1320439cc3a2ac8f77b42ecb850f07dfa6dd81982e4a44b535a59cece0363668

Analysis

max time kernel
490s
max time network
428s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2023, 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

image.png
Size

209KB
MD5

6c50b8b8f9843d6efeeddbbf91ddbcc8
SHA1

2cded581ac03b216fb7f61714a7b91c8024bdf21
SHA256

1320439cc3a2ac8f77b42ecb850f07dfa6dd81982e4a44b535a59cece0363668
SHA512

0270e3ee7cfff7f74af16a6d0531e89b3c2041c8bd5686fe23041ef6ccb6fdcace4c913178c9c1e9af7c282e54933f1d5ab41c336573232242888fb3a29f6fb7
SSDEEP

6144:WLe7S7mqBnbZcGTaptBMtFAvBElJrfWejGclRbjfV5Y1:wscm4tcGaQFmSlRfvGyrV5C

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
3060	msedge.exe
3060	msedge.exe
1328	identity_helper.exe
1328	identity_helper.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4824	taskmgr.exe
Token: SeSystemProfilePrivilege	4824	taskmgr.exe
Token: SeCreateGlobalPrivilege	4824	taskmgr.exe
Token: 33	4824	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4824	taskmgr.exe
Token: 33	4660	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4660	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe

Suspicious use of SendNotifyMessage 53 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
3060	msedge.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe
4824	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 2060	3060	msedge.exe	88
PID 3060 wrote to memory of 2060	3060	msedge.exe	88
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 4892	3060	msedge.exe	89
PID 3060 wrote to memory of 2864	3060	msedge.exe	90
PID 3060 wrote to memory of 2864	3060	msedge.exe	90
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91
PID 3060 wrote to memory of 4896	3060	msedge.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\image.png
1⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\RepairDisable.mht
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff86f2e46f8,0x7ff86f2e4708,0x7ff86f2e4718
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7480124536238202668,4452480002276928692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3900 /prefetch:2
  2⤵
  PID:3228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1924

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4824

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x45c 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d25fc6e43a16159ebfd161f28e16ef7

SHA1
49941a4bc3ed1ef90c7bcf1a8f0731c6a68facb4

SHA256
cee74fad9d775323a5843d9e55c770314e8b58ec08653c7b2ce8e8049df42bb5

SHA512
ea598fb8bfe15c777daeb025da98674fe8652f7341e5d150d188c46744fce11c4d20d1686d185039c5025c9a4252d1585686b1c3a4df4252e69675aaf37edfc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d1c0e81768ceb50ce528faa65be7c7dd

SHA1
c422444db120ee8e3d7cf3a60c588586675ed09a

SHA256
9f6498b6739ff53abdb9dd1537e1fc327c72f6c2e7d532b647147cd04378df26

SHA512
735c76a79e17e6998b1e65f979388332f6e322e44b4fc3a30b6161edd2e6c667014738c114007972503c843e79e9e3ee6a636ea2c4bd0cff40658e276b1eea93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
265b92c85565c0e0d1d1791eb51183e6

SHA1
c963f193bf0ffe74f503f42ba78ecd98d69a8eed

SHA256
1e3ebdd914d96c0ed797733b50d2d2030faa4fde45e34066545309f66b3f250f

SHA512
5faec64394531e0d2ef49ca50d8c7a63b6c0b2ccbb8de36a8e10149f1fd5d0f57a23c3b080710b980b286171d97681b17b04bbce7c36b2e6e66cab74945f8e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e245200d7e0f15dc604337ebf75b713d

SHA1
c895b8762cf8599469e07f1a76a6b20c5c44d6b5

SHA256
731712737d237bf785de628886f3d0ebeb63cbfd9e4556f0508b0eda681c6342

SHA512
94c2ad2e0f7ad97122461a7bafc41977d48feab5bc521719bcb8c68a0da5c78eb4960498a1e542e73960a7e0dff7ee6ba381c061549592658753420b4842757f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d555d038867542dfb2fb0575a0d3174e

SHA1
1a5868d6df0b5de26cf3fc7310b628ce0a3726f0

SHA256
044cac379dddf0c21b8e7ee4079d21c67e28795d14e678dbf3e35900f25a1e2e

SHA512
d8220966fe6c3ae4499bc95ab3aead087a3dd915853320648849d2fc123a4acd157b7dba64af0108802522575a822651ecc005523c731423d9131ee679c2712f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9004b9e98a7bd795d7670fa6e69de818

SHA1
da9da43db6bf4293359ceaa5314fcfbbf08d3783

SHA256
fee95538318b0e1e209193395d6c44e0708b778c689709356deb918f5008137e

SHA512
6466962a2c36039624762dfd93f3633fe6287d0b9199617b60658d26a68a2099d04aa0182c059eacf9d09af2c7830a9acc914561cfb003d60e3ecbce0c40cdca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
13c3aca8f3fe192250eba0544d33f5f5

SHA1
7e2bb22f8838528552b02fd72aa9212310acf847

SHA256
037ce76a5c416d9438b0b22dbe6ab8dc7af5c3321ff4cf0f6d0d7832f197e2fb

SHA512
9de829cf5cbb64806cd20ceeb4aa0d5a6c582a21842ddf7a58580d338d4cd9aafad35b0f9a82934432421ebf5c2cfe6c3d1711f1998a68c214db28f841044d1e

Download Submit
memory/4824-129-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download
memory/4824-130-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download
memory/4824-131-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download
memory/4824-135-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download
memory/4824-137-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download
memory/4824-136-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download
memory/4824-138-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download
memory/4824-139-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download
memory/4824-140-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download
memory/4824-141-0x000002CE97D60000-0x000002CE97D61000-memory.dmp

Filesize
4KB

Download