Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

3

GLS.exe

windows10-1703-x64

4

Analysis

  • max time kernel
    108s
  • max time network
    114s
  • platform
    windows10-1703_x64
  • resource
    win10-20230703-en
  • resource tags

    arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27/08/2023, 10:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    GLS.exe

  • Size

    370KB

  • MD5

    213932ea3d2139fbb9e52ba5936df3b2

  • SHA1

    0f18c34caffdb243075f3774e6edd293bfba9229

  • SHA256

    207192675473a607eedc53fde93a5f6e8dd7ddfef110fc9a1252c58f57476a29

  • SHA512

    8797b0104c57e39fdb069e52aa9fe665e32a3e68427d2b422bac72c2568df3c0fbbc8d6f5fdae5a5dab38ce1faf6dbad0bc8487a15da312b575259876b2d7b5f

  • SSDEEP

    6144:B4Irx5Q1TJ6y9ow2qGb+osCSrm/kvDIhFckqUTnbpUYOAz6LMR:toTIy9owBGb+7CSC/kvUhFqUTn1UTM

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\GLS.exe
    "C:\Users\Admin\AppData\Local\Temp\GLS.exe"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    PID:780
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3544
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:3904
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2092
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4844
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:4784
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1980
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:4984
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Modifies registry class
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3424
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    PID:3680
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
    1⤵
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:4068
  • C:\Windows\system32\browser_broker.exe
    C:\Windows\system32\browser_broker.exe -Embedding
    1⤵
    • Modifies Internet Explorer settings
    PID:32
  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
    1⤵
      PID:4364
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
        PID:3292

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZDC3680E\favicon[1].ico
        Filesize

        5KB

        MD5

        f3418a443e7d841097c714d69ec4bcb8

        SHA1

        49263695f6b0cdd72f45cf1b775e660fdc36c606

        SHA256

        6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

        SHA512

        82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
        Filesize

        512KB

        MD5

        fc6f66c846ca3c023e271add52a4499c

        SHA1

        6348af2c8b5ee937f0235cedeaba1ad62aa72395

        SHA256

        6aa9f5a7b8c36978eddabc74afde3e199f6e2f1e44ded3041288b039be365f70

        SHA512

        7ff15eb2b446c929a66590801031a0aa6aa70493d05d337f1e4cb2b95e2d6a3eea0d0707e6beb92d16f1f084bf55a28cc225f60d27c57b99590f79565e01cab6

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFA2716F90A9E091D6.TMP
        Filesize

        16KB

        MD5

        b59033ea1094bdad4b4fcc4424a1121b

        SHA1

        e4206e3f5cfe666bc3f05154fd3189182fb46344

        SHA256

        04ca39dc611cb23b02d8292582acd5670a602b98e8022497d964870c3c078379

        SHA512

        ce10ab7a59932be65a02a7581a13cf5c1d56804b9e3d3444f271bbb3a5ca723a635bcf84e4eed786bfa443574f0e5427b2e21dca3e38c5fe47fcb6a57c6824eb

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\53ENLJV3\CRU7E85H.htm
        Filesize

        253KB

        MD5

        ea4fbe6948d5ccb5ed7649f04d4415cd

        SHA1

        f3d82fb2ffd3f583243abfbd0a86bdc94d35360f

        SHA256

        0374aa9de9aae40194e67278abf32eaf3fbea9d0452f926a478aec8b67bc9147

        SHA512

        52679cd975cdcf308329bbefa3e681c26b6aff13dfbb41b7b17c55003157bdd34699ae6621f16d66f136bc1cdfa036e164eec5e9ab7c4802c4d3d62fc8b85276

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\D6YJZ5LR\v1_ff29c1d8[1].png
        Filesize

        55KB

        MD5

        ff29c1d80d75a7b8bb9d3e91940ce85b

        SHA1

        51a8e6bd0377686ed947819054b92d3c27f1e109

        SHA256

        9907d15c9f7f7bf034d3455c56ce14719fd0d4fba86d1975c72bd1810c4b7edf

        SHA512

        674c59397d0c58b38abe8858f1918d686f88eb45261ef04a470480bbb6c016f19e1c56fc3d080d5b87ad7966b686b4380ec9b7c9f220a69d7260fb8705793911

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Q2803T87\googlelogo_white_background_color_272x92dp[1].png
        Filesize

