Analysis
-
max time kernel
1116s -
max time network
1113s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
-
submitted
03-04-2023 14:07
General
-
Target
clumsy.exe
-
Size
1.2MB
-
MD5
ab358e35e579eda05f2dc3d0fff00f6e
-
SHA1
58bc12198d359d41dd085b716f71421ef6f5258e
-
SHA256
07eac49eeb0a6d8353d9ea0900850b3fa1f9d20bf70cd422a0832dae500c3bf3
-
SHA512
2802ac635d41daa5b14522ccb2157017260baf85c494084db1ded6c316fe9cd53c7d1f58affbb1249d259d2b30b7c31823a533281d3d13c45f5355b2866f1436
-
SSDEEP
12288:5IvPeeTHzsAsdNhuoSUEvIDTCbcwCymt2AbtZLemh01UW2:CvmKHzgNUoSFgDTCWymt2AbLemh01UW2
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Program Files directory 2 IoCs
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: LoadsDriver 5 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\clumsy.exe"C:\Users\Admin\AppData\Local\Temp\clumsy.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcb18a46f8,0x7ffcb18a4708,0x7ffcb18a47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff773515460,0x7ff773515470,0x7ff7735154803⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3848 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3404 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7024256755752985220,5998774456321051768,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6080 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x5041⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcbc269758,0x7ffcbc269768,0x7ffcbc2697782⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1820 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2268 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=3252 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3380 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=4528 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4860 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 --field-trial-handle=1840,i,7372542699483314579,4785529075525083060,131072 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateFilesize
1KB
MD56f0543a8dd5dba769d45a0afd5db1ba2
SHA17e1983abd7cf50e09eea924743c236bbdee00aaf
SHA256a2dd270cb370364c1f6f60bccf90d99ad7c53e7cc43643e916f017987ec0ab10
SHA51202c1f23cede26e5dd2b2c420cb2af42c41388e85d69ba4df6745c0561c3c559cdc9d4a370d19e1033a3ce0669ae69f98d2e9c85432c70e3fa61629c260da85b1
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\aab7f279-f2f9-435d-a60f-0ad41e6a9ca8.tmpFilesize
371B
MD5ca8c0e38f2f5bfc1c0d80a775884d567
SHA12463561b0091282946d182bb2ac4269f486a0407
SHA256318368acda6b08788eb60921f88de7ac1cef7173a51cd02135596493ff3d2619
SHA512b6440f5ff1b9c0845f4f3228fcb6dfee4107ea182739da30f2548ec227dad2b7d378c4e426c6ead42c82fa5d51f769473dc039db9b55d35ec847e5f67e0216f1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5aaeb1f5e097ab38083674077b84b8ed6
SHA17d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2
SHA2561654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef
SHA512130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51db53baf44edd6b1bc2b7576e2f01e12
SHA1e35739fa87978775dcb3d8df5c8d2063631fa8df
SHA2560d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48
SHA51284f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
48B
MD5a11eb94cdd27a98acd945533862d2d2b
SHA105388374a558a515152eb22837b42bfbcb35f716
SHA2561cd229c75364d3cefb9d3d05db47352abffc88e065456f1616bf7b04832c9612
SHA5122beabbb63ce0e94c62ca72d75b861f3534c0360fe7ea930464062004d2271490c186e921b3dabedc7412227756b0cf3cc28c783b5538e42690106a3b97003f03
