Analysis
-
max time kernel
1800s -
max time network
1800s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
27-02-2024 13:24
General
-
Target
https://steamcomunnutiy.com/gift/activation/feor37569hFvrba1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 27 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcomunnutiy.com/gift/activation/feor37569hFvrba11⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fc0346f8,0x7ff8fc034708,0x7ff8fc0347182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3544 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5780 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7412 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,12032638766836332043,10749794978860158227,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5936 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x320 0x2f81⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5cbec32729772aa6c576e97df4fef48f5
SHA16ec173d5313f27ba1e46ad66c7bbe7c0a9767dba
SHA256d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e
SHA512425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5279e783b0129b64a8529800a88fbf1ee
SHA1204c62ec8cef8467e5729cad52adae293178744f
SHA2563619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932
SHA51232730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002eFilesize
121KB
MD52d64caa5ecbf5e42cbb766ca4d85e90e
SHA1147420abceb4a7fd7e486dddcfe68cda7ebb3a18
SHA256045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f
SHA512c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002fFilesize
119KB
MD557613e143ff3dae10f282e84a066de28
SHA188756cc8c6db645b5f20aa17b14feefb4411c25f
SHA25619b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14
SHA51294f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c8Filesize
195KB
MD5873734b55d4c7d35a177c8318b0caec7
SHA1469b913b09ea5b55e60098c95120cc9b935ddb28
SHA2564ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d
SHA51224f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000f4Filesize
1024KB
MD5089c0e843de55d450f24071645e1864d
SHA1b75ef14b4042092122044b6caec14bebcb335ee3
SHA256668534ae7f045e649c8710a42bb690312b016d296e3ca108de33ce9619116dac
SHA51247e9b63c81b06d24aec6182f2fe28325f6bcbb0b11fb9dbf81cbd19b9d4f803bec97f6bf6c7f23ec9fc3b8d0321adf0dd9ba9c1901be54c5f036203cce3af8a2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000126Filesize
16KB
MD55f5f63aa463c2955a554988b6bf7c629
SHA1bd59d99fe45d8cad9509826c57e38fcc815fd458
SHA256ad2db311651cdb318b580ccb11093c4d781a7695cd901dd2e8ca3958faa1bcb6
SHA5125d5606f5546600d0ebc91ccb6b8860f6e2c0c76453d76900b680c12b954edf73e2181afb0f2f2bf39edba1d323b52a5b0330c1b0fbe135a8714acff6244d700f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD58c10effb9da03bc66e3b062a4ad7ac99
SHA1dc2345f18bfa565caca9100d1030af4ef2ebbf2e
SHA256da893c96e2a1d4b9acb3107a00c35cce8d3eff24d4d479023273637b8d8a2f5f
SHA5129a95f066bb3eef1ffb749f1d078c9ad93c2db6b59320dc118fe34fba18edb8943c109afd55cf22281586bb2019749dc39000eb2f30eae4d33d99861746723d9b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
6KB
MD5bb55dbbef4a5d8c21e706b7186c748cb
SHA1ff3a6f98caa793a9cda05b58d48988954ae3c4ce
SHA25610dc44eca1dcf63303ffb22e66b23d6cc539664b3604eaa1711e41c9ebb84f16
SHA5125c68a423c13620245426252c3fc76ed919b6264b8eb59d4d3c96dee5978c5eae2a65ea90b965e97f1ffdfa718beadf53938f416514794fc3bd6df3f82c500183
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
5KB
MD5d2cf062c20a1704cb969932a1a83311b
