Analysis
-
max time kernel
148s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
29-06-2024 22:38
General
-
Target
Wave Goodbye.exe
-
Size
6.0MB
-
MD5
b67c09157b260b02037a716d28d7c34f
-
SHA1
a6da5549351e78fda395b5381dcf9e14240390fd
-
SHA256
ceb6a0b8e1c27c75155ab28b9283fe488ae5daca15b0cc58ebfc009200c8e824
-
SHA512
61cc65311af74f83ea950ef54661a5421df67026f7760e257ae3701b3b339f554ac1b42a63f2adafe142ad71a81c545b6749aac0a4f5c78eccd90d072fb7bbad
-
SSDEEP
98304:dHx3rQ9UT/cnDEuzHEAtpW1pAT0WaDMyaATQKC2witrFr9vQVN9x3gHWdFISYft4:73rpbcnDEuzkAtpWzATIaAEHVYJJmN/P
Malware Config
Signatures
-
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
-
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE 1 IoCs
-
Themida packer 8 IoCs
Detects Themida, an advanced Windows software protection system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 35 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe"C:\Users\Admin\AppData\Local\Temp\Wave Goodbye.exe"1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/6NNYUEXAR22⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe75ad46f8,0x7ffe75ad4708,0x7ffe75ad47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5252 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5220 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5972 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\WaveInstaller.exe"C:\Users\Admin\Downloads\WaveInstaller.exe"3⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1384 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,15422493033064297388,12115057764121160618,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD556067634f68231081c4bd5bdbfcc202f
SHA15582776da6ffc75bb0973840fc3d15598bc09eb1
SHA2568c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4
SHA512c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD581e892ca5c5683efdf9135fe0f2adb15
SHA139159b30226d98a465ece1da28dc87088b20ecad
SHA256830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17
SHA512c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\62cfd870-9756-4c83-8dba-97d9fc87c8c8.tmpFilesize
5KB
MD51b8ea57dfac3ae20bdd190f4768a0617
SHA139bbaf60e127462e977512a83560cf01189a2d0e
SHA2565f751daf2737eb634e4ed919b955e311fdd10290924209eeda8c7e0fe6f21db2
SHA5129a136a5770306c99c67719af9e480b6623a978fbe6509275605b48e7ca65b145abd8545ca286615482c7cbef31941aac1b57fd9c7fd1196153ad71a99055e3f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
264B
MD580eaa60099a876fbbbb0aa0c1593ff2a
SHA1c9ce44bb50ac080b948baee441e9f0f5749aea82
SHA25638b6323dbb69d66aa45f672ade210f334b084a90110d5848a9e74c6396e4896d
SHA5128f2d5d8aac71ebc6b622297bb55ae8e95616e5533857e13ceaa26c8f8fe0307b4e697df092637b4fb00f36970a1dfc658f7a211094271f4b5cb0dce9d322df0b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
675B
MD5d3ce3af59b8f2acee22bc25c9f512faa
SHA12844ba6cda9bfbf7b51fe84b3f4f2fcd7acb7781
SHA2563d94654c7945576c2334022edabbc150f2eff8d8965e9202f6dfbeba9690de74
SHA512502206f4c825ba7a144be544c56186ec9bcc871b99480ccdda67df6f757bb44d4826d666962251c52e3905fc500bf561e02670370f35f0d2f0d46b0b1c484cba
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5af4787c7b02c5b0e2ddff824acdfd3ee
SHA1555c7402eb658da17e3966946f8ad25b0188955c
SHA256c9cb3a30554dc5c5aeebbc5f664e0f2331fc550b8514cfb92dd61606db7032ee
SHA51250c86b7c69ba8dc4f535a1cc59bb8bf575784dc90699160ef6b93e68f0c54303fa1d885bf2b2419baa325390a96aa55e98a47f7ad79fdcd9f97511afadb1e2f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5db408152302afb0c3063b7e4ab6651d1
SHA1f1f94979ae23f5c4e343ae2035e77aff3e503346
SHA256b17a95fe9a6ffb2fda330deb4a90715f4de58cb8429b24b0cfd2f2ff81f4ca32
SHA5122377c16e532b11221d6addc861bd685b748123c8e739102999869877226626498aaf47da47d091e24776b84d1fa80e550ba8270847fec39ee7f55108215693e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5a5c55c9e1f0b0a13b5878374d7170a6b
