cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337

Analysis

max time kernel
249s
max time network
270s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
Size

955KB
MD5

c911064db70166b4432aa7f284d9cdff
SHA1

665d53d2edd82123952672048c13fb1340fa1250
SHA256

cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337
SHA512

bfd4c431a2374e4d77ddd7553988d66dc864721275c9e011dc0dacb0cf4ea72a50e5136264adc9b6a8087808584a28c3a99b5cecf2175aa29cbf227a06566a4e
SSDEEP

24576:uVaOnzQC3nwQmN2K3yWds0JkKyVagMPHPUrEHWZN5Kw:uVaOznlDadsLQ/HWH

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 24 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\N:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\P:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\R:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\U:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\V:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\Y:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\K:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\O:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\Q:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\X:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\A:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\J:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\W:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\G:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\I:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\L:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\M:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\S:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\B:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\E:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\F:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\T:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened (read-only)	\??\Z:	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\WINDOWS\Help\msmrsop.hlp	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
File opened for modification	C:\WINDOWS\Help\wetn_l21.CHM	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1940	msedge.exe
1940	msedge.exe
3836	msedge.exe
3836	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2656	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
Token: SeCreatePagefilePrivilege	2656	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4196	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2656	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 4196	2656	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe	83
PID 2656 wrote to memory of 4196	2656	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe	83
PID 2656 wrote to memory of 2880	2656	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe	84
PID 2656 wrote to memory of 2880	2656	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe	84
PID 4196 wrote to memory of 2280	4196	msedge.exe	86
PID 4196 wrote to memory of 2280	4196	msedge.exe	86
PID 2880 wrote to memory of 2792	2880	msedge.exe	85
PID 2880 wrote to memory of 2792	2880	msedge.exe	85
PID 2656 wrote to memory of 2660	2656	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe	88
PID 2656 wrote to memory of 2660	2656	cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe	88
PID 2660 wrote to memory of 856	2660	msedge.exe	89
PID 2660 wrote to memory of 856	2660	msedge.exe	89
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 4196 wrote to memory of 1320	4196	msedge.exe	94
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93
PID 2880 wrote to memory of 4448	2880	msedge.exe	93

C:\Users\Admin\AppData\Local\Temp\cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe
"C:\Users\Admin\AppData\Local\Temp\cacd2740d474411f34c5deb162d5fdf3b0a9b1129d4968004275959f5781c337.exe"
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pekalongan-community.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff54d746f8,0x7fff54d74708,0x7fff54d74718
    3⤵
    PID:2280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15406930534289535330,384185533832369278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:1320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15406930534289535330,384185533832369278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15406930534289535330,384185533832369278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
    3⤵
    PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://adf.ly/6CMFK
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff54d746f8,0x7fff54d74708,0x7fff54d74718
    3⤵
    PID:2792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,17815806196852677922,1395703205495683430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:4448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,17815806196852677922,1395703205495683430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pekalongan-community.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff54d746f8,0x7fff54d74708,0x7fff54d74718
    3⤵
    PID:856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,3260087079788737668,3831922753373850288,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:3640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,3260087079788737668,3831922753373850288,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4148

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
8572f60c3d290ab98bc369ae8eebff9c

SHA1
4264dab520f77ef609ab5ca24e4c1bbd1a7f0df0

SHA256
b4be06a39491f6df0412436b81b6cf29a608866dbcc88435a540201a250f0549

SHA512
c4ec373649d008874a7d4f2da0e7eb7123e71c895c7bd84ac230375871c3f97dfc7f7c950a37677fbeb2b87082c392a4f1f037228149fdb06b5f29f8c1e25fe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
471B

MD5
8572f60c3d290ab98bc369ae8eebff9c

SHA1
4264dab520f77ef609ab5ca24e4c1bbd1a7f0df0

SHA256
b4be06a39491f6df0412436b81b6cf29a608866dbcc88435a540201a250f0549

SHA512
c4ec373649d008874a7d4f2da0e7eb7123e71c895c7bd84ac230375871c3f97dfc7f7c950a37677fbeb2b87082c392a4f1f037228149fdb06b5f29f8c1e25fe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
71e3fd5e07259bec74045744abe41611