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD587d5e2b4db2ce9036bfaa9773de336d3
SHA11f45772e52814f08f3f6f821cfd139b86639cfb3
SHA256ee5d5b509f7a94e404a6f6a127447b3e542f3e672992396dd9eae3b371bc0eb4
SHA512681d8d4b25fa82adc108f039b731b7d24aabcac98d85cf2059d8667aaed9c48e16ccebaa280636493296911b880f339731a2f0810035846162bcb491ace83242
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.icoFilesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnkFilesize
2KB
MD561064c073865f638c923bd2833138635
SHA150d676c3c7004c99e81d0aa9d721595eac6ea01c
SHA2565f2bc0c09a82254f2592e4924a7fcdcf60d81cb75dfec8d1983fcef58d8dc5e3
SHA51240bb4463e6472b4d7d22655ad22ab97487e2327d171cbe6c73a835e4232ef142c463e64bbb778cebc79e422882a1662fced930bcd53d1a1f6e6c2529bedc6b08
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
530B
MD52eda9df94f3dec05fa7f33352d95e5cf
SHA1f3286cae1980faf664c16f79f5bde7ca18afd9e7
SHA25663a7193dfbf36e64670fa175ecceeaf60597f921a01d99d86f547f127fafb722
SHA512419a716fbd53e4478dd36e1cfe26017257b74020b5aabe00ccd38a8e707f72daf3815660a87512b8b667fe6f5fee986ba62fd06994476585e91530ebdcdf45df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5293fc48dacf735b68f30e86a95c6534a
SHA1a6681d187faac643beefee128aecbdb25aab988a
SHA256f9e70bfa4633719a0af80944766f20f5f2c67e6013299f9b37a74ea51f1002df
SHA512ff4b8003d71372231dd1553ac066aa29d030f4e8f53cd2a060c951078f6e30e052681f6540eb76ff57b8139afc3b1d7808f55ce83f17ce0ee402834206b2966c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5f26c4af7e692dc642280fa60a1a8ec52
SHA17427d342e9ac4e7b9855d2c4d22a10712bc9a8b1
SHA2566af7ca674b64ea40d73805f19111057c809fa680d7f26cfea3dd54ceb1bd43c2
SHA5121e851c074aac2a804322bc5478bf21f22978d60b7ac54e8043240ffa8118b75465776c48e6b0e7fbc85736b20f6afce9a452141e78fef26e9bc9b3c70dbb4d22
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD52171801b10ffd63eea5419f52aa83270
SHA1dc049d6f1590121f6725be786cf50405089306ff
SHA25674269cbd640c8a777d5d6efc29bab7f157fc60d4d936ef00528240a50390aef9
SHA512d39369c798946f2867a6a54ca0d695cc37e32628dea722d5c0ca3241312ff651ef643b7054ddb4ff7bf47f303cab54998d2580e86d4d027a3d0dfce5b9a28bf5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
4KB
MD57dff14f021c480f6e0504e15071c0e6f
SHA19f0a51a2a150ceac688074c0a36431e35864b24d
SHA2566ee4d8c3a1bbc8edca3d2b9e3ea11a1ed67702bbac1bcfbe3e7c7a10d3c1d964
SHA512cea4d47719c5f2f2c52267ecfcbeb9055cfac777c19ced59b2bb5e1a4a5f25d8785d530321629704b460d642d6d59d9bc1ffd9f442f2a9f7b6881837346e5fb8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5a7e5aff2e552b48dafac6b1805a1fa3a
SHA1a59804b5bd8c746adc7213c0cde8559e069d913a
SHA25692b3228c2ef6695fc629c4058a303fa5d1c0d8c2821dc8418848a112d50123c8
SHA5121a3ef49ced05843466920ccdc31c9c36e842c581e834a740f6ab908bd0325cb52f7aa227fb2294d22e6a402be3f08e8f87ed602929d44ed8427313dabc27753c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD56e63586dc8e1e6630b1ed2da994a0e1e
SHA1301eb2cc539cac827bad33eb1b7cbe78c7940f00
SHA25643dba512223b56378e0e1e62c368a03ece67e64182b7767327cf2014a9392f04
SHA512026b581f5cb08257730e670e81c9696b50f73a4d423fc097112d0231c33e6faef64e5bb20d30fa54a2b0c1d793b886a928c11716219c70c3e9274b0d5eb1ecf6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD523a0c9b45b0d5faa99600eb3a58d5532
SHA1da9b0661c46679d262ce1ebaf7b4c24f597ba36d
SHA256dbb6cadab2ec21d9de684df4522dcb16637865f39d38602ed78590608046ec35
