Analysis
-
max time kernel
50s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
12-03-2023 22:37
Behavioral task
behavioral1
Sample
Xworm V3.0 Cracked By ESCANOR/Xworm v3.0 Cracked By Escanor.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
Xworm v3.0 Cracked By Escanor.exe
Resource
win10v2004-20230220-en
General
-
Target
Xworm v3.0 Cracked By Escanor.exe
-
Size
11.3MB
-
MD5
87c0e0489f690aca435b7fa0b41a9b3e
-
SHA1
53e3f67c3c800866eca4d69b6d0a88913f195e6d
-
SHA256
65143d900e8afe9b3254cd47a59b127f2b12601417140149e931aaf1a3270fc4
-
SHA512
97ff1fb38f7179026d832edacfac1579bba9c1c6fd54e2928479c3f97e143a0a65661685e12227c3a087fa499deb02a7995d051a1894906361705bd8d9477db7
-
SSDEEP
196608:tlc4uM1wTF49PkNM6cyXKoRkLZvaU6ScXc4sqgCzlMNxKa+M9d:tlc49W4uNM6cyXKS4vKSoiqgASNUPq
Malware Config
Signatures
-
.NET Reactor proctector 1 IoCs
Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.
Processes:
resource yara_rule behavioral2/memory/2692-133-0x000002231C760000-0x000002231D2BA000-memory.dmp net_reactor -
Obfuscated with Agile.Net obfuscator 1 IoCs
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
Processes:
resource yara_rule behavioral2/memory/2692-133-0x000002231C760000-0x000002231D2BA000-memory.dmp agile_net -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 33 IoCs
Processes:
Xworm v3.0 Cracked By Escanor.exemsedge.exemsedge.exemsedge.exepid process 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 2692 Xworm v3.0 Cracked By Escanor.exe 4420 msedge.exe 4668 msedge.exe 4420 msedge.exe 4668 msedge.exe 4244 msedge.exe 4244 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
Xworm v3.0 Cracked By Escanor.exepid process 2692 Xworm v3.0 Cracked By Escanor.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
Xworm v3.0 Cracked By Escanor.exeAUDIODG.EXEdescription pid process Token: SeDebugPrivilege 2692 Xworm v3.0 Cracked By Escanor.exe Token: 33 4716 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4716 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 5 IoCs
Processes:
Xworm v3.0 Cracked By Escanor.exemsedge.exepid process 2692 Xworm v3.0 Cracked By Escanor.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe 4244 msedge.exe -
Suspicious use of SendNotifyMessage 1 IoCs
Processes:
Xworm v3.0 Cracked By Escanor.exepid process 2692 Xworm v3.0 Cracked By Escanor.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Xworm v3.0 Cracked By Escanor.exemsedge.exemsedge.exedescription pid process target process PID 2692 wrote to memory of 4244 2692 Xworm v3.0 Cracked By Escanor.exe msedge.exe PID 2692 wrote to memory of 4244 2692 Xworm v3.0 Cracked By Escanor.exe msedge.exe PID 2692 wrote to memory of 1792 2692 Xworm v3.0 Cracked By Escanor.exe msedge.exe PID 2692 wrote to memory of 1792 2692 Xworm v3.0 Cracked By Escanor.exe msedge.exe PID 4244 wrote to memory of 2208 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 2208 4244 msedge.exe msedge.exe PID 1792 wrote to memory of 4524 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4524 1792 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 540 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 4420 4244 msedge.exe msedge.exe PID 4244 wrote to memory of 4420 4244 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe PID 1792 wrote to memory of 4776 1792 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Xworm v3.0 Cracked By Escanor.exe"C:\Users\Admin\AppData\Local\Temp\Xworm v3.0 Cracked By Escanor.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pandorahvnc.com/2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff4a3f46f8,0x7fff4a3f4708,0x7fff4a3f47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,510797386446656294,448826835177583797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,510797386446656294,448826835177583797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,510797386446656294,448826835177583797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1520 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,510797386446656294,448826835177583797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,510797386446656294,448826835177583797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,510797386446656294,448826835177583797,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,510797386446656294,448826835177583797,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,510797386446656294,448826835177583797,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,510797386446656294,448826835177583797,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.escanor-re.com/2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff4a3f46f8,0x7fff4a3f4708,0x7fff4a3f47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,2645625388676815057,15877045789542803594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1496,2645625388676815057,15877045789542803594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:23⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2fc 0x2ec1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cd4f5fe0fc0ab6b6df866b9bfb9dd762
SHA1a6aaed363cd5a7b6910e9b3296c0093b0ac94759
SHA2563b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81
SHA5127072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cd4f5fe0fc0ab6b6df866b9bfb9dd762
