dd54a92b38dfab67e6832962c6aef8a4272bf7989c97a554f438dd0e92f34b1f

Resubmissions

17-08-2023 05:42

230817-gd99eafd82 10

Analysis

max time kernel
101s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 05:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2023-03-31.zip
Size

195.7MB
MD5

79d6e199a0633af6b40ddc3beb286d42
SHA1

78478d850bb087d417d2e4e59f36f0041f5f4ffa
SHA256

dd54a92b38dfab67e6832962c6aef8a4272bf7989c97a554f438dd0e92f34b1f
SHA512

63adb14045d5f4c527c687662252ba535fe76fdbdb567ddec96ba85d0b48ea771c8cc1cce7cfea62f6f72d49c6da8747e14de21faba07bb715ef7cf37dfa0fda
SSDEEP

6291456:kITrRt5tiZLXrBTe1QTzYLtvB2t4fQfLK49:tfRn0lXBe1KgtvB2tAUuE

Score

6^/10

Malware Config

Signatures

Process spawned suspicious child process 1 IoCs

This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.

Processes:

DW20.EXE

description	pid	pid_target	process	target process
Parent C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE is not expected to spawn this process	1172	4760	DW20.EXE	ONENOTE.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

EXCEL.EXE

pid process

3108 EXCEL.EXE

pid	process
3108	EXCEL.EXE

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exeONENOTE.EXE

pid	process
2416	msedge.exe
2416	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3336	identity_helper.exe
3336	identity_helper.exe
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zG.exe

pid process

456 7zG.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

3240 msedge.exe
3240 msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

7zG.exemsiexec.exe

description	pid	process
Token: SeRestorePrivilege	456	7zG.exe
Token: 35	456	7zG.exe
Token: SeSecurityPrivilege	456	7zG.exe
Token: SeSecurityPrivilege	456	7zG.exe
Token: SeShutdownPrivilege	3132	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3132	msiexec.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

7zG.exemsedge.exemsiexec.exe

pid	process
456	7zG.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3132	msiexec.exe
3132	msiexec.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe
3240	msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

Processes:

ONENOTE.EXEEXCEL.EXE

pid	process
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE
4760	ONENOTE.EXE
3108	EXCEL.EXE
3108	EXCEL.EXE
3108	EXCEL.EXE
3108	EXCEL.EXE
3108	EXCEL.EXE
3108	EXCEL.EXE
3108	EXCEL.EXE
3108	EXCEL.EXE
3108	EXCEL.EXE

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3240 wrote to memory of 3764	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3764	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 3708	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2416	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2416	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe
PID 3240 wrote to memory of 2772	3240	msedge.exe	msedge.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\2023-03-31.zip
1⤵
PID:4636

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2208

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\2023-03-31\" -spe -an -ai#7zMap10061:78:7zEvent16499
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:456

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2023-03-31\67b74348a0f1857759d19207ab619916f77ef42d39de443907f840e5b46bfd8c.js"
1⤵
PID:2572

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\2023-03-31\67b74348a0f1857759d19207ab619916f77ef42d39de443907f840e5b46bfd8c.js"
1⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\2023-03-31\b31b98ed88d14365f43a9fad862c556b108df501b1fed8b4ca5d56b881fd963f.html
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbd05846f8,0x7ffbd0584708,0x7ffbd0584718
2⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14885710799349168153,12406452863504723038,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14885710799349168153,12406452863504723038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14885710799349168153,12406452863504723038,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14885710799349168153,12406452863504723038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
2⤵
PID:3860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14885710799349168153,12406452863504723038,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:484

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14885710799349168153,12406452863504723038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
2⤵
PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,14885710799349168153,12406452863504723038,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1120

C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE
"C:\Program Files\Microsoft Office\Root\Office16\ONENOTE.EXE" "C:\Users\Admin\Desktop\2023-03-31\d23a3348b7e5102bc1ef38c5de2236444a7479ca33ab1023334f1e924e8520c8.one"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4760

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE" -x -s 3552
2⤵
- Process spawned suspicious child process
PID:1172

C:\Windows\system32\dwwin.exe
C:\Windows\system32\dwwin.exe -x -s 3552
3⤵
PID:3364

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\2023-03-31\d25b37df4b35fdab3730b4f587842dd4cfd2c68d334a910228d690b0fdbc9257.msi"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3132

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\2023-03-31\d56bb81d0f8e4de24dc12a7d963ed95eec36291c71a29d6b434e72f098cc1131.xlsx"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3423d7e71b832850019e032730997f69

SHA1
bbc91ba3960fb8f7f2d5a190e6585010675d9061

SHA256
53770e40359b9738d8898520d7e4a57c28498edddbadf76ec4a599837aa0c649

SHA512
03d5fee4152300d6c5e9f72c059955c944c7e6d207e433e9fdd693639e63ea699a01696d7bbf56d2033fd52ad260c9ae36a2c5c888112d81bf7e04a3f273e65d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d15dda0fd52ce6bcf75a26ecaaa13b14

SHA1
3034ab455705f81cb2669559adb15a1571ae24a8

SHA256
fe1408e5ef778624eecbe7c969532ac06f64b88d580aa2c0a83377f2763711d0

SHA512
3e719b399d5756206b37d20d59135474de4adf10d941d1a4a4211dea716f8cfbaad3f0213dce45c3f6821af123ddeb8a8d04520d8b2b97dcc2fa0f5d6eda6d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec3e156fdc2101bac2cdbf7b293d3c9e

