Resubmissions
02-10-2024 11:53
241002-n2j6fsycqb 313-09-2024 04:59
240913-fmwxpswcpb 311-09-2024 15:54
240911-tcmg6sygmm 311-09-2024 15:53
240911-tbsmsszbnh 1025-08-2024 22:53
240825-2t6als1gll 1024-08-2024 21:25
240824-z93hjsscrp 924-08-2024 21:20
240824-z65thazfpa 1021-08-2024 23:05
240821-23av3azamj 1021-08-2024 16:22
240821-tvn4qayekh 321-08-2024 16:20
240821-ttkd5sydng 10Analysis
-
max time kernel
378s -
max time network
379s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
13-08-2024 18:55
General
-
Target
dl2.exe
-
Size
849KB
-
MD5
c2055b7fbaa041d9f68b9d5df9b45edd
-
SHA1
e4bd443bd4ce9029290dcd4bb47cb1a01f3b1b06
-
SHA256
342f04c4720590c40d24078d46d9b19d8175565f0af460598171d58f5ffc48f3
-
SHA512
18905b75938b8af9468b1aa3ffbae796a139c2762e623aa6ffb9ec2b293dd04aa1f90d1ed5a7dbda7853795a3688e368121a134c7f63e527a8e5e7679301a1dc
-
SSDEEP
12288:A3RY3yNqMRTF4q2rxHn2ot/81xpNQyjUXlmoe7ufjHAtjXD7r2:A3RY3R24q+xn/8Xp2yOl5fzQ/2
Malware Config
Signatures
-
BazarBackdoor 64 IoCs
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
-
Downloads MZ/PE file
-
Tries to connect to .bazar domain 64 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Executes dropped EXE 1 IoCs
-
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 1 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 24 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\dl2.exe"C:\Users\Admin\AppData\Local\Temp\dl2.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9747646f8,0x7ff974764708,0x7ff9747647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3696 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4300 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5156 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2088 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6600 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6296 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,17001028253504863589,15152970228868863947,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1296 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Users\Admin\AppData\Local\Temp\dl2.exeC:\Users\Admin\AppData\Local\Temp\dl2.exe {6DC294F9-8B5C-44E1-A2DA-BF075DA35813}1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2fc 0x49c1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\Free Robux.exe"C:\Users\Admin\Downloads\Free Robux.exe"1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9747646f8,0x7ff974764708,0x7ff9747647182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3628 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10298994162824722104,9146191712641193595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54dd2754d1bea40445984d65abee82b21
SHA14b6a5658bae9a784a370a115fbb4a12e92bd3390
SHA256183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d
SHA51292d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5ecf7ca53c80b5245e35839009d12f866
SHA1a7af77cf31d410708ebd35a232a80bddfb0615bb
SHA256882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687
SHA512706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54a1ab2983887cf515db757fc3fad08e8
SHA16b41e50b19438a24ec150bac5d3b660fcd5729b1