SHA1b7347201f81ca7fcc08927e9f4a20e1e46415ea9
SHA256f71d8edb1a69e6eec37a685d1cf754fb8bf7e993ff0c57f28d4ad0a3b34af2f0
SHA512af04018c56fd99e48cdeb8424aae85d751dc57e52b4bbcf6c011f668636d86fbd7b6a6113528fe542d106dad9ab07047fae10fb4c7642f8e019d8e569d7d5b53
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
538B
MD5f084cd3e123e72649ed1e9e857c801b6
SHA1cf4cbf18bc1ecb057f3e70ee0ca33fe480a691ab
SHA256f63686ba7fdf0bd667b8d415c3ddbc6b183a51a948ca870c74271e23b20d137a
SHA512dd75b86b6a5e62f430219139efc42b0629434f3e04d01fc9d26a0cdaa592c8eabb94f4c4a9bb93bdfe164275a7637309d5a4c3e647b68ad92f8c9a9a8983c4ff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e1b5.TMPFilesize
370B
MD50c3423b3319398b31f05d4660f84491b
SHA1281590369c1b9653a5df29e45250fd485d6ffeb7
SHA256992e844f5b5ea619dee64808347e40d2a3e11fc2d8f4c6bfe79bd7eb5edb638f
SHA5128e8a53d6d1c7e0fae426cfe65efc33983f94134c36ab78ff0f3202abdf717a02556d1e035996b20b2b76dc49f0fa81aa57ddafdf9c4a8419965eecaf991bc101
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD59a36f8003cb65ff4b9de88e04e3a4b87
SHA13db0ec3f0a35cf7751c1633b0dbac405f1d99df1
SHA256330308579e33ca66cae59033ac8bbbf4ef3277120cc499678f1255df9ef862f5
SHA512335a67aa8abfa6bae449f3ea59a407f6a76a1694ba991a364c871c2508f1c7505e3202455422c1fbad0b6a7f452010a5e5084f6e82fc09dea2f7159b2c444e9b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5a69249db0699cb7262b6d8f894a1e3ea
SHA10761786a9656ad966ad76f33feaa43cb70ba7e17
SHA256a1d566f7a5abd9316eeb967b1bdb0417a43c2885dcf63f98d4b6c684219a9fa6
SHA5125a4e45132d3b5d414e00bd31cbeb771965f3b262b8edd0faca5d166c4a32b24dfbb9e15989a07b55b35845b773132ceef215b4831a2e2679ffd16587c4f61b51
-
C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exeFilesize
939KB
MD5258a9cae6024c91784bbd8aa5379e86f
SHA1fe1a808ba23053413359a78d5ec096b2cd540dd5
SHA2563881840473ec5286189d2fc8e85f0f26a2532890055d1653da9580aa31b2d0e5
SHA512b621ef432b430d2df0443fa0ebdd59dc7de6b32375c2fc83e8474838843c4abcf4a35f2b5f80e78911fc52336d71812ca9fbc9919314ea3b59bd26036a4ea5a5
-
C:\Users\Admin\Downloads\Unconfirmed 73953.crdownloadFilesize
1.5MB
MD5c822ab5332b11c9185765b157d0b6e17
SHA17fe909d73a24ddd87171896079cceb8b03663ad4
SHA256344700d3141170111a9b77db100f6961cc54a2988d964d34f7e1ca57aa42aa2a
SHA512a8612836fb4714b939d03f7fe08391bbc635ca83ab853fc677159e5db6b00f76b9b586bdae9c19d2406d9a2713d1caf614132cb6c14e1dddc6ac45e47f7e5a5d
-
\??\pipe\LOCAL\crashpad_2360_XPGANLFPGESCMXBSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/1168-2-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/1168-1-0x00007FFE942F0000-0x00007FFE942F2000-memory.dmpFilesize
8KB
-
memory/1168-4-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/1168-119-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/1168-3-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/1168-0-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/1168-41-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/1168-5-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/1168-6-0x0000000140000000-0x0000000140F65000-memory.dmpFilesize
15.4MB
-
memory/5224-175-0x0000000009CC0000-0x0000000009CF8000-memory.dmpFilesize
224KB
-
memory/5224-176-0x0000000009CA0000-0x0000000009CAE000-memory.dmpFilesize
56KB
-
memory/5224-273-0x0000000001400000-0x0000000001496000-memory.dmpFilesize
600KB
-
memory/5224-274-0x00000000014B0000-0x00000000014D6000-memory.dmpFilesize
152KB
-
memory/5224-275-0x00000000060C0000-0x00000000060C8000-memory.dmpFilesize
32KB
-
memory/5224-277-0x000000000B620000-0x000000000B692000-memory.dmpFilesize
456KB
-
memory/5224-278-0x00000000060E0000-0x00000000060EA000-memory.dmpFilesize
40KB
-
memory/5224-279-0x000000000AE60000-0x000000000AE6A000-memory.dmpFilesize
40KB
-
memory/5224-174-0x00000000008B0000-0x0000000000A42000-memory.dmpFilesize
1.6MB