SHA1
a623a1f570dbe7a18269fb8c62dbe85ec805956e

SHA256
6b37568ec8e945f82fe3e7ea5f7844c5c6de35f5338c237334aace720b7eec6a

SHA512
50a1e79adaff0cef2c9dd3fcc00886953442390dabbba4f9e814df511dcb74edd6d205eb773e638ec4005dc47da89b2f06a41a4bc8b38bd248b3a78a93c67434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c45a22b8cf37d3be52aa18327faeef8b

SHA1
d511e71e13360a755bd448285915837ecceff005

SHA256
ad917bc0ac2d29c15b5e7c8d9003bf9c3dbb365088fcf7ccd65c807764f28ec0

SHA512
5436943493d923dc9c2ed4bb22db4fdaae25d12a18a310d7aa812c2f80308eaa99d7e7ebd714824f141ba3a8626d21c48fcdbcd14551458f845a9638ccafda24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0e78f9a3ece93ae9434c64ea2bff51dc

SHA1
a0e4c75fe32417fe2df705987df5817326e1b3b9

SHA256
5c8ce4455f2a3e5f36f30e7100f85bdd5e44336a8312278769f89f68b8d60e68

SHA512
9d1686f0b38e3326ad036c8b218b61428204910f586dccf8b62ecbed09190f7664a719a89a6fbc0ecb429aecf5dd0ec06de44be3a1510369e427bde0626fd51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d41d4ed8243df2707bb39694a0a36399

SHA1
281db0b478cb72b22be55166f8a0aec194526f3a

SHA256
c7e20d7acbec950f65a4349fecb8c663def41fe16303928f8d250fe407cf740c

SHA512
3be606f9f27b6c3e5548640f24ff9e91dcef13c86124ec08d9a03f1564cc7bcebe9c0625b994744b5b5b0198bf2cc498c6d1f9a345da75f5d157387b91869abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
6423965e04e9757f352246587c8d9fb9

SHA1
de11b9a7056b2a76a83bf822a9b1b536b45d406d

SHA256
2818398072ed4eea10755d68c01cb6ebf408bd4ab037bd40f5b225d98a31a918

SHA512
1f7fb2d2192f1247ddcfe734e2957c2ef68108a58d7accf2adafb4431c0431a4f4380b14b9ca100d632cbf4dfc4e3d7f65690e1fb6236a95c3b20b3c4f66ec2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\B1953A4F-9FF6-4E28-B33F-23A2D2D9768F

Filesize
156KB

MD5
02f855f258f05a05fc613b7d28ad53fd

SHA1
1018f568327d341c9d9fb02c633a88f1f6c51506

SHA256
531400f436b329a00253fa6544af6f2e7613cb5d294093002b0f30dc888e0283

SHA512
295fc997e54e3334fb628731c0dbb9331d5d9506696bbd4fb4bcd5f6df2780bbe437c0540b2f4764cd17be0c398269faf79f6e46523e11f20a534ef43d40cf9b

Download Submit
\??\pipe\LOCAL\crashpad_3240_KUCZIADBNINMFSOC

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1172-237-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/1172-235-0x00007FFBAF3B0000-0x00007FFBAF3C0000-memory.dmp

Filesize
64KB

Download
memory/1172-234-0x00007FFBAF3B0000-0x00007FFBAF3C0000-memory.dmp

Filesize
64KB

Download
memory/1172-232-0x00007FFBAF3B0000-0x00007FFBAF3C0000-memory.dmp

Filesize
64KB

Download
memory/1172-225-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/1172-236-0x00007FFBAF3B0000-0x00007FFBAF3C0000-memory.dmp

Filesize
64KB

Download
memory/1172-224-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/1172-218-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/1172-223-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/1172-220-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-249-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-254-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-292-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-284-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-261-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-260-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-258-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-257-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-256-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-253-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-252-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-251-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-248-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-247-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-246-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-244-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-242-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/3108-239-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-210-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-198-0x00007FFBAF3B0000-0x00007FFBAF3C0000-memory.dmp

Filesize
64KB

Download
memory/4760-190-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-209-0x00007FFBAD230000-0x00007FFBAD240000-memory.dmp

Filesize
64KB

Download
memory/4760-207-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-233-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-189-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-199-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-200-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-206-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-192-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-191-0x00007FFBAF3B0000-0x00007FFBAF3C0000-memory.dmp

Filesize
64KB

Download
memory/4760-188-0x00007FFBAF3B0000-0x00007FFBAF3C0000-memory.dmp

Filesize
64KB

Download
memory/4760-214-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-213-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-187-0x00007FFBAF3B0000-0x00007FFBAF3C0000-memory.dmp

Filesize
64KB

Download
memory/4760-212-0x00007FFBAD230000-0x00007FFBAD240000-memory.dmp

Filesize
64KB

Download
memory/4760-211-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-208-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-186-0x00007FFBEF330000-0x00007FFBEF525000-memory.dmp

Filesize
2.0MB

Download
memory/4760-185-0x00007FFBAF3B0000-0x00007FFBAF3C0000-memory.dmp

Filesize
64KB

Download