SHA2567d9cdccb9a9056b1a32751d0908b9670a7f400fe93a056d28af072ab9824bb5e
SHA512a97cb76c849e6d2eddd9bfca90719d08114e46d04dcb57ef867b2435f44712de0f7995b57ee72d1df04ca2a8bb7d4a81554eb8601c2f77fadc1761a8e367dc3f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0Filesize
44KB
MD5baa1fc38e5ed9cdfd7cc8a1d8e8c3c93
SHA1cf1272afe25c08f6b32baff2b4f0d9a39b1c750d
SHA256c94234141103a36434d4c7ef825d158555abbfd3fde01d0fa3cde95892c1e829
SHA5128224fecb3ce871f8ff779596cd6640ddda8ec60f72e556df75294af005a0c92b6960099fb28797fbf888b8b225bcaf92555f23bd4af96e3ef9103e22b7e5b237
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1Filesize
264KB
MD5982d4c42298db9da9b87b9e32aee43e0
SHA166de94052db79d7b27db47a3622a18f25999e1cc
SHA256da0ecf01d18a92f969f0080cb2e7519f344498cddfbbe84752996108d78b554b
SHA5128868b87011f826e6d3fd7b33bcc8866eae4a5b4aae4b7020aaf4c3f94c37cb8218fde0ee231425217e356d838ff3b8ff2dc58accd7d20c07958851a3184d5bcd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3e757ea85c28335f_0Filesize
44KB
MD5e3bca5e98caf44f92392fee33da5a4e1
SHA13438766a3497dfc3266604148346a4d48a8a6a01
SHA2568bc59144b98fc125a3ad01e8b6f232c0a76961beab9ac3020c70257d0fc6a959
SHA512a9defab469885574a4de661f62a02ab5ec6520630dd5879591e0db06fa05e7c3550b0a65070bf90018072a058d72ce367be225082e638c463eee36fb086820bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5a25590454e77d37979c43f3f6c3292fb
SHA1f3bcfe463bf6dc5c4a79f2bd4f08c7492f51b724
SHA256c74053bf40da71db23ac41a2797300262c8ff419d09ad2fd13ca12a4e6bb45cc
SHA512e901f151c919e4a5b58566e1e44d9b2981426726292b33c86ed8da5e2466036d17f9b8e9b1123cb24c6bfb4d633f73a955bad63426818234dda49c7b5aee83c5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD5b18c972d8da84e84fd74ae90c30f932b
SHA1b353fb4bb392f2619e523b21060565573eb9a918
SHA2567e86f1be7b56a7744fe33adbeb347bb83757261a6c1848ef85e4b43556092b92
SHA5126678c73b9a75166ae82cae6477be0a727c01653bbcf78ca47a104dd1e4d46619491da34b51869b8a4e4e5cc46ac49fd17daee91995628517873a1b584796c22b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
28KB
MD5a9cd350a1efbb0e9822a140a41b5ffd7
SHA15e833a390e9211f163fd7ea6742bd940243295fa
SHA256f5afeffb6ec9302f6f2a2f1343dbbc2f0c2e9f6aeec405607cd79d623acd5468
SHA5129cbb198006a282fe3b80eedde958566be24f92f2a37de43012b5a2daef4f1e7278179618437b70f68e0eb695175cdfea725bd14546e40b7ad9c519d029431c62
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOGFilesize
322B
MD50acb3a32aed23b3728d2e96f4fd534ba
SHA126f85d25806a4cac8136281a937e3bb5ad2a7d04
SHA25622b6e3dbb9999ba30173aa70850b52b59231edafbe55f25174c7a2e1abc25904
SHA512ca5fc714c99ac28a6220999ca80d3233d274794a3dd03316a5b3d9181bc10128f47f6e5d18b78dbf54f3094b9dc5f87401ec74bf05bad878181bfc9622df600e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
24KB
MD598155a14e2c4ff0f025322d86e0bf258
SHA1e4934cfd00f871712966b3d0c5880afbf65a3e58
SHA25620eeccd2b26ef16929418072208c2a2689a8919d1d559fd772101434146559ae
SHA51221244791e0bf69fb9b16e695383fcaa582f616ecc6ea832861b4a69011a0ec32aeef5bd807fa976e1d280c9f35f3126b0435791dbe464258fa74e8e2bae8c4ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD5ecd980c55b14d9a273b45b0f43563c1e
SHA1961bdb0e615181d7d8ce6ad73c232742c58d3429
