Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
02-03-2024 20:58
General
-
Target
https://steamcommujity.com/104923960430529
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: LoadsDriver 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 39 IoCs
-
Suspicious use of SendNotifyMessage 35 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommujity.com/1049239604305291⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7fff7dd746f8,0x7fff7dd74708,0x7fff7dd747182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1920 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6372 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8089413206869869025,15999488947092896028,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\HideCheckpoint.ADTS"1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\SetAdd.vbs"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.0.1503035982\210136666" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3183e3e-9ee8-4bf6-9267-4637711f9d0d} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 1948 22bbf1d3e58 gpu3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.1.1031138231\1207165615" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6505448d-fedb-469d-9100-ccec7640329b} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 2348 22bb2972b58 socket3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.2.19594746\1703898453" -childID 1 -isForBrowser -prefsHandle 3108 -prefMapHandle 3000 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {caa5276f-1f9b-42af-997e-505d1c32a58f} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 3308 22bc3397858 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.3.583028368\1770245369" -childID 2 -isForBrowser -prefsHandle 2980 -prefMapHandle 3004 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90123b2f-4149-4fce-8546-f49f49293267} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 2992 22bb2962258 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.4.1998696669\12314520" -childID 3 -isForBrowser -prefsHandle 4400 -prefMapHandle 3984 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {861a1cc7-0444-49a5-986f-eacd9af4ee52} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 4408 22bc4fb1e58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.5.1804948141\1179268832" -childID 4 -isForBrowser -prefsHandle 5208 -prefMapHandle 5200 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {454d0ca2-6cf6-4540-a72e-ae3750eae426} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 5216 22bc54dae58 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.6.1204126133\1132050574" -childID 5 -isForBrowser -prefsHandle 5368 -prefMapHandle 5372 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e493d47-d30d-4a7b-9a49-ecf8a0f00695} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 5360 22bc56a8458 tab3⤵
