Analysis
-
max time kernel
1050s -
max time network
457s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
-
submitted
11-04-2024 18:06
General
-
Target
https://steamcmnunity.com/gjft/742241#
Malware Config
Signatures
-
Modifies Installed Components in the registry 2 TTPs 5 IoCs
-
Drops desktop.ini file(s) 1 IoCs
-
Enumerates connected drives 3 TTPs 46 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 1 IoCs
-
Drops file in Windows directory 6 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 15 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: LoadsDriver 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcmnunity.com/gjft/742241#1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa90cc3cb8,0x7ffa90cc3cc8,0x7ffa90cc3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1836 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1968 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5800 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1876,16539888502549301995,265845715578341512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc1⤵
-
C:\Windows\System32\oobe\UserOOBEBroker.exeC:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding1⤵
- Drops file in Windows directory
-
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exeC:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService1⤵
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding1⤵
-
C:\Program Files (x86)\Windows Media Player\setup_wm.exe"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding2⤵
-
C:\Windows\SysWOW64\unregmp2.exeC:\Windows\system32\unregmp2.exe /ShowWMP /SetShowState /CreateMediaLibrary3⤵
-
C:\Windows\system32\unregmp2.exe"C:\Windows\SysNative\unregmp2.exe" /ShowWMP /SetShowState /CreateMediaLibrary /REENTRANT4⤵
- Modifies Installed Components in the registry
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Modifies registry class
-
C:\Program Files (x86)\Windows Media Player\wmplayer.exe"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /Play C:\Users\Admin\Desktop\UseWatch.wax3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\unregmp2.exe"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon2⤵
-
C:\Windows\system32\unregmp2.exe"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost1⤵
- Drops file in Windows directory
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x4 /state0:0xa3a35855 /state1:0x41c64e6d1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
330B
MD5243a2d2aa24b0ce5a3d00ae798a75141
SHA1634c165b63b11be1ef6701100c8704c0b25449c5
SHA256c07d1b1efc706976b607de7d3f91fc7c2c38e794766234634f7958d040d66319
SHA512262f6a0c65a212bce34de7146ab83261c6443ca1537db096a71720457ebc82119745e217a2beb8cbd6251fe8a9e99db842441d4db435b866aed489d923dd2516
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c65e704fc47bc3d9d2c45a244bb74d76
SHA13e7917feebea866e0909e089e0b976b4a0947a6e
SHA2562e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110
SHA51236c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55c3ea95e17becd26086dd59ba83b8e84
SHA17943b2a84dcf26240afc77459ffaaf269bfef29f
SHA256a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc
SHA51264c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-indexFilesize
480B
MD5cfe1e8d4dac7fba535572778143b5d4b
SHA10ce8aa4b672f4edf57f7673f4b04a4f5a54a49fa
SHA25680fb7cb794bd00c0b487481374cb476c04ac94198438cee7af9654f7f0178218