        5KB

        MD5

        b593548ac0f25135c059a0aae302ab4d

        SHA1

        340e2151bb68e85fe92882f39eca3d1728d0a46c

        SHA256

        44fc041cb8145b4ef97007f85bdb9abdb9a50d744e258b0c4bb01f1d196bf105

        SHA512

        b869acfb5a4d58248c8414990bad33e587e8d910f5cb12b74a96949305d5cd35bd638394a91a7f3a9e675f5cc786dce01f1587f5ade9cae19cf09e18dbea0306

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TDSSC7CC\m=sb_he,d,cEt90b,SNUn3,qddgKe,sTsDMc,dtl0hd,eHDfl[1].js
        Filesize

        272KB

        MD5

        7148cff0802ca246e8a4cb0d96bed670

        SHA1

        6da48a121771ea703b69099bed936f14e70f2206

        SHA256

        b5a5580eb3ecb90f1adfceef010ba02691ddb5ddf9413528d8765ad8a6168560

        SHA512

        36eb80cad98170feb6ba62deffa3b2a90e989ca6c2f48d1a1b97c319b1f9c79b50947fd7bd8cd8348e339db3737be0a6bdc4e80390a8e90800acb943ddbbfe9c

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\TDSSC7CC\nav_logo229[1].png
        Filesize

        11KB

        MD5

        1b12cab0347f8728af450fe2457e79c3

        SHA1

        af13a78470385e8e483c58ddc1a9c21386ea8a03

        SHA256

        ca858453ce21cabdf9911c6fa3291aa630df344244bc183a4d5ae9972e59f675

        SHA512

        18edc4d21420a70c4aaa1e7c8c05a35516a95c932a92ef8e86663783f41d0fe661b211fe481fb5f27ea8e1c1e3c3235370d7ecc066886c11ab68d9ebe537538a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\9R8LXJIX.cookie
        Filesize

        528B

        MD5

        67bacb7a3cd49684ce9b931ba0f0c493

        SHA1

        b0b7bfb22148db63a117d6dbe3c9a97e537c1b0d

        SHA256

        335ba768c7c7e0dacab09966a5b408add4738f5754dcedf166f2f3d9adff5d5d

        SHA512

        7a79ca00bb59c8a6d3bb3363b119be74d3054f87f8c25243612c3fb99123a38d70723e2adc2e56ce301383557a99348ed3665746c4ac69f0ff49e7ddfe9b554b

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\A0P4MT20.cookie
        Filesize

        526B

        MD5

        14476755d9529fc51493b225929d5bdb

        SHA1

        9b110a0d729db612d29c444d231ac54f065273a4

        SHA256

        8b4a0c5fea7c2d7cd52af61feb29b1e61593c19d715c1e0b7835ba7692ff17f8

        SHA512

        83e1f0a4875a232df5373c8fb1e7fb5944a8178efb027638bebb92f48fc502a528576d381423578b2f65fe2bf7d390181b2ba21fbcaf7059d5ef07b69f4e60e2

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
        Filesize

        1KB

        MD5

        2e2c7681b5f466e612eb33d887dc2864

        SHA1

        df374250873e8d93af5fcf6a393f7b96469a6905

        SHA256

        ef1ee445d5cfae7ef9ced49b62e98da622b187fd355e37e7e45f3cc46f905f8b

        SHA512

        b5840a7366e8f4000b417f78a7da200a3c9d4234b1a876c711fc71aba4902a8d39176850bb055cba92ca6ad518a8d5e715dfa46273f52c052aa18d899a9305a9

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_061CF72B4A1C20BD289092DFDD659B9D
        Filesize

        472B

        MD5

        7c22b12af6b2e58ec190205cc3153129

        SHA1

        e8f7a3d369780d1fad6475fcab042f20c86eb1b9

        SHA256

        73e6495435dbfa8d572b201730d8e796cd0e9795911f78b3f845405495a204e5

        SHA512

        bbb6a564089c7fd059fc5b5254016126aa6e932c11a92280424e63ed52ccf8164d97e753ed26b40fb07ad0780bca664bdf3f870065c6eeb14d8c0f814936453e

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_45AEBD1DE1D7646405080689CA84F1AE
        Filesize