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4204.7.777434528\1867920670" -childID 6 -isForBrowser -prefsHandle 5556 -prefMapHandle 5560 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1404 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {befe744d-c1a5-422e-a95f-e34c11d69d36} 4204 "\\.\pipe\gecko-crash-server-pipe.4204" 5548 22bc56a9358 tab3⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\54ae3454-2eca-488c-b63f-a483ff39c601.tmpFilesize
12KB
MD5e8e9d9ddd745724b2b3501f7809f5d03
SHA17344c715d192cc9751c6d89f386c2bbcbcc4fad8
SHA256bf9902abb1576ad16d87d71863849d4d0ae35d75dea8aed3d9ebbeab0ea1b3b9
SHA51213cffaafcbc64deba2de04a3536b71334818cbd14eceb61da7543a00a0f43493cc80f5c5dcb54f4e73ab730b1cc958a5f068dd78433428ff6ca8024741150bff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59ffb5f81e8eccd0963c46cbfea1abc20
SHA1a02a610afd3543de215565bc488a4343bb5c1a59
SHA2563a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc
SHA5122d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5e1b45169ebca0dceadb0f45697799d62
SHA1803604277318898e6f5c6fb92270ca83b5609cd5
SHA2564c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60
SHA512357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
456B
MD5cce5aae367e4217bf51ffe4ba4b5a4bf
SHA12eddddd54475eedecf6ed5a1ada0db1cc478c966
SHA25687a97a8f1ac64211d9e07724555ef36d4c60acedb7c6e56fef40913ae6545fd2
SHA512fac169ee99fe456e435dad04bcbd6778231ec6c0c444140b41c1f8a915ea1ae17add81215a473b0613608c8efa24d3a74f8b53d35174ef0a26190529bce78bfa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
938B
MD5b422367b55fe9ff54d5e5ad754836702
SHA1f186cdaa19715aa8c5e8cc552d306c5692777805
SHA2568415a2355274f25a48769bde654e42500ae56c846850f0b1afb1bea193b6e3a6
SHA512bab75cf948685013f04be64dd1a1ecb5bf123ab45f9c4ed83e36cc8eb9b1e60bcbd42525049f6beea98b78382d5ebce057b3ee6a2f5aa04e1756377a54aa8677
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
788B
MD5b2236cc353f2eeec98a736a25f0a57f0
SHA16ff4bb20c97bac3a55c3aaaf347217e6e1036a61
SHA2566bc199af5a4edb9bfa78374689a2db935a6f30f0d8eba01e8faca6cf6fdb0d50
SHA5127467e8df0e32f1a407a6b05682edf93461141eb75c35f9e012aa5e264345abef1eaa0ef455337017831aefda832282af63bc29a3aeb8bdd568759430b3aca1e0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5d07506a95e1ebb16027aeeb9f1f0abbc
SHA1c1191fa20f70856dfa651f44232085007243c257
SHA2565d3d6f1bf7aeac05acfc05778a72fabc19accf666e63ebea26b3a3732b04c23b
SHA512a6940dfa347e21246a1083a66a3303388494624857d85164d52c5ce69f068cf09183c82c919b3a4423f2bfb903b56b4881703db6472f43b73988d821ee6e4f8c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5414c871108d362f19c71dc7bc5430a85
SHA11fa4e8377fdd21e7eda66980c935343c6edd177c
SHA25663e3112736423d880f2adcd8422c7040e3fa6d7e41daeb56f5dd66a819d2072f
SHA5128b75964d49d82ab72a38e36e33407d6e6198cbffbaf075367d664c4f88e66818a084fb5e6de555712164edaf68902120b693b7e4db64bad908522a74e9fa8c47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5755e2909de659e85f596362d4223e1ea
SHA19ba5b73190b706698f8457a1deb5fdc4535affb4
SHA256b61e6b2a84fc7af3a1a5aed40e84e889d396b331f3c8161a08df375e24243559
SHA5127dd622b8ac832ab3ed26717aebd42221a5b9eefd3224f992e99392fe057f2529a9837b428bf0bd2bbcf797a4e8c60291e090830337b4551d7a588a65af020cf2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD550ebf5e58b969d747fc0662c2b95a5ce