SHA2565268f8749866755b118276d695bd738e77fc3470dc6303a21e6de2b8d01b0922
SHA512cdf6c99461acc413ee8f566889912b236f8cf0d0c1d44a2bb5d2ef7e32f5603e755c245c69b0bb482e4fbb81b649137535f71fdd77ffc63a022d867a01826164
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
124KB
MD58224a17207968fffc7dcfe4174797d44
SHA192aff4e43102ddebb73fd275d0ed6e4cd831b24a
SHA256ebe8dbc1eb5a7150d986bbc3d37f9a6d2f6365ecfd644022eb2b419b38827085
SHA512e6519c856da377228ee6aff0e686aef34ddf1b6301fbf046888a26e2d36fb4c1dcfcd0b56acbb40838b9d0ff83b667a33af18edf49df54ee008f11b4d038605d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
4KB
MD5b0420f8baf43cf5948b0fb2dba3ab9e1
SHA1dc1b160c7c58d18dcf16ee6a7bfbb223c5e92799
SHA2564715cbc6cf170026242e9d19aff9a9cfeaa20609376a1e2572b2e06dc98514bf
SHA5127689ffc9fd00af2dcc0f7763d68f9bdf32200bce4115121828b74b687d35b2a4f0ce7955896a6fd4cfcb5ca284adc8f6c2c292c744c1eeb087b6f73c00cab6f6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.logFilesize
16KB
MD5deee10cb4b7ed8c7e38cead59590218d
SHA18ea125755e87030f906a081c11833ec992a7e782
SHA256623098e62078a750ff72d14a5145ba77a8024cceaa722db6405ad170009b4580
SHA51223b7fc1aadf6fa69175529b35c856576fce7f63961d9ecee352f613649d14362f26b291183a5fc949ed99e8f0a05644fdf5a17a77f92a271b418afc9287aa3d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
331B
MD5d65e73abb45caa0e6e38f1658ea0e08a
SHA1870b70eb7a176d8ea3a642f0220dbdb5cad9af21
SHA2567281ef8c45feb5de4654548cba8f0498db7261957f2ae0163fe814a301e67e95
SHA512327c4a37b4a83cabad279f274301cf8d173bc6fd974c3a36d11e778f92f9cccdb79989e8b9aa271e3ef025ae4cf63d17cff841bed476f062676c8ff7120298a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
484B
MD5b2c04e2378955b912680d9fc3f7bb1b0
SHA1647518854fef7274f6ea3166cb3e67da60870494
SHA25602c965fc705b90e9e462759590e783c1a5c2714a691cfda2114e8253acba0568
SHA5122f5c89276214af1e0105bb0507f32add1a5184559abd7a9cbdb033f50049b6705fa2f2e2554fe3053fa345bac54e41b320b2189bdb9af48eab15bcfbc54385fe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5834b84a165cb013af3026d8a2bedd684
SHA18491c740992d25ed82673e9dc734cc1bce6eb97c
SHA25651190ce7397a833ffd363f97b3f4a7286819674a43c25789f0c4d704695dae33
SHA5128d35af5769b1f82a7ec7a9f84acd5022206bc52d862cf62df28df45696db517edbd25cb24691b294fc58ce4529669e46ba2c2d25f36903b5fcc5a8531d6d1547
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5c1719fc249347a579edb1ee978b39e97
SHA13be54a3ec75146ed24cc990bdf03b4a5db27ad0d
SHA256f30535191edd9a3dec3c8e02881413fbb923fc95eb15ff5de11c47b3f6e8a85c
SHA512d75ff10fa1e370e61140708f1c76a435126439f2abb6cde832bb5b984dcb15da923d4add67e25c6943242b67b05029002e13f2adffc9eb29f00ab2172016cfe8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5e1fd2bcd897dd3b4ec4ace73636d1ee6
SHA1ee043e06e4678de5cd1537a4d7173c3e6bed6e9c
SHA25644ca95dd9e8e7009c223424944bf24c907535da9107e6199f4adc87a4a0fabd9
SHA512d04b6859d8e2029b0be1e29c932d39361b9a40d5d2f487db303cfb4846d5e75725d80c30a7afaa0e89417ca5583dc458d37b4920d1e111b4b7e0dcdae552167c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD515f3993d49e1acc602cdccc4fc5e1e5e
SHA1512627204e41f807553055a5399451ef71375843