SHA1a6aaed363cd5a7b6910e9b3296c0093b0ac94759
SHA2563b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81
SHA5127072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cd4f5fe0fc0ab6b6df866b9bfb9dd762
SHA1a6aaed363cd5a7b6910e9b3296c0093b0ac94759
SHA2563b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81
SHA5127072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cd4f5fe0fc0ab6b6df866b9bfb9dd762
SHA1a6aaed363cd5a7b6910e9b3296c0093b0ac94759
SHA2563b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81
SHA5127072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51d40312629d09d2420e992fdb8a78c1c
SHA1903950d5ba9d64ec21c9f51264272ca8dfae9540
SHA2561e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac
SHA512a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51d40312629d09d2420e992fdb8a78c1c
SHA1903950d5ba9d64ec21c9f51264272ca8dfae9540
SHA2561e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac
SHA512a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51d40312629d09d2420e992fdb8a78c1c
SHA1903950d5ba9d64ec21c9f51264272ca8dfae9540
SHA2561e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac
SHA512a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
48B
MD52c42bef320754fbe661131d6e0a050f1
SHA19318e004f2fdef5847bd4281530ed6df5d8040ec
SHA256f04faa16127dc6e8aa5150683ea1f69492d0254308728220487ffc457d1cd281
SHA5129abdf4858e14178682de7d030f63dbbacf0a556a6d4cfc35b76ce5ea3dfd683f8079dfc0e52d1f9ea4a232dd8fcacf5c71129084cc9168e9dbe18b8285c32658
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
72B
MD5a21c1ccae78214553abda16f3a89d07e
SHA1040baa16d94cb50cca753f321834abd15c10ec4c
SHA256ebf430fe1f28e88e4c1d48163db3f849ec64fc8247c62917ca90ba195dbff4f0
SHA512eb7ae1f766ecdbe44a16a2e99b8fdf9cc1acea55fbe3775fad8d1ad5f835e4628b9e97c07ac41fd9d5cb41e786932d1d1a2c5e3a99b5f78f1839364d62150ee4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.icoFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD55fb993f7bf04204a7848445e4e98a1ce
SHA1d4c2855381835be68848282a9aeebc4b03ac0fd5
SHA25670e995a1d7dcb3f758b988776c84da9bb2af3bb34df17a2ff1ca2692184a17a2
SHA51262379c4880e76f5768b0ccd978ab9e99239bbe8bdad8f0a3bbf29eb6a89ffc0d95d0a25cb29bf09e4d2b56cf75604b39822da6748ee2a9854f259cc92bd8f23f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD51451de0e81ce3ff6eff15c97ba05af49
SHA1529f854f88dafed946c95f5bcbe32c14f2df9f8e
SHA2563f742d67fbd406664e3b265967ca4b1feb48201fdc6865e49168f4968ee422f3
SHA5128fbab91fad48d40d97bdda1ed6b0255a79112f3022f4cc262e91124f5992334c2c73d878c918e9a1a8200426711b81e5025aedd8b50f48987032e1fbaaa268bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5210807609bffc0f5d682559a2374448c
SHA1faeb6728194864ede56589a49dc8636881b89e9c
SHA25665d3a411585c9c55c00ef99761535d40b80bf6d54722c95879c3fd9d1c685eba
SHA512cdc8d3a6901c758cad34c0eef78ab09424b101cb8d9ff6743f872557f26c25a379b37d31e618329a7fbd3ae370eab31314e6d858e9bb1918b69d3f2977b851aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD51463bf2a54e759c40d9ad64228bf7bec
SHA12286d0ac3cfa9f9ca6c0df60699af7c49008a41f
SHA2569b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df
SHA51233e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d655f9c8-78ab-48c4-afed-6ba0acd2e081.tmpFilesize
533B
MD5b630521eba12b9041a7edf9538b80158
SHA13e54ac6f8a9dde98d9202c564f730a8d01513698
SHA256459ab550a6b16842ccc0450da10a348cfaca77a435f557c55a3e705027195097
SHA5127f2cdd9523dba97aa32b750a4427439daed37fe26f02104c6b026f294cdbf45de4d9ed495a52f28cee2975f47ca6ef22b4afc5ba724392790c70026fa017f919
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD534dd8a4a0a63fac07adcdfc003d88fb5
SHA17cf2e06333384972c316a071db38f24211be2c26
SHA256f1a1e3efa314a80ccb7f4945e79997c16b1ad0a1b021e60bfc29d881bc6b388c
SHA512f40fa98197801530e218ca83263ac6bbbe503bb84a24dd8e75aeeae82f48e29c8c22ec59cef8a0638d05f1b7756d90cd749f497eb7162d15f5e5d3745bd461e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
2KB
MD534dd8a4a0a63fac07adcdfc003d88fb5
SHA17cf2e06333384972c316a071db38f24211be2c26
SHA256f1a1e3efa314a80ccb7f4945e79997c16b1ad0a1b021e60bfc29d881bc6b388c
SHA512f40fa98197801530e218ca83263ac6bbbe503bb84a24dd8e75aeeae82f48e29c8c22ec59cef8a0638d05f1b7756d90cd749f497eb7162d15f5e5d3745bd461e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD5e585415bcb9f7a61205037be8fa305f6
SHA1624b4731b703d77a0977680830225e1a6208dde4
SHA256ec6f8297ddc15dc964ba5a15c90eed296f474cdd08e2c3c077be890a7cc1e464
SHA512bc9a73cdf9cf125c3ddc6d0713e3f751e1c3e764135d3519fcf4f091e1431607f4c389489df23cd743c457eed588d392bb21b4305ac7996d85f60af72077f8a0
-
\??\pipe\LOCAL\crashpad_1792_OMEPIGNKRJEGJCCSMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
\??\pipe\LOCAL\crashpad_4244_CKKUUAOGLNGNBSZDMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2692-136-0x0000022337870000-0x0000022337880000-memory.dmpFilesize
64KB
-
memory/2692-135-0x0000022337870000-0x0000022337880000-memory.dmpFilesize
64KB
-
memory/2692-134-0x0000022337870000-0x0000022337880000-memory.dmpFilesize
64KB
-
memory/2692-279-0x0000022337870000-0x0000022337880000-memory.dmpFilesize
64KB
-
memory/2692-133-0x000002231C760000-0x000002231D2BA000-memory.dmpFilesize
11.4MB
-
memory/2692-137-0x0000022337870000-0x0000022337880000-memory.dmpFilesize
64KB
-
memory/2692-409-0x0000022337870000-0x0000022337880000-memory.dmpFilesize
64KB