        471B

        MD5

        58344769e48490e8e1123407e1443b6a

        SHA1

        aac30db8cb99408a71580de49a8955e648e6ae1e

        SHA256

        f2443da613f75d389705826cbce89b3e5e77c84d4be21fe70dfda346f4ce1390

        SHA512

        1874a065d2c1a68505fe1b27b0b1590d687db8528cd2abd0c142ebf7b6abe048838e872efc395c895a369836556fb490d30289bc5f51684695aacbf2676d8edd

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
        Filesize

        724B

        MD5

        aa62f8ce77e072c8160c71b5df3099b0

        SHA1

        06b8c07db93694a3fe73a4276283fabb0e20ac38

        SHA256

        3eb4927c4d9097dc924fcde21b56d01d5d1ef61b7d22bfb6786e3b546b33e176

        SHA512

        71724e837286c5f0eb2ee4ad01ac0304d4c7597bb2d46169c342821b0da04d8597491bd27ef80e817bc77031cd29d2182ccc82ef8ea3860696875f89427c8e0a

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
        Filesize

        410B

        MD5

        8840ca5ab11102c8e442becf07583ede

        SHA1

        463a23b9818bfd69b74004a1c2665afc762517da

        SHA256

        a152f9731641968abba34f4c19723db5fe42f33d6a939af34d52a07aa04eec71

        SHA512

        ed01e29a50bb6faadc14ddbb4bd677633a6c90534bb4db23527ee8fd56c2acc4867a640fb4b5880a42d9bac5eea49db98eb5a3124b8083fd2c6dd81e4a00c87c

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_061CF72B4A1C20BD289092DFDD659B9D
        Filesize

        406B

        MD5

        5fda68148e59824a6ca7e53b42a498cd

        SHA1

        bfb9ce7501403e407847197c713ebe28fbfd133b

        SHA256

        1402bef15ebf330108271ec8138763efb03b2c20191908ce244cff41e7fba868

        SHA512

        6e8a85e637a883dc3dd5d1ff99cd1e650bbc9859361459d5bf1b7648dc321acf84528176dbc3dd2d4b440609ddb73ed7b42354223d9789605ff396aff31d5f0c

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_45AEBD1DE1D7646405080689CA84F1AE
        Filesize

        406B

        MD5

        a208c1a57158d7902eb173332e97a02e

        SHA1

        6ad04489c171c771686b8907db0d43dfe73cd810

        SHA256

        24bff3e4e3bef36e3d66c4db152fb7186d62e89226b8c91c9d7f487c8089798d

        SHA512

        a7f91e8be32e0aa11858158b4d9541ba41bcf990643a1ac57b7d44f2bfd68d8bd73c23e5d9dbb2bd490a195251328f3b585cafd748ba6bed3ce2125e68ad75b9

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
        Filesize

        392B

        MD5

        7c52e172b0f873ec43d24d3f92eead49

        SHA1

        2e88390cc2ca158a56526d6d232ef75d380baf8b

        SHA256

        2230ad7932af0bde3954f7f995365c48142e2910b1d8023205d8cb95f6baad79

        SHA512

        8bbbd7485bcce91cf2f60c33f5feea73d568d5cac7adf4d10585cc027851df6e0ac4a1905c56dac54863dd59c61d1dd571d25c946f3d964825e4c04fb499a22d

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ZDC3680E\favicon[1].ico
        Filesize

        5KB

        MD5

        f3418a443e7d841097c714d69ec4bcb8

        SHA1

        49263695f6b0cdd72f45cf1b775e660fdc36c606

        SHA256

        6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

        SHA512

        82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
        Filesize

        512KB

        MD5

        132bf34159fe7771540b670ba182df9a

        SHA1

        00676cf5767902fd23a04bfecf488c448bc35b02

        SHA256

        f05136ce30cd2135a417b9f6eeaa016ee69a181a1d44dccbd77e4fd0283b12a5

        SHA512

        429a6bb4cebf9eb4b01226a7e866e734498068c0513a8ee77644a10bc7bfe39bebba134f34fc75eaf890a4240f888aff9557dcb9490f6db1da8b1a643535e0e5

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
        Filesize

        512KB

        MD5

        787a4f379d01c3154a5dfff5dbe2c82a

        SHA1

        8956da1191a748a56468c0eb7e80731354ec75c9

        SHA256

        95abe3a707b396861cbb272ecba63e2b63471f23e150cc5f227d50aeeede5653

        SHA512

        7d54ecd82dc82af547c9f3204a9b9fecfeb1b7cb09b055480158c1b89e7dda3bd09043a1b22d4f22220049dc97c1112be00289da93669154c8d9043c8102e340