SHA2569172c7e13989d2149340899331aa7090233f5a05c0357dde2ede55cbbe86f868
SHA512555a42510578c01647f50c544b5e0f1be6d7ab833447ecadc3d964523f3abc7c9162787600634b37a815ed1f95df0f28f661776ec88a2c384bd8af10f5a434e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD538f4453c64d56c5697ad87b0e6de372a
SHA138e0e377cc0c2744cbf49f028c9a302f90cf238b
SHA256a7d4dc518123b05e96d45c1a1997e5266a4e526d36557ed62220783c8d481891
SHA5127d3520c8f53907e6a3752579288547341f302bf7fa151bda431d812f4779981dc5a62180e070abea9e5fcd553b99df5527503e939a458e369bc2eb0033f09928
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD52385bb464dea9e2f13c1bc8370b143dd
SHA1ae5850c98f18e1b7b6659587968271bfa37ce17a
SHA2569283a285c8dcd3134da9bdf4841ee97a442a906fddba0958500f30ae5b85363e
SHA5124833f6c6ff011aa91cf22a11bd5b2a61c3576a66cb92336e91c1493bb01f5c468fc063b145bb7569c81726432aba66ce05d6accd9e69199b39a4cc45ee3cdcd2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ce9164e47270dacc392ec426c980eb64
SHA1fe15378f6d03acc9ae49acf55a6135231b5d0b8e
SHA25648b22a916944bfdecf9b909f9cf1366c2619ef7bf14713817ba883b2bd926e7d
SHA512356fbea3754fa868599eb53ca0b34a8ab302b6c188662f76be456f8822d1f15a6ed59dd320eec73b09b3fd121792366b07ab62995c85f24ce378e686e3b7ab42
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5d48b5f35606f63c61bd3e26cbdc25c01
SHA1e0a119376337ab2fd67684e395061b5857cb9d6f
SHA2568029e43f6d75bd2002d07ca8e0004901c270d318b1f128288f30c84090d9e1cb
SHA512497ce64d7b0d658e07a42af8b1366acafa07283f7da948be0172e0ed7481d737c333e0de5842aaef45af192484bed14d3f0e080525304b75e02654574a26cc8e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5abf298caed846d60d90fd1e5f76ef047
SHA13bd5df9d19c4f2030369e490068fe35bc663af2c
SHA25614defc7c1f6d799ae2bbf11bd9e670c7f3f4a77694963008708427056f0aa6a7
SHA512e76495507ae1ae9539892b4beed213126391b6a0528c5b997c8acb1a86400187b4a84d8d1eec34863bd07da9c453f2c56d55d3dd1570c8722d2c742fc88acd26
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5c526dd0f975f9cc61858f0755bae2f49
SHA1985c22b7b1009a860b1e369b7cad5a9621a70aaa
SHA256d191ca68b7bf0cf7040e43f80f8ef652c70ae56d27390109c10c72b4a2d7037d
SHA51213dfd7ddb95e03b45dbbe768d01a37069addfa80e407504162fe05395016f8c150816dc1bc9efc0e5d0e638819137ef78c775bccd71c170bfc3797390c3588c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD54fb14d545d1a34078c984f789fa3f504
SHA1f6a29f85fb43f0e359efb87fc04f29c176e8fcdb
SHA2563bd684ccd46677f2b8b7e881678cebbb4632a2dce33750821ddcca65952f85f2
SHA512709f3feaa3a5735727408bbac57cb9fff8e6fb1752698074a488749a1d8896dccd4405af61187a2cfdf318e8b47e367c0200b197214cfa9606719dce3bb6b3aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logFilesize
1KB
MD52f6d072a364fe8990bafb93269eb9be7
SHA1c1f60a1fd43adc342907262e2c3c937bc73c517d
SHA2561e1fae9e100c1e28214a636b04a7e39377dcff7ada2b9633e2178d9d340964b7
SHA512fbb7c2678938e29c118ba16e62ad9f96bcf62133f0634c7121b0b8eceb485f75ec2b978615d6a5335c27fc1f31de46e1b6965c8e9f427dfe7445e37a09a80046
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGFilesize
319B
MD5773c7c41fd1351491c40c1d2e2a40f3f
SHA10525a0502bc65c8d83b7a836bc9c500b8a5239ae
SHA25675c3da0fef7a6c4d6cee9377a9b9709432e5f1f0317d27c94592ed724d690206