SHA512b00713f188d63cf6f32b630c90c3549ecbbe1333e04f3063aeb210a3b3723ec739d225e933df9a1091785dc8a24f6ca2efc5da08b4ab4f4adedc430a1ce7b4a3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
24KB
MD547e94a96372e6f095b8a3fd7edc48ec0
SHA1377b68f34e5964ca8be1b1b0c1507dd7f0e5f005
SHA25615c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e
SHA5125bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
13KB
MD5519c90d93d71960d29cdc9d17bfe2a5e
SHA1ce9d1bfc169fc9104f3ff5acc1b78cdd46c9c5bc
SHA256d2667d4ef2fade50513326db38ffbc522c1dbe3b11c0b48d4b772f12a0fccb46
SHA5123d389d2da80c00352a9d1b8aeacdad840a3230e8b2538f5ded3fd9c80be2486c41e485aadf8d46d8f7e84a595a70a37742e36e130b2951d866ae60b90569b89d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
13KB
MD5922024223d4d3e6751f9504b993d7a2f
SHA10966a9c3cd8a7a8051aed3f3e78f86c8678caf88
SHA256bb4274d903879f3140d9bbc85fe7b90966d63b73a3060cd78dd78fb0f80d50ee
SHA5128bda92c21914f85a2792b332c24eec490069f425e3bed5df569812e14c3a29714317fa659ae2e6605d51e61a16cc30332ed504de0d1df1e8c6946874f42797af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD526fec803c5e32c821e9700ef7fc8ba31
SHA1728c023fada0f8da69d2402b2c7c6f670fe60238
SHA25616cc37762253845dd976f10351109735ed3c6c5fc18f37592a5afa81ed4622e4
SHA51290b134ef6dcdd577f7f9c17a8c0f74053aefc8dd1be0ce27c0c045973fe883821d1c5e8693f52f1c42258472a538dc1f57db3969b6b6d796d3017780d430a59f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
9KB
MD57e753847bc6a639734573839591e9e32
SHA13599e00ef94e272008b38241002421f04d6db749
SHA2563f9623f7f291702d0868273fa2331319770b68f0cc52eb4fcff11593b4d61ab4
SHA512e62c39f58b0d559a4c55b6d10b5db88b2230674b4a368d6c917b9ca3886e797991f5c7c426c3a78719116a79f2a82c444146a31666f5d4bbd6b91b71d8ff6fea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5da68e801b6e13e0b33ffeb82a6ded417
SHA1d5916aa8c5cbdacbb45ea1be78f506e37832c105
SHA2562e59b13cb5be23b13ac271e6f632319184cbed63a0dc18d06d43e62301ef7911
SHA512ef7b7b9b428c6b832c88fda734e1973f4711abfce21bb0b192230472898439e44c0df06686fb9b22a9bbc9c03ed6d223562b9f29845e30237847911999f7afb3
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
3KB
MD501b1a75a44b5456479f88ce4e110f2d1
SHA138c2565d4c92671841c8aaf033745b72b9c9a31d
SHA25639b726b0e45da76d112cb0633d733bd3cee879c56562edc22a6734d450e2fa34
SHA512701879b3a184d8b1016652948f0f1e271f7fef4c9dd31e407094ffd5d206c4458c15dc5102d13ed72ef1d7e243419d303776ad75bccb87e89ecca81f1f47ea11
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
3KB
MD58026688ca7a6e3c8e0a68c17a4bcb08f
SHA1e77dcb7b27f0e0c86e92e7f5561dd8bdf9836858
SHA2565205d6d15f7cc7c2754c5bb54df3fa3b7fb0469278961e74843170338167feff
SHA51265f9090ea5b8d7e26033555f6a70bd43e96d9621c34bc78055486f88022f92547d9e3bd59f326e1eb1d13201311227ae756cf42e456875e6cfb09a8d48d75279
-
\??\pipe\crashpad_2308_JLCQEQKFCCIBTHSVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4724-179-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-181-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-191-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-169-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-167-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-157-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-155-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-193-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-133-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-143-0x0000000000400000-0x0000000000551000-memory.dmpFilesize
1.3MB
-
memory/4724-134-0x0000000062800000-0x000000006280C000-memory.dmpFilesize
48KB