SHA1
de5b4747b73368e243013fc63e567cd24471a2d3

SHA256
f8fe545ba12a2f0e94c90bcb25b44a0b1c2c1e7e7e5fbb0de134f7bf1dbd4335

SHA512
7e835dd5756a5d9675a1bd77636cd5d16b0e04e0fd369df8816b21a73acb61e4f9988e89e40b9589f97000f41179bcfa87975c9b99d5faa06512644ba9f88436

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
90a8f6ebdde91d48501b28457b98b7ac

SHA1
5a0cddaac9558e9ace94456d2acf5f103ef27dde

SHA256
0d769060654dc4f4c3950defa4940dd97a07057aef5ea52c4109d52dae303820

SHA512
a3e3826f7e7a5ddb3927a82a3f82198eb57b20297d1fccabd887cc75713da571eab1f70d61a74d22fbf95eec3ac8bf3765c6984b5c8ef452aba5f506e104e969

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_D46D6FA25B74360E1349F9015B5CCE53

Filesize
442B

MD5
90a8f6ebdde91d48501b28457b98b7ac

SHA1
5a0cddaac9558e9ace94456d2acf5f103ef27dde

SHA256
0d769060654dc4f4c3950defa4940dd97a07057aef5ea52c4109d52dae303820

SHA512
a3e3826f7e7a5ddb3927a82a3f82198eb57b20297d1fccabd887cc75713da571eab1f70d61a74d22fbf95eec3ac8bf3765c6984b5c8ef452aba5f506e104e969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
59f470bde9e3126df8c82dc46d1dd8d7

SHA1
9dba6f67877f88260136270230a1f3d9652e7f57

SHA256
283032bfd5ee5dfc0345b8974aab2081c522b2e2559014534a981b36b5312b47

SHA512
f8aecc9de011255505226a8dc0787c34d3e784d818240bdb7a4224632f3c79bb9e933ab9c9c77211e1fda15e558df9229ca91ed36cd55e38272d5d9ea03bd568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
59f470bde9e3126df8c82dc46d1dd8d7

SHA1
9dba6f67877f88260136270230a1f3d9652e7f57

SHA256
283032bfd5ee5dfc0345b8974aab2081c522b2e2559014534a981b36b5312b47

SHA512
f8aecc9de011255505226a8dc0787c34d3e784d818240bdb7a4224632f3c79bb9e933ab9c9c77211e1fda15e558df9229ca91ed36cd55e38272d5d9ea03bd568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
59f470bde9e3126df8c82dc46d1dd8d7

SHA1
9dba6f67877f88260136270230a1f3d9652e7f57

SHA256
283032bfd5ee5dfc0345b8974aab2081c522b2e2559014534a981b36b5312b47

SHA512
f8aecc9de011255505226a8dc0787c34d3e784d818240bdb7a4224632f3c79bb9e933ab9c9c77211e1fda15e558df9229ca91ed36cd55e38272d5d9ea03bd568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
59f470bde9e3126df8c82dc46d1dd8d7

SHA1
9dba6f67877f88260136270230a1f3d9652e7f57

SHA256
283032bfd5ee5dfc0345b8974aab2081c522b2e2559014534a981b36b5312b47

SHA512
f8aecc9de011255505226a8dc0787c34d3e784d818240bdb7a4224632f3c79bb9e933ab9c9c77211e1fda15e558df9229ca91ed36cd55e38272d5d9ea03bd568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
59f470bde9e3126df8c82dc46d1dd8d7