SHA512b4160a980d3cfd21022f42d3c4e50b5e3f40e736744e2ecbc3dbae5780917626a7fd8aff475382e24c4a330f6ac961a015147dc7043738f3fed1860c4614ee13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13368048927927194Filesize
18KB
MD5eb004f58fce9feecf3b33296148d146d
SHA12889aea2c1831a4809931a4b0a6d1dfd4032097c
SHA2566a89499d7ffa536d047e270d836859db5589359c1312f28af8e2e405d6427e4f
SHA51260b878648313936d747155403ec98e574bf342405d9ea2481846414d578aa077d369f6a6c5a4b2170b222e7ee452c5dab65e43dda441bd64977b40a0ca3cad6a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
187B
MD5fe856c6b82c5292a25da04ced4a118be
SHA1a4b27cb82f07f861a5cdd0dedecd3cc35b101dcf
SHA256df3729fcc5b4a9fec4a47c6bd2af94a0dcebdf8e65a02ebd0b1475bd7fa3c64c
SHA5126b0c7e4f72a989cd943d96f660811804d9c12fba5f380d563fc1536067b2129d5923caad5b0be5f81f848b3bbc8549a02f7ab5d998b1cb1ef1c2e2d51de77d37
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD5f63f9677013534f1e3e2937c9247fa09
SHA10712e23b20f4274147570cc9274aebf18d9d7f43
SHA2564180e89b3af8eb0b1840932898c1e078195c0e118c91ac15d64c725afffa18af
SHA51212fcc391230fd98f024d6bebe257b13821a3b59a0c233636074d4b7a30ec8f44d22b2db99ff45a760414d29efd6b7d6810548a004ddd8a2331488adaf11492ff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD5b1e904c1a17aac49e0c4321edeb1299f
SHA147c0e0cc79d06e6ef326d512b8caf357e7313d5c
SHA256850c1c33dd8aa726621efe558ff8c33a03482cd278a4058855ca36d12d518224
SHA512b6cb5e3d79a2c5a76460d4f7a93b488ef8cca55659a41f4a01b366fd7a783f99e295fc0fa1db9384c4705b65dd49fdf5cba9aeb18866632ee8745e4b5d83868c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD53304b27e3723e723cbd70480e5a3eecb
SHA189a28116e682e769360c700fbd9224d59b77da2c
SHA256e35aeace8ae56c8f0c3e65240b2f055781e1e258e78c3a69bee185c40047c7ba
SHA512d8c5aab6c3acba1b8e04c8de529c0457aaff461cd613bb883a409dcfb4a9d4f92af970024f9fb494ca9e0b490c73de4c81f6e80a0245d9b52bb9ca5252cd30f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5179e8bf9ba97223922ed034e1e5ac8ad
SHA101f66d014b8be732fa32249aeedbe7da84d06b95
SHA256d6f20e5485813e2964f579d869a1f326b41037a0b19f1877c6bf59f675655560
SHA51221683965657a1bd58a97816bab361f3ff4928c03affe308612d922e29048c2f29caa61db93231a70ac6290c1686b4cd2842abd9f9bbfde105fffda59c7efcff7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5a079eaced8e7e329b1e1b1e92f89960a
SHA18ebac37aa1fd9802f28bf638d974f719771619c3
SHA256d8739783084b2029b19307ac96d7cc15463c500eb2eac352c09a42f23d688955
SHA512ae6a37d1ad09eb74d47ef0d40a4050c7765d30c99f28265e5257339feacd6d71b6c77351739b49d7591f080b776dd792f4a13d95575ee6501c65b9a2c717b618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5bb413587909f0621e5632c8113e95fe1
SHA11a24615e5b4e8508ac4a6c5d66057dc47717f104
SHA2568aaa370d5bcccee1958a422646576259138894141e3b700b5fa454200ea1341f
SHA512eac7281153bf5bbb297834fa88818aae978a6bfd8fe28122566b6f677ce078a4fd37cc69e61e7dd4a948867689cd674a73aab2d0b797dae809322e7c46bc5924
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD59fd3607ef86f35992bb33fb132f8412a
SHA17604bf6a34e83e11a7115ef0554843fc145ccc45
SHA256df3cce03ad2f554c09bf471c19b70dbc38c12799b1a28ba4c44d8fbb1f5aa2b7