SHA1843d86835c6b7b67ee524f253c04b797f129afbe
SHA256f7ed2f96f8082c753ce4aa203bd1a3dad11541eb4520c53c7b13b3e70094b8fa
SHA512090dcd78e8e2df768665f82d8dc145958776c100cb3b8d94652ab0343b10bdb7aa25f8ab46b9129a98f8d7d2222bb839e4265851e5c0151a8d0cff9258271c6e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
6KB
MD5fb354473a16893c4b94a53b4923b7342
SHA1ec8ab5cf67e9cb49d7d1f2989cc102b9b185628d
SHA256b26394708d1927319edcbc3d288a3d5270b157f64b8c77518aeccb6713486184
SHA512e242226ba4ac1f637e6c5344b3ce8888b16e8bbc3256df55f0a730a3230df4a5b562e5b601af6a32a92c3bdf1e57ba45a4aebe8b1de099fb03177548e6f450c0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5df32d058749ba08ffe72a1046f50db8f
SHA131a804defdb8bcbcc844340a5f9ac3c5481af8ca
SHA2566916a7f5f6142567277c08d57d9ba75df00b4518c05493b96a1f483cd87427ee
SHA5127a37cb3989810ece0f69c302f87fe6240b6d622f2d7dbabb78fef30487fbdf28ef7e1178223f5ac7e67eec0dcce10ffd9a4eface1474d7ff41e5d5a1577dee6d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f20ba2b4d80a01bbd541aa8d4b5f78d7
SHA1e5875ba012c41fe27203489665dee35c0a0d6138
SHA256211fcfdfb8e95852efea28b9379cbcccbb1190d6851fd6ea41f745de0122ddda
SHA5122ddc0f8b479d7748865ce606b640600ecad9b7ec82553af32f39f394c5a059aaa7b4c934c76cffc6dbb224fe1a0a68f3614f966c9d29ee30f9f11052f1ed2908
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD53aacf5416db5aa3bd20dba85485c1928
SHA1ac9a185f894d0832729c847e778eca036bf4a5aa
SHA256e0c3dc64d1498c445d8948f89815dcace830d4efa13f8261af91dcb1cb1e9e5a
SHA512948e94c37256773c57c4c97debcd452b897aaa095bf93b1736544a42375243a6f95aa540deb72d71a7adb50be399a7abf34b8c2c5c758a460a064b682a86b00a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD510e61982923845592a32bcbd65685609
SHA117d7069fb4a6a8d13f07207e574d557d5d490990
SHA2565c233227d62ed36e3afa9a5cfef0009aa54323de1fecf40e89821a6036b13ff9
SHA5120b8e9fec6e365c4c833e3fad6f0f9e9392f0bd3c5755197bd427349e23ef2d2c9906446026d935db70125de52d8fb33cc2422b4a4da60f10e0b9869e85ce3e9a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD541e3c06f6b6e306ec180ac0ee339d63c
SHA17cd7248c4664582c957d4b9543583fac449dd30b
SHA256116dfa00eb5124566419c9acba29a783502ff21a9bdcb0a2125ec0ef390825e7
SHA5127124394aa764b07c1fc7bca96560e4bee8c4a32b65d7f2ee8788304e61b3b08dc4fea6242519c727242ec0ce9f63d2b6f1dba1244bad8b1ed951a179b192f620
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
11KB
MD558d1d7b1efbce160da655849b8f6ae11
SHA1b6c64ea62052fcb82824034c57be77b54aaa581c
SHA256bd0bcab8a9e9f925065f0cd92d8102d42c3d846bf6932f69c3a0683fd19baa06
SHA512986f85067b73ae5d2c0ab7449292f354544bc7fd7f1a507a021b62b3957a96f49c9372d22ca12778ca223d1739a7cb377c0a1ee2b76a77425be08625535e44b0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
11KB
MD55420f1392f935ea05814a1897039cf0a
SHA10e7bc5d764931b167f84e7f841a12e2a6a201c6f
SHA25692db32ee1764506171124d3160e0271cba6815f5f637f92885411caaf1a08486
SHA5122a85a0051c5957e71d3b3c3ac44df3284eb4bf8fd209f23789c0e02ae05bfb8f747e35b6f56d57433982df5b149ba901b4ffb3feb28b7cbeb9769e91ec8f02ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD588054b972da8fe7cd65ed737834e076b
SHA1ed08681f5e67004cf69002ba8f672495bd5c5127
SHA25652f4c7f097e5a81d1330388311dde8b6237bc11ca1df6d7285ca14c47369ea87
SHA512953be9b28dec7416fa0bb059b59d39886594ac7a3d488e17f4d16e3e0e7dc809412aef646ed6d500b3aff52993fc59a616d1e9dbd6949febfa34d68b7cd90150
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD552befa33f336cb053ce286462e7cb075
SHA1f6c33fb3e43583548ec3ecac69f76b05544169f0
