Analysis
-
max time kernel
147s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
29-06-2024 18:33
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://extorteauhhwigw.shop/api
https://potterryisiw.shop/api
https://foodypannyjsud.shop/api
https://contintnetksows.shop/api
https://reinforcedirectorywd.shop/api
Signatures
-
Drops desktop.ini file(s) 1 IoCs
Processes:
svchost.exedescription ioc process File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe -
Suspicious use of SetThreadContext 2 IoCs
Processes:
Nova.exeNova.exedescription pid process target process PID 6352 set thread context of 6428 6352 Nova.exe RegAsm.exe PID 7888 set thread context of 8016 7888 Nova.exe RegAsm.exe -
Program crash 2 IoCs
Processes:
WerFault.exeWerFault.exepid pid_target process target process 7520 6352 WerFault.exe Nova.exe 7772 7888 WerFault.exe Nova.exe -
Checks processor information in registry 2 TTPs 4 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
svchost.exesvchost.exedescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 svchost.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString svchost.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
Processes:
svchost.exesvchost.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{36BBF736-E680-4D08-AE66-D0D819410FB5} svchost.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{578D704C-9B0D-412C-BADA-5E6711EC773E} svchost.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 1632 msedge.exe 1632 msedge.exe 1648 msedge.exe 1648 msedge.exe 1900 identity_helper.exe 1900 identity_helper.exe 6936 msedge.exe 6936 msedge.exe 6576 msedge.exe 6576 msedge.exe 6576 msedge.exe 6576 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 40 IoCs
Processes:
msedge.exepid process 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe -
Suspicious use of FindShellTrayWindow 40 IoCs
Processes:
msedge.exepid process 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe 1648 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
OpenWith.exeOpenWith.exepid process 6396 OpenWith.exe 7964 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1648 wrote to memory of 1084 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 1084 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 932 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 1632 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 1632 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe PID 1648 wrote to memory of 4368 1648 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/adhrcozj0eema/Nova1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8152 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8764 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9124 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9964 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9576 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8796 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=10136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10520 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10524 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11612 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,8629897694104407748,9200823243075074597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4828 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Nova 1.6\Nova.exe"C:\Users\Admin\Downloads\Nova 1.6\Nova.exe"1⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 3082⤵
- Program crash
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 6352 -ip 63521⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
-
C:\Users\Admin\Downloads\Nova 1.6\Nova.exe"C:\Users\Admin\Downloads\Nova 1.6\Nova.exe"1⤵
- Suspicious use of SetThreadContext
-
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 2922⤵
- Program crash
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 7888 -ip 78881⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService1⤵
- Checks processor information in registry
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026Filesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD513907d1b4ece0fe92077e4b6118105fc
SHA1e6bcfa63842e397eedf07dcf07800053e40b1be4