SHA512808dacec0b2d778a4d818fd434cc94ac78e8f1c74c71d3f15c7f08e93b614eccdca1b8900140c49db61615f5b2a50f2373ac068751ecbad27c6d126e9d03d14f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD592e042cf1cc6ce93ba0bb9c1a124dd67
SHA12908fa79918859bc014a839a6f740fb51f0e36c1
SHA2561d4d9e94cac0fa47997c388e306e705ea2e7ab443ad1923e0a588f627d8d06aa
SHA512a6df7b6f77fab7f7497b368980a6d01879619075b5d08e34d09de1a7767e7b5c7a9dadedb69c0f0aba84d8cf2d9d27c478177211639f77c798757da521dc9f25
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ce827cdcff61930c0f9442f6e6b2e03c
SHA163bf3be6da872dfc8c566f0fb1a200c3219d8765
SHA256ce9e8826cdb494c604d93028fb2e92bc809700693f723dc473d25933ddae7c5b
SHA5125047d08bfc3b8becadc794957dbaaae7d34cce0d992948685a6e5106b5d257d197d45dc37c27b6905ecaed77c7f6468435617706ce128ee443d95b5198b91b6e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590fc5.TMPFilesize
538B
MD5dac76e00ad548ce5b0b430e3f7bf098f
SHA18880b075be41d959fa5ff46c7ed25d24c59e49a6
SHA256500bfcce5a2b2caca32918b269af49f2de973e6d094f8e011576398b51051d46
SHA512e90dfa912e50989de83d14ec592d7077626cf1652f2c6f89436baef532f169b7662a6a1b0ad337e0e77a457e42759feb48922a91725fd24e4cda4cbe1edc6f5b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD5376265fa409372ba83da620bf66a7d89
SHA1f519b75d8811673463f9ea687df0f66b6a030468
SHA256ba271700720ffaa271310111feb873748aef630938dcbcaa313c277127dfb812
SHA512891cb20992a39defa0b72202870328af25a7b03c3b3fdea4794d6ab23c6eeee9bc7e63424fb11d3f99c3fb94d2c159cfd081a2841d29d09b69b69531fb1b5279
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataFilesize
116KB
MD5f0ad621cd267d063e96407394878d41b
SHA1bf7ccb14872fec8e0ffe8226abf596c87bf73e67
SHA256cf7d812f4d1c2a06531e7cea71030b889f139797fac888bdb1cc619a3c60978a
SHA512ed667e283f0fe4d7891bd228838b928e35bc5d0324d605b7418a1604b7ec15e39a1b29f76ce55ebdbe82f22edfc7f03573152b80eceb5144173c10abcfd8278b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
76KB
MD54107a7ffcd97ccc9dd2598c201947b5c
SHA16ec66f6cf24465903f3d1646408e8131863be5c8
SHA25693d3e7a0ebb12215e8673acf7d0afed4d12783786a848807b000b44ab2ac1cf8
SHA51271f2630086b83af3b014f378c7f10cd3f43d86bf2929ade39246f99cfb7c3246fef5c10df09f0f1a37d1f0e7547455a1d059d7850b980c0c13ce67abac0e039e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.logFilesize
10KB
MD54638c7ad894c6c358451103fc7899c06
SHA171892994e5ff2b1043fe41ba45bca5777f91ea0b
SHA256b8e8ddd4eda0e41cd28bcc1095edc30fbcbb63fa07d56c147a6e1d13bbd4f9bc
SHA512ecb930348edcac286dde3a6ef5f9d2fbb55514c17ae7dd5b47081f9ad34938f0822e87162c8e00c87dc74b6da4f67ac56eff0ec761ee41e2d01e593b368b5bc4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
319B
MD5d2334336fd29287dac8a9f5ca907c8b1
SHA19659bcc417ed8c02f3276731327b1a18d27a0676
SHA25636941c891449f9207e31875abbcbbc8232c285bead0897633295fcc05663c7d2
SHA51292f850a3506524288dc8cfbf996ece54df82dae2f91e76ba990f231c2d3cfdadd44561d242f62794f4851b2f8cdd4858c537ab6492a307e263fd63b36a363397
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logFilesize
565B
MD5ab7f2f8f728ab1a519ff95e6af07c963
SHA1e6ce97351653d327edb286b552c5faa7b4fb20c6
SHA25676cabb1fcdece95812f950a8cba9ab09cc451bf29bbecbc6c5a343835f0a5b8d