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
        Filesize

        8KB

        MD5

        0a7f4a5edf258277898d174b3a2eb2be

        SHA1

        a27d5f97daa83f6fbd65a8035f1a5020938f6cde

        SHA256

        4ce93cd5082c574d29553863118503e5efa42db615854e050d2b4d2d99c1bd8d

        SHA512

        a0c37a7919096ee300b4a7491e5c45bd77e3333ac7707084a8320199ab7893cf349833ae8742ca18c7904b9e440dd48e5868b15728912e2a15719c091800e9da

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
        Filesize

        8KB

        MD5

        84f64b7d41726df01dca3c2f661300cf

        SHA1

        afdbec46999de6da20ff6ffbad367dad96dc211b

        SHA256

        755c383ad89bbf53cd4dba247d1d40c5067041b9f24afad70d41fa2511c0aa86

        SHA512

        ea2786aeb73e6624bfc6e574823ff052716cd2664663b8856e901dbc395adb753c2942a89f68bf962c8c31d66b72cb504b2b52e26dab62c0fc2617bfa052fd34

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
        Filesize

        2.0MB

        MD5

        e2d74819bfd640e15e99565a89793269

        SHA1

        f09dd499cb730532d2d0616886bcf35b0c242ccd

        SHA256

        e54c679fbc2fe1ed24b40b88a17a8b68d80e18a377474cbfaadc8d54b07b6f2c

        SHA512

        c89e772526bf47190af6114049b5ef9462aa8c37509898855b583bf4780a61cfa97539bd18308e41ab9e1b2a7a9c987b36499678dfdf7329b95b2fe772a4949b

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
        Filesize

        2.0MB

        MD5

        f2744eda13ea953ab1d1231d703b930d

        SHA1

        eff4153ae6e881eac41e97e67f66d312e26ad9a8

        SHA256

        d59221d17477736782204d0a1819ba0eef39a922e4ca3e693a5a7f19d7e1f7be

        SHA512

        355376fa86c7f8a73c9b0c0a9c04797d8fd85f582d8e3f292036e1b40eb2c1d76ed48a71c265b318039c0a449521739932c58043af1e774907e2ae669bb3b40d

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
        Filesize

        16KB

        MD5

        442aaebf5dc6e8fefd89ae4878bb8867

        SHA1

        0a27028f87fa491dbba7d6764f809844e5b99b43

        SHA256

        57acd74c4d0b3168aac0122ceb2cc05d154026706a975714663e69798d2db265

        SHA512

        917b6cc7924462b240a1debb7702c6d8c04147384f6ba5a5f70a1414b22bc105e494a63fc16ea84ee7b6d41579df1177abfbf6eb9410793dcc9408ff956341d5

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
        Filesize

        16KB

        MD5

        dd5f82ba576604ffbe330429def3d6b4

        SHA1

        fcaea7250602cb7bd36205f0f46c3cd311426dcd

        SHA256

        f3a46e71142cd4ab7167b00475cac68e840e229b86c2db76fdd652d757bd290c

        SHA512

        e1170769ab465e494f9839aa86f37143f4d008eba27cf2ae31c5572578d9095ad5a76c14a76fae3823fa67ae84a90efb42eaeb3ccb83a3a3f6f77a0b3119ae8f

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\bat1feg\imagestore.dat
        Filesize

        5KB

        MD5

        88d020ca1212209c5e9206b087c9fda4

        SHA1

        ea4e3e5cf671b210b10c850c3013314890e6e186

        SHA256

        94af1739a8fa2ffcae187ab5a740136ae7ad61e4c0ee0159be731461f7e3bc0f

        SHA512

        2649cb30de36abf430572f246cbf114ea6aa9c4c8cf6803bd2aa460d6e60a30059b51d3833d79ed25645558c9300a50f2b53a58b16bf43484f573cbe592c91bf

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{968AD6BF-A41F-4BF0-B6AF-5ECEE4ADDA23}.dat
        Filesize