SHA256dd167cc01f7122323c4069856cf95bf756ad972e49d5c0b9cea4fd4efec756af
SHA5120bd71c50cfe22ba22c9c11ccee83cc495040bf89c44c34ea039bb62a69e8948a890b47f0c03313b24bab6124fc09282ce6c015ac041a765ba27e1520bdc5a746
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
3KB
MD5894236701406bdf1eff42f9b6074cda8
SHA1a8c7d736a1dd85b6a19f97c78972f67a5c27529b
SHA2569f541df573278304a7865a527538e38490d8affafa0454f5013c7e8f2ea5c2af
SHA512f0b8b1e600b2ffa56841caa798a15d02a49fb576feb7a20afde91620561272c7ede88131a249bb2c17c7a8e16891391b34e04d381aadd75ef9a971e25626bdd9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
707B
MD5fce361ba42abad000d7668c264e5a4aa
SHA1790d8401af00633581a8be75ef0e4f3878f5297b
SHA256ad1f471b730a01425dab03daf93178ddf1f560120349e553272dbe4232d820d5
SHA5121bcfa4f9dd034d6fece32fed1dfaca4047daed6b1166e26ebc9f0a741ebf56a46db0fbdf1ac22c62a9ea18d8acc7c5406682043a6a047ab3a971718d643c0a9a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5a737bdebac7e56bb56b2cd571a8f050c
SHA1035282a6482030f9c8cf57a69afd7a1f8469640f
SHA2562be208ba437c8246b77717a6a92a1d8229051f0fd2cb886e94b1309cf32e9b49
SHA51233ea30eed10ec49fa81750009aad74dd188cd74fb528e209f21bb273180097989fe751ad2bd68dae7909d3e585eb75fdd44abb78a952c8d4f95907255bd0f3a1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD562eeb14f56e1da4ce5e82310cdcba42c
SHA1e93230b52a46cce86658c754bae90bfa8cc3fc68
SHA2563c730417276078851e56cbbf886536924468899280fa1a4e9ec3545ada26339a
SHA51226d0e8ea6893df603da0ace48bde7ff1d5cc99b841b69698c407ab5db02fca43f3451442b0fe2995d584e56e5978186682129cea55f3c888590670f5774515bd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579f9b.TMPFilesize
539B
MD50e8e4394b6c8dd9176bcf042a8acf662
SHA1321c23fad2a5519c08b1200ecd90e1ae5094c757
SHA256a7d177c1c33687ca74d4749cb711a86854aa99a224e46cf6b4dccb20511f7a88
SHA512e0778b231d7ca522959d7dfb9b0968d442f5cf359b430ae2c381184f9d5c373f36ed1999301429cce791fbd4cb869c70fbbeacc9a5aa4bd13bc72bc47801b95e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5169551da19e0aefa2aa717bdf9e292aa
SHA1997ff50158f1c0fcbba60ed78ec2e98c9aec56e9
SHA2566cc4ed79309b3ee87bb527147a0b69024c0c185553f2594782ea2f34efd0ca58
SHA512700cd748df2a4c641b20c2d2610a6d8061b3d31736ad2348c8e0b71024af52e8490ca96f0faa739d4d1d4dd60d34ff2c0f847e2a32bd5059a3b7a475dde513af
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
10KB
MD5ea8dd139b942a08ab4ce71f887289489
SHA12a242fa434efdc8d29bfcd03f4c21858b90d80be
SHA256eb1be697ad9c2a67a1a72c6bae19cf86b8289ab80e252e09ac7c07defe86a08a
SHA5122d6cf827b469ac3ec69056386431673d90ab1f8b62f54face2389ceae8858a0f3d79012d071529161e6e352e5f073ba9a32395a2cdfe0f6e359bdd78d12c4c05
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
10KB
MD5eba8139dc728cafc119fa9ec6e717af3
SHA133b990b15f2f24afc1189f1336e8a8fbbcddde2c
SHA256aff22ee4c137b54561c418a93e4bfbb807134b26da89a4dd06f35af734242b0a
SHA512438576c8c3e26331fe2a1f7a4e89eb7ebcd90cb4007c86ccc34579e3ac31ba49e8113c77429b5cbc03d99ba73881437d20ad010b1edaeca7f4270e88b44aa6dd
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-msFilesize
11KB
MD588e49ae0d2ed2629425a00eef547d14c
SHA175e5b728b1fae3418a91ccad2511e1355b476c8d
SHA256a8d852da62d5851377c6906c16861985e0badd53b1ff370bbd8fb4f953c9f5d0
SHA512f5277f9b336a51c282f4d3eedc57e2c0de92f1dab2a2dd1578bef94a8d04280600ee3b6656a2afa847afcc00d46a4e1f48735d4feddfc45ea5eee6b05105ea55
-
\??\pipe\LOCAL\crashpad_4500_AXJWOZINMGPEWLKTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e