SHA18ae79475eb8903077bc2ebb30dbc894c5d47f7df
SHA2565d21ceb72382df5ae001dc7c623c6345551971e258e06936f714f4390732ec7f
SHA512c3c37f6aa5bf7e2d1e96003ea47283db4c9ee5fa54f540a39f65b9285d4b32841f2e1fd035b3f7228e2208d69cd7d83984799d10081938801cfdd6b2950bf63b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5074a0f85408819c066e4bf3cd420c3f1
SHA1571a8180e42f63cfe03f4d051cdab237bac64b4d
SHA2565435ae63bc5053e1a4758c3646a70a691d542c2d269d84976b70eda9674714c0
SHA5124d63eded3bfc5cf89dee7c1d03d649f61f0f79a30432163c20de1edf1536b81abd5bc449bd03dd67411551310d692edda8809a961e239c67bb777d75e0f83dd5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
10KB
MD5e36a787051231ccf87bb308bf2e1620a
SHA140601e9c46146ad8ffae1995af39f34dd28b8e8d
SHA2560de2deaa0072c7009662e0769edc0af72ee3256759005399a272c71b9c347833
SHA5127d39c60ae1bafcf661d46ac373fe69f073d90bce27a7c5070e5bcc584682acea376c32be09d3ba220ebe6471a218f2af3e2795a4c490bd0e4aec12f252560e50
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58d5b329f0644f51420bb784669925cb5
SHA196d0b9950bab8e4df5fbe5b285bf00822bc6f8b7
SHA2560098d1290612b1cdf468a9427f018c2778c9a37f7417622ff8c8a6e8193d71a2
SHA5121045cc508b248a3f9d1a195114fa87e7338026c1284f35d4590977d0bcc5e1fc353449c75ac01958626be881f6d6964b68db59ce70885a2f1cc181f5fc006f8c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
540B
MD5d4b623e9436b754bea9644ac8b875ad1
SHA10d6440da88303543d0dd51c5e922b9413a28d89e
SHA2568ce3ad7f5e4104e2f153abfd4f0fd5665b93ede85f54173e25ca10227325c2ee
SHA5124a8d573b350486263238334a7fd51a2fd7698886db383b7a440a2985fbb04067480cb8b014731ee0005c503c61cfc0a2221327dd706422c25878cc49006ea794
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5851c5.TMPFilesize
540B
MD54c8a70144a9b11b96f8597ed6e1c44f3
SHA1ee2330a593f0871ffb7e1aefc580a48102e1bbc2
SHA2561133b87b82cca789938fa5b43a2da86247b3abae353de8093c5760b2674ae0ac
SHA512f096752a2153dee492df3e4b55a579cc6976efb411bed42c9ab36d519eec6a56c3b7bdfdb7914b983eb4142d2a6f9cf0cc399268192c96f780b09cb85a5e28be
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD59b125b7530206bcf668f61a4fcb34023
SHA1f5404aba10b4bb498eb09f423fec90155aaff48c
SHA256f867a01a8b33c1cfd9b7630b1e8047f351c810c89b2f78adc42d8637504e49fd
SHA512399e65107ff57020495b3d2acb5fa989d92892991bbee2e6fe413e0c1ececacbe33025a506edfe9a19a3c55acbdf4e9da253000bb38f696115c25e0f68fd1d29
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5610fc15a9f28a4af06444a6912710dfa
SHA132b8641180ec36479ebb21a575448166b58c93f5
SHA2569d5cb35848e24bc955f0704b8349e35e04344d9b4540f9c8a38b615ca54c0803
SHA5120907c8a3bc307384b64d5cd3a20523e959139c37f1c150406c6b16b3550f8c32b47c79801c0a2c2b1dd661a8c24893cf22311f3155b3494bcf55bf17b104024f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD566bf10c9c477a28eda5f5eac3ff25290
SHA107aed10f11c4dabe7ede1b817bc870a6c14d6635
SHA256114ea95a189e72ccf37cf6463808c5b1be57fc397aabd1648e5c0ed13c90cce9
SHA512ed24f7a221eaa38783cf3a2886c53c40e48c0ede56a78efc94496573763d66b5765a7866c1b6763024bd1dfe1c6378d38410b1b80a4523caec4cbde2142200a1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\15485d5b-8df6-4c36-a6c9-7f667700009bFilesize