SHA5123b2aa87c27832a69708163d7219c6b745a6fc462296c5a0c07e212af860c689e5b55e479faf08c669e375d9dec33bd362b14f19ab68b095124513a5f7376da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
456B
MD5c9e70a945d27421d5b7cb75650155b72
SHA14d1537cd45ae3332f3118bbbe8494c825281e132
SHA256fcfc14044caa05c1719621ab3685d3d00efc8c37e71a87f36a17e7514b612744
SHA51239327588a35e329316aa0b09f2c8596fde551b509fe191c5efe0c375831f60eaae940ff120deef911314363f95150549a5e4643aa7aaa45b95a722710a695bbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
873B
MD5ad87e59f7501e3bf8bc8eba561ba4ccc
SHA16f8e12122c5837f02780ff2bc4349b0c5d235a38
SHA2566bc3b101df2e78926e36d2a983c481db41b22c8c09e6b128b507bb4a8310ae50
SHA5128fe27ccf4384e3e14584f9f35718c43feff81e99b6f23db8c88ead077564da1c6d6074c65a619e3d80de9cd6d582b4a92e5722d8af714b5cb359123af7cd8f73
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
873B
MD5f0e582f2d0c1de60bc14d5d454f34162
SHA12a6ea16558a362139a734a5def289879b59c7836
SHA256e78064738f24f31287131d480896561c0e9b5c818dcb8f13430e7a9cf0a28476
SHA5123578ecec4211323427e3b884b8d94a609faa33eb489631cf6a680e50189e22397b779c4e0b742b58001ca61b1a4d3d34a52f62670ae2f73e6838858963c4f325
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD53ffb5ace23b58a4846620a18f9f535d0
SHA1b7be60b9a276448ca15db150727c83512e2d066d
SHA2560982d7b01db145932cc5b784e1dfea2a16fde537c4f86f93b0539a040de7c2ed
SHA512591309a52d8c8522238669adbb99eca80b834fb92987750190320ada7d63ad5a55778a3d7d05432574cc94dfbde96f3ee7e837b26fc4515ac679f142468340c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51d592eecccb76beb2a506e94e2479681
SHA1d28a4763cb9a08d5d1fef848abf968e8a82545a6
SHA25684c76e4a2b2e55bc8a5b7c6d45a32ec665a53378dc13897c8f55bf6d703b3592
SHA5124243493f04227f894035891b9a85e830f2732e140e61e7c7ea730a1ee52691a93aa6267493fbc3d80db11a5cee717a2d096cf9ab9760f079e3d3595f9c744c2b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ab081208d6cc7c063a9de42e937897dc
SHA155c2f63babc2c96c4a9ed4310d81d213e97fa517
SHA2568ed8a70b278f4005baa5f315aac4afd868876179b20924d78cae616761d34e1d
SHA5126f06adf78d2572e20682255b40549e51ed848e7ee228da2944d803cef510f0092b4f96149109658b35657faf1d3561d598f3f642cfbf4b886b2ff158ea9a0785
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5463222dbe778160ce8978e8528981f55
SHA1fd03e541166877f2e4f95845ff1b572f0052c492
SHA256c1c22a3e8bafbde3cb26dcbc999ba2fa828b7dd1f33da7a17a4b555b8d099847
SHA5120572c7731280486b79c2b7bc318d9419b34719003ed4c1b55788dc7d5037104b3b44887ab5bd4bc054ae12676a21f96e89de9dad75fff2dbaeace55e90db9c96
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
540B
MD5e8f92c638b36c8f4aaf02240563d1686
SHA16c2388a6f46dc461350e2c813a4030e426e3ebdd
SHA2562544f486b8dc8578251d85ca95c4b29921c7ebe2d3d438ecb887ee06b155840d
SHA512e5da8f399ca853617fa9fc0163c3c9ddf92b1fe8891ecc74702dd7dc2787f8298056c28bd74462b2ec7896f66249d53ab90803a09c634351f143f1bb610be469
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
540B
MD5e2c822e1e0f0d96c5490ae50cdab5af3
SHA13418ea6f6e34b114f0ea848ae77b710fa5020fa6
SHA256d974beff5d7fae79c22e04d4871d2a35d9c4211f1fd02bca616c4f5e11b462db
SHA512d212875587e6d1da315df4159ccfd2eff7bb308f705f25c783cb8c56ffc823a4ebdcd9c4441d049116a0472c04e31607de9cab4c36278b5b15ba1edcc3002316
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
540B
MD5f22ac5dd8ed9dc4421bff21ea3abd4dd
SHA106726d8956fc6f3ff0af7fefbf8df635de620d73
SHA256f2bac7c7b33482e559072a5abddd09ed550aad149826239aa32e063709172c8c
SHA512f00895983bbfdb77778256a03af11e918167d1bf7402e7acf9caec69b772e2074880c338042d2cacf4bae91a9e6403893d781f3f73131d73fc9d61824cb879a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d77f.TMPFilesize
540B
MD57ddbf4ed495676bee656109fe8a7d4ec
SHA1344c9cbfb0a2218b1d0961ae6296b8caee961089
SHA256c8d3949f8c43379cf010eb140f3a748df72a24855d05942f19b84c8e393bb7c5
SHA512c3da3f89201544653ad8d8441da87663cd28efb3c80a5d34f9868d8e5ec5c150fb8a268ae6b9f70e0b2ada53f9aaeea0795cbf36bb05fabd3bed83e8ff48fbc6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD53bbca3f6ad1a8aed8fedf6f80b472249
SHA17dc5d442402a3db3e819128c15f44727ef80d097
SHA256e76288ec49be251c00f59dcb57636f2c4919679887baeae49dc49a81e7be82b8
SHA512b9ce3b797fd2fc553cbeb3e965522c17288e3932670b98ac9590f6bb80067ceccc3111b006cc76aa8e8f101c8d18ea99a26d9f614b8b10aa0a192913c543f762
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5ae5b6ab8ff42ecfe32a498057325aaf2
SHA112d1382100aaa387625725a9cfa1656f43757b53
SHA25623dd77913eb7fc1f34c6c8f64560f87e36c25b712452b41449c56ec4e343894a
SHA512dcc222adae20d0135707a8fb66693cd68b4a0f8918c3cb1c1d22a655b92bb2060cdcd401d8db3a6e10c1e454c43923d57bae2841e105f9373f39c30b0a53bcc1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51b9daf63244a46d25cead85f74827832
SHA13ab8574e81b42cc7b13032060da85780f35f644b
SHA2566500dd4b6b076c50c3c276688bbe9fb3df6be8db86e03e77503b2cee83eaa9ba
SHA5128029951d288ac573d58f89c973e052281789e5fb0f03ec7f8862a11016d15854863116b6828b3ff9322dff10e45aea7db8439d84aa9530439cf97ca8515afa86
-
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdbFilesize
64KB
MD519d78b1eae63fd95e33c36ae0cad7aa8
SHA152bbbd1abf5e05fd11b19462a54685e7ccfc2d4b
SHA25650c2e86388d63a5a5a2052f9866083e8784c3eed266f9b947b4f5772e5fbcf80
SHA51234d6dd06fc41e2a3bf026cc58e461cf12064eab6969225d118b786aaacfabaac8bd7cbc6c26ad2c985faa04f0a07a4134119d4780c9189ded6db3d0fe9b59454
-
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdbFilesize
1024KB
MD506c972b79b7764ca1817d4e47f78b306
SHA1dc044cc17d7dfb25a230fa59151249900d43cc01
SHA256c5610e69337a596827732938cf529578c5ff0a3a9ea2b7fbe1060aefd5dc2849
SHA5125b7a4f372b60086414900c989f6d6b4a81412723c0c2650145848de517f637d3b973094eb85cedb9d64829d69d4369a535b88879d8bfa741b68cf31b43d6ca85
-
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XMLFilesize
9KB
MD57050d5ae8acfbe560fa11073fef8185d
SHA15bc38e77ff06785fe0aec5a345c4ccd15752560e
SHA256cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b
SHA512a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD5b1f935cbd0a4e7baeb4cfa73725bb226
SHA1e5a5f4e788f95ccf950f745d01b8956dd14cb66c
SHA256d7f24ca6d10c289d45cce23f5a19cebc0ea2b9c6b867f6b4b23c4effb08180a9
SHA5128891f8904cf16da4ea8ccfc8bb993b6c0ad3beb7c146765d22e82388d2c4f4f01d84c2979b05b6c4bf11e1e93430454cc83dda012010ebf3369d94153327592d
-
C:\Users\Admin\AppData\Local\Temp\wmsetup.logFilesize
1KB
MD5374635735fcd0ce7ba3a4a4cee68ba81
SHA1785895c3d5fab14ac2a73f87b21f3cee27876b12
SHA256f60833d821640e5ffc77342e6bf8c100484a96aed9fd6ef712517087b3168e9a
SHA512857481447f199b3e464ebee760fe008bfc6d74a438b72da15f3a9db79a1439c8f8f6af528e0a6a984cc65f9b4e4478a071ee8854ddbf81ef162679bcd4ab1a7c
-
C:\Users\Admin\AppData\Local\Temp\wmsetup.logFilesize
2KB
MD51344c3605a658bbd4acf1e1d6b9973f6
SHA191f93280079dfb3024e701fbac1d7f9063771d96
SHA256fe3bd15eba840b89152d0d238130dfece133670b0c1469469c5e5d0fb74c87f7
SHA512a7bf280a7c72eeb9257a6bfb47bde941b9cece4f5b463638a6c481acbd918d76a16cb2ef16baa3ac8e96b9564bf688f49394375a6b3456ffecb621537ed82d0b
-
\??\pipe\LOCAL\crashpad_1200_BEIYNGCMKLNOEGCXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e