SHA2561fe7ea4d1057d27a834f9f3766905e9030e718a00798ed1b8baf94dc565dd61b
SHA512920a81ebe302ba66365fe64059e126720ebe7d54c845054d9c5b4b675a9df850d76679172e22a6b186b6ef151b902513b56cc250776bc1afafae0ba0b71041c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
13KB
MD515ef5186f1489c58b127ca59b28f36a5
SHA1a2a27d9f30068fa37678e583f071172a3d8d2d37
SHA2566390ea00d07df008577832cdb0fedf32221bec104c3efd0c56976b8d182b1bdb
SHA5121dec76f5b220e68113a8590421b114be24dd7c17582e9abfc50a934c224647c9551f20ecc8b124493aac351a012f3da8d07c4683d017ccf66cf11ea7d7549a5b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5267cb894ce59f9d94669e838c50d53a3
SHA1027b06b673c6e2144d4a73a7e77cc7f28d45776e
SHA256498700ba5b118d34f58217faf662b60ce8bceaf92f9f955545cc7adfcb9e8c71
SHA51221692be790cb46f3664969e62c7b6f1228f42be680533c8da25055eb2be89e46c188bdf26f022a810c0a047961f0a36cce21de9cc54494b8caf38cf4529dab31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD52ddaa8f5d0c86ccc23460b20ebd4e68b
SHA1b0588fa84961ec385b39b0fa9a6867d413a5ad40
SHA2562e48bfc866278ac38c4095ead7edfc99fd300a548667c46f5fa92425e8241f50
SHA5120a12bc5a1016bea90daf98ac9440ec28aee32efa7c3be5f79685be93eb469352f68ac5fecab17c06c09951f1a7ada4f622a324aa5e3b473a7c9e84640cac8ef6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD554f1200083fa5baa4778e1ce6a83c4a6
SHA1c8093ed6ab086bbcf91fa1aba252b5329e424336
SHA256ab6094a46b6a948d6c973bea08738ec99511518ad0f48c4c0f146845bff9373e
SHA512cf79432d86bdbc2e84d0f23f93eec22755b6864bfe49a4f3a1f8dee89e667e8af33b042960c283bc947e25c5246a46a0196265b8ef1ffbb0247220207a17170a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
17KB
MD598729ad88e7f7cf47c2a8aabd1965c5c
SHA19e0e0c0b0ba1edd491b6440e37ff491f2fc11659
SHA256445d364c1ad7bf6a70cd81480c5984d2f979bb1c86e39ba5a48ce9d56694245c
SHA512bb3b78174f1a47922a2fe3e1e5eccc412e57381db7bc94c037dbbc81b0b8633ef93e5c9ed01a7cd97e1044a3279c456c38d549f493349d2a0b7e3668f9d63b3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5135427dcf6a43940344793e89ba03821
SHA152148760425f4d22e4e0fc0fd49ffa4986868f77
SHA25642e0bdf52f3f7e8924f440c798f0701dbd0f05f8f7cd6f62ed969d174110e5b6
SHA51268c3341632502edaf88efb67969abd42597b5405f0edaaa7ec30474d5f7468e7e4ac0527993b39529bf8221334b36f294800ab63d85bfffd3049ee6b3afca150
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
4KB
MD57ea628d83d5ea9a738046db8c10768e2
SHA1256be073cd5fecfd3d542626639eb14d907da1e9
SHA2560df1ab1d2c2b6e7f4a0264e87f0e851d6407d4a5ce86a25572e4b0d5c9616d6a
SHA5123176c66a216e04848460820815ee431a2750664bf393690c1a244eb8a097f8d4f8e87949dc16ec73c7dd3e36fe939ce9957878aedcb6eb0a91e81f083d015289
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579589.TMPFilesize
1KB
MD5afc125c678492ff5c9f756e9a95142b1
SHA1706bd4c684b3ce85050fa2ebe9dd691f7a1444bc
SHA2563b3c99c6ca9fcf67f153bfd6c05fdd9a93434bb43c153df8f411d9056cf6668c
SHA51203179dd62643e76bb1785d38a9e2e2c94fed01c44eab20216f9aed1039a7c4e01a8ad1df87b0526fdac27da0b7c84b72b367515e838d0cfb4d712cb30985380f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5f6b59470ccef3e73dff5dcaae52903d2
SHA19b146e73b322efc1860ae515a00f3dba7d8639c9
SHA256eba415a2fa443448fb0e93730c28f4d689796cfe560eb78c53aa356c0c0a85ff
SHA512838c4f868d2e21e967f5cc7126607801182de9cabc85c7e191a5f48f1c4e0e0846b81701dbd4f0a1a2c5b70bd6ff413b11be447a0298686b4003b95d7057cf33
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5916970045a044eda709877aad8c696c8
SHA1931e552ac5e56cda3844618e58f14c63e9e8d4f8
SHA2563a42337198c994136948498f11925e639280ddff07dc9c182ebc6633c9ab4569
SHA5123cd9ffbbc163d4721ea165e204b37f85a9177e326117898df24bfb4b5e0071e38ed116609797d5185d75b5aa6780149601e5469f7a023920172d31e07e6feeb6
-
C:\Users\Admin\Videos\Captures\desktop.iniFilesize
190B
MD5b0d27eaec71f1cd73b015f5ceeb15f9d
SHA162264f8b5c2f5034a1e4143df6e8c787165fbc2f
SHA25686d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2
SHA5127b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c
-
\??\pipe\LOCAL\crashpad_1648_AMPERPPLRZPQARVSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/6428-424-0x0000000000400000-0x000000000045A000-memory.dmpFilesize
360KB
-
memory/6428-425-0x0000000000400000-0x000000000045A000-memory.dmpFilesize
360KB