9KB
MD57c1902c96b768884d70b30fec1972a87
SHA1184db7fcefc609dd3898a5f50daa1b59d3ff81f6
SHA256d8ff3428f890ac3b845873e219a438b1bc559955091eb590fbda588955e6ec2b
SHA512c4a5613c479961cd97e58dfd836701979da3c157547a19f4ec6a75d711463370590bf43eea700276bfc83b57c331da05bfbf0766d674d5f0926d8a0cfb150780
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0etkwu5l.default-release\datareporting\glean\pending_pings\bb40132d-832d-4f13-9a7c-9e539366a44fFilesize
746B
MD5833c5c5a58d838c3d5be6b1d9fe39a04
SHA114fd6095173bd9abaa982bf6ffdb2dd227695642
SHA25644764a42d6349683c79ff79c67963b6bce45ed47c01e555a21d7ef021b377477
SHA512b2f93da02e6f5d265d2ad3c37d0329e53fae8a41ffad0014e4c7375e017a0c18dfc2b86746d9b229cdd17d25b4e04a4322ac9c0fa760a567df62bb8859a052f9
-
\??\pipe\LOCAL\crashpad_4672_GIFYROVNSSOPRAPVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3676-316-0x00007FFF69D70000-0x00007FFF69D98000-memory.dmpFilesize
160KB
-
memory/3676-327-0x00007FFF69910000-0x00007FFF69AC2000-memory.dmpFilesize
1.7MB
-
memory/3676-292-0x00007FFF7D830000-0x00007FFF7D847000-memory.dmpFilesize
92KB
-
memory/3676-291-0x00007FFF7DA70000-0x00007FFF7DA81000-memory.dmpFilesize
68KB
-
memory/3676-290-0x00007FFF7DC20000-0x00007FFF7DC37000-memory.dmpFilesize
92KB
-
memory/3676-289-0x00007FFF813E0000-0x00007FFF813F8000-memory.dmpFilesize
96KB
-
memory/3676-298-0x00007FFF6A000000-0x00007FFF6B0AB000-memory.dmpFilesize
16.7MB
-
memory/3676-299-0x00007FFF69FD0000-0x00007FFF69FF1000-memory.dmpFilesize
132KB
-
memory/3676-300-0x00007FFF7CB10000-0x00007FFF7CB28000-memory.dmpFilesize
96KB
-
memory/3676-301-0x00007FFF6D200000-0x00007FFF6D211000-memory.dmpFilesize
68KB
-
memory/3676-302-0x00007FFF69FB0000-0x00007FFF69FC1000-memory.dmpFilesize
68KB
-
memory/3676-303-0x00007FFF69F90000-0x00007FFF69FA1000-memory.dmpFilesize
68KB
-
memory/3676-304-0x00007FFF69F70000-0x00007FFF69F8B000-memory.dmpFilesize
108KB
-
memory/3676-309-0x00007FFF69F50000-0x00007FFF69F61000-memory.dmpFilesize
68KB
-
memory/3676-310-0x00007FFF69F30000-0x00007FFF69F48000-memory.dmpFilesize
96KB
-
memory/3676-311-0x00007FFF69F00000-0x00007FFF69F30000-memory.dmpFilesize
192KB
-
memory/3676-312-0x00007FFF69E90000-0x00007FFF69EF7000-memory.dmpFilesize
412KB
-
memory/3676-313-0x00007FFF69E20000-0x00007FFF69E8F000-memory.dmpFilesize
444KB
-
memory/3676-314-0x00007FFF69E00000-0x00007FFF69E11000-memory.dmpFilesize
68KB
-
memory/3676-315-0x00007FFF69DA0000-0x00007FFF69DF6000-memory.dmpFilesize
344KB
-
memory/3676-294-0x00007FFF7D2A0000-0x00007FFF7D2BD000-memory.dmpFilesize
116KB
-
memory/3676-317-0x00007FFF69D40000-0x00007FFF69D64000-memory.dmpFilesize
144KB
-
memory/3676-318-0x00007FFF69D20000-0x00007FFF69D37000-memory.dmpFilesize
92KB
-
memory/3676-319-0x00007FFF69CF0000-0x00007FFF69D13000-memory.dmpFilesize
140KB
-
memory/3676-320-0x00007FFF69CD0000-0x00007FFF69CE1000-memory.dmpFilesize
68KB
-
memory/3676-323-0x00007FFF69C60000-0x00007FFF69C73000-memory.dmpFilesize
76KB
-