SHA1
9dba6f67877f88260136270230a1f3d9652e7f57

SHA256
283032bfd5ee5dfc0345b8974aab2081c522b2e2559014534a981b36b5312b47

SHA512
f8aecc9de011255505226a8dc0787c34d3e784d818240bdb7a4224632f3c79bb9e933ab9c9c77211e1fda15e558df9229ca91ed36cd55e38272d5d9ea03bd568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c874ca5fa1b38ed3094f05c9aa8a14e6

SHA1
2a36112a5b5f8a65fdefe6642d1231dfb17e30bb

SHA256
5821e8f0d7fa9e3b9dfbd53fd5becd380a8d3efdfcd6c787b76dd764a06df480

SHA512
82a38cd7ec1afc2dbf64cc5b99c21e86288da8a3b872ab09c660041cc43759e569971e42dfc6d281b23f53eb800c8d08b8daf656c03d65d087cd2eb54b03e814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c874ca5fa1b38ed3094f05c9aa8a14e6

SHA1
2a36112a5b5f8a65fdefe6642d1231dfb17e30bb

SHA256
5821e8f0d7fa9e3b9dfbd53fd5becd380a8d3efdfcd6c787b76dd764a06df480

SHA512
82a38cd7ec1afc2dbf64cc5b99c21e86288da8a3b872ab09c660041cc43759e569971e42dfc6d281b23f53eb800c8d08b8daf656c03d65d087cd2eb54b03e814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c874ca5fa1b38ed3094f05c9aa8a14e6

SHA1
2a36112a5b5f8a65fdefe6642d1231dfb17e30bb

SHA256
5821e8f0d7fa9e3b9dfbd53fd5becd380a8d3efdfcd6c787b76dd764a06df480

SHA512
82a38cd7ec1afc2dbf64cc5b99c21e86288da8a3b872ab09c660041cc43759e569971e42dfc6d281b23f53eb800c8d08b8daf656c03d65d087cd2eb54b03e814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1adf3580ef8cc62d32ddbabcbaf11ba0

SHA1
a6edb93a5b5ad23d047d0541be18b73310ef9b3c

SHA256
9bb24bc75afdc84e688a7d8be2d8c0d921b1feec0687617996481f0863b038fb

SHA512
85cfd2809de2692b87d0e9bca543196f4da714ae213dfb29d04363260d6b3e4f2291d3b63d36b8a2c5213218b50c4ac3b22fd27aea1ccf31eecabdf600e050ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
bd922d31700289720b75bb2e9a2e6c93

SHA1
7490ba17f94fdedceddf5ad0b23c3fb605d17c72

SHA256
56a87f4ef03629fc78bb34936e65ea1e754eb50862ae0085cf576e3e75f8c980

SHA512
33304c3efdf39a5f89d2bb22c0bbe427381919d7d2c5bd130406a8bbc376c3c733c4bec91957af53d95702541741771132d183efda06a74703bf14d51a245d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
065c3ef6687ad5e897aa7651fae6deba

SHA1
2572f5867f6a5c91c145c62ec21f7e17ed5e3e8a

SHA256
f8bb19cb96db45780428992d9280e1b130e0b0524ee9b139f9efaaf8df5036a1

SHA512
744e6bbaa851421d98da2a04a18aa77bc8e0194a1e2d01fada3a28e3de29ee46cc8801f00ad47940dcad731c72057ca36cffeed9e6a876ff48983dbc0306ea13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
1adf3580ef8cc62d32ddbabcbaf11ba0

SHA1
a6edb93a5b5ad23d047d0541be18b73310ef9b3c

SHA256
9bb24bc75afdc84e688a7d8be2d8c0d921b1feec0687617996481f0863b038fb

SHA512
85cfd2809de2692b87d0e9bca543196f4da714ae213dfb29d04363260d6b3e4f2291d3b63d36b8a2c5213218b50c4ac3b22fd27aea1ccf31eecabdf600e050ea

Download Submit
memory/2656-134-0x0000000000400000-0x00000000004F3E04-memory.dmp

Filesize
975KB

Download
memory/2656-164-0x0000000000400000-0x00000000004F3E04-memory.dmp

Filesize
975KB

Download