        4KB

        MD5

        b92cae214cd6da1def297788b246b3f3

        SHA1

        083afa93157020f9a3caf23ce38398df3933f270

        SHA256

        ef536f3e34a7b3034b6eaa0c6ef9f159e24325fde280b5303729233ef0d911ba

        SHA512

        615f0521cf0c70dc5f46f5ebeef626a47187f632371b0690deb8b2807bae7e480a089ba716079cfc2839e413905dca94001933435d1ce32465c11eb8021f3c80

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{F797BDA6-7F96-4650-B70F-92B2B5A64D6E}.dat
        Filesize

        4KB

        MD5

        1a757ded6950043e8d872c998a1a7847

        SHA1

        2fcb5391e583e5dd808310b15282615877e90f2c

        SHA256

        be9bb90f76f2332c2b2e54fd6b1d7e7ace1f2c924895d086c0cbeddb9e61b834

        SHA512

        d046fa43bd822837e44a35fb665ac2d7308abcddf3fc09516b8e79e3390fb051cb47ca84f1abcf7be16c351537b384838181092ab79b919f5a01db750290e534

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{57E263A9-A581-4E15-9387-BD78C792A7F6}.dat
        Filesize

        6KB

        MD5

        f21eb905cd75b8615ba97d032acfccd8

        SHA1

        45e8acf3dce354b6c652a7182101b3c0a4ff27b8

        SHA256

        f8c74168744b43e47db8c48d9c525cd9b3f8f5c7d47edaaa2ed7dfea76dfeefa

        SHA512

        07652283362349979ed43c2455d77c6e717636e95908a93ecf88b97c1f56b4e7919ac4f9ef6ad85a77be051d9d9141b675433e8fe87b0077f6f33e9ddf14529f

        Download Submit

      • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{96AA7A98-BCB7-402C-AB26-3536630E2A78}.dat
        Filesize

        7KB

        MD5

        81651a7d557d846c2b7a3dad44771191

        SHA1

        d24f908a4e8d6a0a1786b80dd624d49a03d4edfd

        SHA256

        c0cffd7bd8a3be3d2dd3005d565eb79133401fb3384deca0b3108da038f8d370

        SHA512

        a054add067e8a23cbe973b668c96f5b57fbacef37cd316e5b0d853a16a3ab8e323ae02bfb95d1e4a870968130077f8cd7a43872d5dfa6676314ed3048f8d3472

        Download Submit

      • memory/3544-36-0x000001AB1B2D0000-0x000001AB1B2D2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/3544-1-0x000001AB1B120000-0x000001AB1B130000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3544-169-0x000001AB21760000-0x000001AB21761000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3544-17-0x000001AB1B900000-0x000001AB1B910000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3544-168-0x000001AB21750000-0x000001AB21751000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4784-160-0x0000022891A00000-0x0000022891B00000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/4784-99-0x0000022890220000-0x0000022890222000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-199-0x00000228916E0000-0x00000228916E2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-341-0x00000230FD9F0000-0x00000230FDA00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4784-127-0x00000228906A0000-0x00000228906A2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-122-0x0000022890590000-0x0000022890592000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-119-0x00000228904A0000-0x00000228904A2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-116-0x0000022890400000-0x0000022890402000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-112-0x0000022890360000-0x0000022890362000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-210-0x0000022892A10000-0x0000022892A12000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-107-0x00000228902C0000-0x00000228902C2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-191-0x00000228922E0000-0x00000228923E0000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/4784-95-0x00000228901C0000-0x00000228901C2000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-91-0x0000022890050000-0x0000022890052000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-85-0x00000230FEB00000-0x00000230FEB02000-memory.dmp

        Filesize

        8KB

        Download

      • memory/4784-77-0x00000230FF330000-0x00000230FF350000-memory.dmp

        Filesize

        128KB

        Download

      • memory/4784-75-0x00000228FC200000-0x00000228FC300000-memory.dmp

        Filesize

        1024KB

        Download

      • memory/4784-348-0x00000230FD9F0000-0x00000230FDA00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4784-347-0x00000230FD9F0000-0x00000230FDA00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4784-346-0x00000230FD9F0000-0x00000230FDA00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4784-345-0x00000230FD9F0000-0x00000230FDA00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4784-344-0x00000230FD9F0000-0x00000230FDA00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4784-343-0x00000230FD9F0000-0x00000230FDA00000-memory.dmp

        Filesize

        64KB

        Download

      • memory/4784-342-0x00000230FD9F0000-0x00000230FDA00000-memory.dmp

        Filesize

        64KB

        Download