memory/3676-322-0x00007FFF69C80000-0x00007FFF69CA1000-memory.dmpFilesize
132KB
-
memory/3676-324-0x00007FFF69C40000-0x00007FFF69C52000-memory.dmpFilesize
72KB
-
memory/3676-321-0x00007FFF69CB0000-0x00007FFF69CC2000-memory.dmpFilesize
72KB
-
memory/3676-325-0x00007FFF69B00000-0x00007FFF69C3B000-memory.dmpFilesize
1.2MB
-
memory/3676-326-0x00007FFF69AD0000-0x00007FFF69AFC000-memory.dmpFilesize
176KB
-
memory/3676-293-0x00007FFF7D780000-0x00007FFF7D791000-memory.dmpFilesize
68KB
-
memory/3676-328-0x00007FFF698B0000-0x00007FFF6990C000-memory.dmpFilesize
368KB
-
memory/3676-329-0x00007FFF69890000-0x00007FFF698A1000-memory.dmpFilesize
68KB
-
memory/3676-330-0x00007FFF697F0000-0x00007FFF69887000-memory.dmpFilesize
604KB
-
memory/3676-331-0x00007FFF697D0000-0x00007FFF697E2000-memory.dmpFilesize
72KB
-
memory/3676-332-0x000001F1064B0000-0x000001F1066E1000-memory.dmpFilesize
2.2MB
-
memory/3676-333-0x00007FFF69470000-0x00007FFF69582000-memory.dmpFilesize
1.1MB
-
memory/3676-334-0x00007FFF69430000-0x00007FFF69465000-memory.dmpFilesize
212KB
-
memory/3676-335-0x00007FFF69400000-0x00007FFF69425000-memory.dmpFilesize
148KB
-
memory/3676-337-0x00007FFF69370000-0x00007FFF693D1000-memory.dmpFilesize
388KB
-
memory/3676-336-0x00007FFF693E0000-0x00007FFF693F1000-memory.dmpFilesize
68KB
-
memory/3676-338-0x00007FFF69350000-0x00007FFF69361000-memory.dmpFilesize
68KB
-
memory/3676-339-0x00007FFF69330000-0x00007FFF69342000-memory.dmpFilesize
72KB
-
memory/3676-340-0x00007FFF69310000-0x00007FFF69323000-memory.dmpFilesize
76KB
-
memory/3676-341-0x00007FFF69270000-0x00007FFF6930F000-memory.dmpFilesize
636KB
-
memory/3676-342-0x00007FFF69250000-0x00007FFF69261000-memory.dmpFilesize
68KB
-
memory/3676-343-0x00007FFF69140000-0x00007FFF69242000-memory.dmpFilesize
1.0MB
-
memory/3676-345-0x00007FFF69100000-0x00007FFF69111000-memory.dmpFilesize
68KB
-
memory/3676-344-0x00007FFF69120000-0x00007FFF69131000-memory.dmpFilesize
68KB
-
memory/3676-346-0x00007FFF690E0000-0x00007FFF690F1000-memory.dmpFilesize
68KB
-
memory/3676-347-0x00007FFF690C0000-0x00007FFF690D2000-memory.dmpFilesize
72KB
-
memory/3676-348-0x00007FFF690A0000-0x00007FFF690B8000-memory.dmpFilesize
96KB
-
memory/3676-349-0x00007FFF69080000-0x00007FFF69096000-memory.dmpFilesize
88KB
-
memory/3676-350-0x00007FFF69050000-0x00007FFF69079000-memory.dmpFilesize
164KB
-
memory/3676-351-0x00007FFF69030000-0x00007FFF69042000-memory.dmpFilesize
72KB
-
memory/3676-352-0x00007FFF69010000-0x00007FFF69021000-memory.dmpFilesize
68KB
-
memory/3676-353-0x00007FFF68FF0000-0x00007FFF69001000-memory.dmpFilesize
68KB
-
memory/3676-295-0x00007FFF7CFA0000-0x00007FFF7CFB1000-memory.dmpFilesize
68KB
-
memory/3676-297-0x00007FFF6F640000-0x00007FFF6F67F000-memory.dmpFilesize
252KB
-
memory/3676-296-0x00007FFF6B0B0000-0x00007FFF6B2B0000-memory.dmpFilesize
2.0MB
-
memory/3676-288-0x00007FFF6BA10000-0x00007FFF6BCC4000-memory.dmpFilesize
2.7MB
-
memory/3676-287-0x00007FFF7D320000-0x00007FFF7D354000-memory.dmpFilesize
208KB
-
memory/3676-286-0x00007FF619230000-0x00007FF619328000-memory.dmpFilesize
992KB