
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58311d.TMPFilesize
203B
MD5f00fe44e71d0a6fbadb3af99e4d88fdc
SHA131ade78dbddb81a1a1fafd4f8c6fa55a1a4684d9
SHA25654fd3483051fd9518bee08e2d59c654b837b3d4f60357f0081e49d46e9c02deb
SHA5129559596dbacbfd2bca55b114eb7a8bb7323884b4f6376644d9ae808a64cded3e05d7b713678d9f35d83392318e59b31fcedc67fabf4b21782658bcc3fa0388ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD560367b5a715c81fdffb1377b87da0414
SHA122bfb3d7ea6e5d0a124df465073800570c2a1c8b
SHA2564e78b9a1da390b2812ef18dc2e7f34b84484970b0a35164feb59fcd7d4c12e5e
SHA51232a49b1ada0e5b1729f7c2902807aeaed5b652d5ffce1dbede7320d2c38aa8b990ba0e5029a173b141c8b1a5411dd01c13b05f15bbcfc68f1d1ad192de865aa5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5e7c3bda0df85da5ee52e8f111bc71b2e
SHA1a0129b0a2dd04c95dc2974e25091066047970bec
SHA256403c0ef68c81731eb58cfd1a4f3c5cfe3d9b6c1f8358db4d6cf2936340684763
SHA512f0d69263e27a6c4cbd48312bb51208e7f23a95c32f53fe96544c8e09b9b785fdbfc6540c769be747170330ec250f96af2efc49d85de488a718f178b3ef061ceb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5d3234f1fdd5ef15464bb66e2d9ba3d83
SHA1877c5cc986b8a187e109d0cc2bc4c76c5156bdc3
SHA2564498c908c37e59e7af72354d2f35a3847c3d56646e1540467e5f408aa1961c67
SHA512c7dafb6d985e5dff0bf07c75681ea9021c48a72d0e06495ea8eb39241a4f430df55e9df0bbea81564270f20cc580eb3749475f9eb73e0c2cee363fdcfaf473b4
-
C:\Users\Admin\Downloads\Wave Goodbye.exeFilesize
6.0MB
MD5b67c09157b260b02037a716d28d7c34f
SHA1a6da5549351e78fda395b5381dcf9e14240390fd
SHA256ceb6a0b8e1c27c75155ab28b9283fe488ae5daca15b0cc58ebfc009200c8e824
SHA51261cc65311af74f83ea950ef54661a5421df67026f7760e257ae3701b3b339f554ac1b42a63f2adafe142ad71a81c545b6749aac0a4f5c78eccd90d072fb7bbad
-
C:\Windows\system32\drivers\etc\hostsFilesize
1KB
MD5deca688b3a2d7e1224e65a13c66b405d
SHA15d088d911e53b05860d2294f081b7a56614c1b1b
SHA256efe68251dcfee5e61bce15c9028f4e237c45e24f23f66d0c9acf5355ba709341
SHA5128ed11f7e130d1d0d5f554849e9ad181f60d242d21aa6019307df20833e7646705716f591b13c9db0ba8643e8800816dd6b691572c80973f540fba14cc84d47be
-
\??\pipe\LOCAL\crashpad_2068_NLDPTPHMOLKBUOWQMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/5456-238-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/5456-304-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/5456-239-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/5456-237-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/5456-240-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/5456-241-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/5456-242-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/5456-339-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB