Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://www.mediafir...

windows10-2004-x64

10

Analysis

  • max time kernel
    103s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-05-2024 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.mediafire.com/file/smcp2eh5rkkopdj/Sony_Vegas_Pro_x64.7z/file

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 43 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 59 IoCs
  • Suspicious use of SetWindowsHookEx 46 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/smcp2eh5rkkopdj/Sony_Vegas_Pro_x64.7z/file
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5780
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d4718
      2⤵
        PID:2996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
        2⤵
          PID:1156
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1140
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
          2⤵
            PID:5428
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
            2⤵
              PID:1832
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              2⤵
                PID:4448
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                2⤵
                  PID:1404
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                  2⤵
                    PID:5356
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
                    2⤵
                      PID:3336
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                      2⤵
                        PID:4884
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
                        2⤵
                          PID:2004
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
                          2⤵
                            PID:2924
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
                            2⤵
                              PID:3056
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
                              2⤵
                                PID:4012
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6360 /prefetch:8
                                2⤵
                                  PID:3896
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
                                  2⤵
                                    PID:5652
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
                                    2⤵
                                      PID:4484
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3084
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
                                      2⤵
                                        PID:5156
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
                                        2⤵
                                          PID:3188
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
                                          2⤵
                                            PID:1572
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                                            2⤵
                                              PID:5604
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
                                              2⤵
                                                PID:5776
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,6633079825968222469,18105169021593306496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1748
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:1064
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:5072
                                                • C:\Windows\system32\OpenWith.exe
                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                  1⤵
                                                  • Modifies registry class
                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:3948
                                                  • C:\Program Files\7-Zip\7zFM.exe
                                                    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Sony Vegas Pro x64.7z"
                                                    2⤵
                                                    • Suspicious behavior: GetForegroundWindowSpam
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:1528
                                                • C:\Windows\System32\rundll32.exe
                                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                  1⤵
                                                    PID:2396
                                                  • C:\Users\Admin\Desktop\Sony Vegas Pro x64\Setup.exe
                                                    "C:\Users\Admin\Desktop\Sony Vegas Pro x64\Setup.exe"
                                                    1⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetThreadContext
                                                    PID:1096
                                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                      2⤵
                                                        PID:4960
                                                      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                        2⤵
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:6048
                                                    • C:\Windows\system32\taskmgr.exe
                                                      "C:\Windows\system32\taskmgr.exe" /4
                                                      1⤵
                                                      • Checks SCSI registry key(s)
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious behavior: GetForegroundWindowSpam
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      • Suspicious use of SendNotifyMessage
                                                      PID:1936

                                                    Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      a8e767fd33edd97d306efb6905f93252

                                                      SHA1

                                                      a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

                                                      SHA256

                                                      c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

                                                      SHA512

                                                      07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      439b5e04ca18c7fb02cf406e6eb24167

                                                      SHA1

                                                      e0c5bb6216903934726e3570b7d63295b9d28987

                                                      SHA256

                                                      247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

                                                      SHA512

                                                      d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                      Filesize

                                                      1KB

                                                      MD5

                                                      dd9ee4891edc90b76daa2d7f5f641115

                                                      SHA1

                                                      7f6c0a6fe7edec7dca675e021c557e905dd06f21

                                                      SHA256

                                                      b52dfbbf0209e27e997b422a056fcf86104a9e010aba723755e4ee194cdf9778

                                                      SHA512

                                                      1485215ca9d11c38abc9430dc6033c98232d31142723f498bfd91bed6bb07a5243908721cb60fc98a48e3c669db9808a0c5ae9024cb51cfc11a84f9d9bb20017

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
                                                      Filesize

                                                      32KB

                                                      MD5

                                                      9bc961cf6d5abb79bb826faecbd74fd3

                                                      SHA1

                                                      f0c538f051cb9e594f2c9a590932687f2a1f9f78

                                                      SHA256

                                                      4c71fd8b496c17caf3d9e69ea1f22edffefd60f4a43c0e0a6b1a7ffed394d594

                                                      SHA512

                                                      5d5ec22aa2e176d420a59e45df3550fe1ea3ba702abb3ecc19f292fd2ef0f7418723549a8e2cd3c61093fa10bde3bf44dfb3afc1c20a5cf6610fef59cd81339a

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      e4bbb92a497dccd9164e15d348bfc2e9

                                                      SHA1

                                                      19bdc25908a4b6c2f660c78c51a6cf349aba426c

                                                      SHA256

                                                      552198711ddb3ba2dad5cb94189f7852a0306da28748da99b2cceb132aeeae46

                                                      SHA512

                                                      b7148742a713946f2b0e746c27bb10deea482be2d0ac803d0afcb923c9373f6226fb3412d50e666dddf140bd81dabf56624c00f5c7beb95d5d565f438398e56f

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      10KB

                                                      MD5

                                                      100e9f31e6fa9d2a50556e16b72d1335

                                                      SHA1

                                                      5acd6645be05bb238c9a5d6e308fd400aa35d70f

                                                      SHA256

                                                      19b55e1142ca84c84a00dee7cdf23c58af02c55b37fc0fa8de42980de9acfa82

                                                      SHA512

                                                      86d025508b55353b74f1cdf8e2f6926ff2cc504a006d49b1af8315bd95b6b6fe36ac1dd1c40670ce4a7d146a8e7f65b9a841349a0361dcb709f4bc78a46e0319

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      b6dcc748cbd89740e5b3149f4f04dafa

                                                      SHA1

                                                      d824f724b18ee7c96c7d84e711e92c57cd63b50e

                                                      SHA256

                                                      0099c19fd3a649fbbca9cb4c392b5139147fbd8423fac93e0fdcdb443a170813

                                                      SHA512

                                                      e1de3d1e5c51828785b06617384da990b53ad48342a023f099825b0cd50a318dd0097ca87ed047c55b63c9dba0996df735d2a5b8962dab06fa53cf3b05a9030c

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      10KB

                                                      MD5

                                                      691a1f54789855424ddccbf0d864b3e6

                                                      SHA1

                                                      51b670caffe7149de2345d4f0a774c7108d24352

                                                      SHA256

                                                      5dbefb3474966979d359cbeeedac0264970adfb14eeb31ca37a0d818d7eabeb0

                                                      SHA512

                                                      606208d36c59e4681f4345953093c4690438dac7186adbb012c7c7aaae3aaf8fa787427fd6c786ceedc8831ecd981a1fa1a86c1a807f1a05321d13f9f474c4e5

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                      Filesize

                                                      16B

                                                      MD5

                                                      6752a1d65b201c13b62ea44016eb221f

                                                      SHA1

                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                      SHA256

                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                      SHA512

                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      c2e6736f0ea3e8a52b3242acf85ade05

                                                      SHA1

                                                      b43ad4feb5c4c960d02f8d41bbb8d2112bc60191

                                                      SHA256

                                                      ea27f9867864dc7e673c0c48077c2deb0cbd442bf29a1d2e738d18c51fbe3a28

                                                      SHA512

                                                      b35ea1318761398ec7f9b6863dc2efc0a4bf162687f535204e023630e0e9ddcc02792a50d030fbb2fadc031367a21e37421397ea80dfaf721bcf2381a578467f

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      29a8dc2c49e830256e62f35e02ec38d9

                                                      SHA1

                                                      7155cf590b57bf19678a85bf665ded500480174e

                                                      SHA256

                                                      b60982b4f3e7df21955e01eec0121a06291c13212ed8d4eceffe98326857bcb6

                                                      SHA512

                                                      a73b257507bf5191e04fd5a7e9e20a9808d91b847f9d7a8d282e811c4af5c6aa8ef772cc55bfc945d62163615811f7b37df0ed63151dc542c83b5918ca2b8414

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      11KB

                                                      MD5

                                                      d38b957b8797a0d3327a376ffe6ba805

                                                      SHA1

                                                      1a98fb785bc47a249a2f3d6249061b68020e03bb

                                                      SHA256

                                                      a69c21539132b8053f3eb07947f56cddf4ef3fa0773017004752c718a7160f9b

                                                      SHA512

                                                      e3332daf6dbc7ee703d6ccdf52968ab7ed6ad66f5310fcce1b19b1a18bcd8086b33601b050006bf46c597584ff7c9cff1178296cfe4cb6fd6e9d35a1bac7f6d9

                                                      Download Submit

                                                    • C:\Users\Admin\Desktop\Sony Vegas Pro x64\Setup.exe
                                                      Filesize

                                                      438KB

                                                      MD5

                                                      a4aa5c8f4f8424f71ede0c1fd7202c1e

                                                      SHA1

                                                      1c1df32e045a83f88b24c43f3aeda82f88bef682

                                                      SHA256

                                                      30172460a72794deec524f276959deb76bad2894b4c79e3ad59c834e3f111fff

                                                      SHA512

                                                      b2df845f3f9e1d2cace11d5b6182d8d7855556b5f572ea133a29736cb3d69c6126b81a66a5d5f3edfd6db18bd133f34faf9ad462e0b2b969c471b28ee7473f58

                                                      Download Submit

                                                    • C:\Users\Admin\Downloads\Sony Vegas Pro x64.7z
                                                      Filesize

                                                      38.4MB

                                                      MD5

                                                      bfe839d6ecc690dd31cd381f873db731

                                                      SHA1

                                                      7449f262432eefbfb6bfbf89726b8c8695aa7d8c

                                                      SHA256

                                                      236fd8cee29f77f7c60bf53570d2ba0c6892f479e6d18b0d75e6d65d3a9773c7

                                                      SHA512

                                                      cf131f2e1d262aa4a7176576e644121cc906e30c13bf918f6a7cd4d4e60a9d4c7fd8d9ec74484fb8af168b2c58435f63eae8638ab3c1ec344a8ddc55142862b2

                                                      Download Submit

                                                    • \??\pipe\LOCAL\crashpad_5780_BDQUTIJOUATGJJGH
                                                      MD5

                                                      d41d8cd98f00b204e9800998ecf8427e

                                                      SHA1

                                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                      SHA256

                                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                      SHA512

                                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                      Download Submit

                                                    • memory/1096-417-0x0000000000720000-0x0000000000721000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1096-419-0x0000000000720000-0x0000000000721000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-437-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-436-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-442-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-443-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-444-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-445-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-446-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-447-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-448-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/1936-438-0x000001E2034E0000-0x000001E2034E1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/6048-426-0x00000000060C0000-0x00000000060FC000-memory.dmp

                                                      Filesize

                                                      240KB

                                                      Download

                                                    • memory/6048-428-0x00000000063C0000-0x0000000006426000-memory.dmp

                                                      Filesize

                                                      408KB

                                                      Download

                                                    • memory/6048-432-0x0000000008AE0000-0x000000000900C000-memory.dmp

                                                      Filesize

                                                      5.2MB

                                                      Download

                                                    • memory/6048-420-0x0000000005460000-0x0000000005A04000-memory.dmp

                                                      Filesize

                                                      5.6MB

                                                      Download

                                                    • memory/6048-430-0x00000000065A0000-0x00000000065BE000-memory.dmp

                                                      Filesize

                                                      120KB

                                                      Download

                                                    • memory/6048-418-0x0000000000400000-0x000000000044A000-memory.dmp

                                                      Filesize

                                                      296KB

                                                      Download

                                                    • memory/6048-429-0x0000000006D60000-0x0000000006DD6000-memory.dmp

                                                      Filesize

                                                      472KB

                                                      Download

                                                    • memory/6048-431-0x00000000083E0000-0x00000000085A2000-memory.dmp

                                                      Filesize

                                                      1.8MB

                                                      Download

                                                    • memory/6048-427-0x0000000006240000-0x000000000628C000-memory.dmp

                                                      Filesize

                                                      304KB

                                                      Download

                                                    • memory/6048-421-0x0000000004FA0000-0x0000000005032000-memory.dmp

                                                      Filesize

                                                      584KB

                                                      Download

                                                    • memory/6048-425-0x0000000006060000-0x0000000006072000-memory.dmp

                                                      Filesize

                                                      72KB

                                                      Download

                                                    • memory/6048-424-0x0000000006130000-0x000000000623A000-memory.dmp

                                                      Filesize

                                                      1.0MB

                                                      Download

                                                    • memory/6048-423-0x00000000065C0000-0x0000000006BD8000-memory.dmp

                                                      Filesize

                                                      6.1MB

                                                      Download

                                                    • memory/6048-422-0x0000000005050000-0x000000000505A000-memory.dmp

                                                      Filesize

                                                      40KB

                                                      Download