SHA512cd032fd11a60b888baad339e5a25acc5a010db76c3c87ea99102e1be37d2f621f1cd95a3efc05b1e60f5c7573115c08d63b00aa389f3cdde944c2f379188b61d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
337B
MD59e17b00faee7734090096e2e78768ae9
SHA1caf0a48b58eccf8fdbb7be826feb7aff39e60b60
SHA25691ce02a3b67a5153fe9a638553978ec06b0e8cb61d022b5358d883c2f6273379
SHA5121ad7c15abd30aa6ea91b208e2abb7157a0bda815253ffc0a66ffb90848bceca0a00d0efc7818478694177a89a4d3e3039e7567523e7e671539c1a72b4aefbb5d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5cea09ce1e8e87539d247a097b9a9684b
SHA1d3b725a8b06094c76ebbd8d384aad43b8ead3e2c
SHA25670ba925f5393f4c535678208b20a77e6b0b8653c391dab1aeedf00992c332eb8
SHA5126729b27604af61ac95e599dfaf773755d243cf02b30f887e42df66026efaedde83de6a8c891333549b77f03b0721435cce8f857a99ed8af825e8ee01ccd7902e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5b78f40a9b6cdd3e50696550d93a7f902
SHA1b3677ea0e2649c80919325a3a9ad5ceed8b67388
SHA25633827de2709f6b250e2b5ecf33d38b5c542a6c1e763e49c5e6afdcd1dd4d7081
SHA51253a9ea150f31d550809c30ab0b7d56a9ca57bd5baf3938932299c6b003ecefe3f0603bd77e66fef76f57f798ebc6baf7651034bfcf855061a2220174dc1226be
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD52485c438991e03d037deefa5ac6f6d54
SHA1b08cf44957f1dc78be126dc794c67c0368fcd1d7
SHA2568e29ceff9e694c7f826e189c0de0e9d7982cd7f9557875e8fbb31e6ab074cb5e
SHA51282fe306ce66af7d54bc10c93d90542cba44f16f1b99d141057ffdb408d108eb88b9875eb2c950453c5b840b14c60316dd82939ced00a3dc5eac84a0987d426c8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD50c434c73107fccf5c68af0526ec330cd
SHA1d168e26b73d514d62f0b6f564032002714e50f74
SHA256fa37ed6a1be06400e3e5cf3c1a467c10fb661c21692863a2ec504abc2a396ca6
SHA512d397b4f78d60496254675e19ae00affb6378b065f1c59e6b9b7ff952738cd7065a570821c3d9c18d19d2343698a17786b97c870967125bd06ea902e20005155d
-
C:\Users\Admin\Downloads\Free Robux.exeFilesize
16KB
MD54dfbfa755d15a7ddabe3c3697fca8246
SHA196ea39629f63c9020484adb196401eb3c418cc2d
SHA256e66d768c1222dd50539a2f9e150765f54e74fbf7105d182716e8592de88b9d0e
SHA512527160fe740670c7eb1ab65b3c1a6ce662fc05da6d67bde7c71697c4f11783f75016d1465143d1f7d0894d434eb4a6edaed5b4a7e81cbe86ada39b8395e20244
-
\??\pipe\LOCAL\crashpad_1468_GHFLAOSRUDRWYENVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2096-234-0x0000000000550000-0x0000000000650000-memory.dmpFilesize
1024KB
-
memory/2096-1-0x0000000002100000-0x0000000002130000-memory.dmpFilesize
192KB
-
memory/2096-8-0x0000000000550000-0x0000000000650000-memory.dmpFilesize
1024KB
-
memory/2852-674-0x0000000004CD0000-0x0000000004D26000-memory.dmpFilesize
344KB
-
memory/2852-673-0x0000000004A80000-0x0000000004A8A000-memory.dmpFilesize
40KB
-
memory/2852-672-0x0000000004B40000-0x0000000004BD2000-memory.dmpFilesize
584KB
-
memory/2852-671-0x0000000005050000-0x00000000055F4000-memory.dmpFilesize
5.6MB
-
memory/2852-670-0x00000000049C0000-0x0000000004A5C000-memory.dmpFilesize
624KB
-
memory/2852-669-0x0000000000120000-0x000000000012A000-memory.dmpFilesize
40KB
-
memory/4764-41-0x0000000002210000-0x0000000002240000-memory.dmpFilesize
192KB
-
memory/4764-47-0x00000000006B0000-0x00000000007B0000-memory.dmpFilesize
1024KB