Overview

overview

1

Static

static

1

URLScan

urlscan

1

http://ocsp.globalsi...

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-10-2023 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://ocsp.globalsign.com/gsrsaovsslca2018

Score
1/10

Malware Config

Signatures

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 56 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ocsp.globalsign.com/gsrsaovsslca2018
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:3564
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7f7d46f8,0x7ffd7f7d4708,0x7ffd7f7d4718
      2⤵
        PID:4728
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:4124
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        2⤵
          PID:2940
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
          2⤵
            PID:1940
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
            2⤵
              PID:2760
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
              2⤵
                PID:1560
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:8
                2⤵
                  PID:4712
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:3304
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                  2⤵
                    PID:1084
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5248 /prefetch:8
                    2⤵
                      PID:4088
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4584
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
                      2⤵
                        PID:1936
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                        2⤵
                          PID:4448
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
                          2⤵
                            PID:3980
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
                            2⤵
                              PID:4868
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
                              2⤵
                                PID:4844
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
                                2⤵
                                  PID:3776
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
                                  2⤵
                                    PID:3204
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
                                    2⤵
                                      PID:4656
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6068 /prefetch:8
                                      2⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:5472
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4416 /prefetch:8
                                      2⤵
                                        PID:5464
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
                                        2⤵
                                          PID:5880
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
                                          2⤵
                                            PID:6048
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 /prefetch:8
                                            2⤵
                                              PID:4620
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
                                              2⤵
                                                PID:5728
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
                                                2⤵
                                                  PID:5716
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
                                                  2⤵
                                                    PID:4844
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:1
                                                    2⤵
                                                      PID:1472
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6752 /prefetch:8
                                                      2⤵
                                                      • Modifies registry class
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:5504
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9533388592247583190,3260332589216234130,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3952 /prefetch:2
                                                      2⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      PID:5284
                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                    1⤵
                                                      PID:1112
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:5052
                                                      • C:\Windows\system32\rundll32.exe
                                                        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
                                                        1⤵
                                                          PID:5872
                                                        • C:\Windows\System32\svchost.exe
                                                          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
                                                          1⤵
                                                          • Suspicious use of AdjustPrivilegeToken
                                                          PID:3408

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          1222f8c867acd00b1fc43a44dacce158

                                                          SHA1

                                                          586ba251caf62b5012a03db9ba3a70890fc5af01

                                                          SHA256

                                                          1e451cb9ffe74fbd34091a1b8d0ab2158497c19047b3416d89e55f498aae264a

                                                          SHA512

                                                          ef3f2fc1cedfc28fb530c710219b8e9eb833a2f344b91d3ffb2d82d7bbedbc223f4b60a38bea35b72eb706e4880ffcbb9256a9768f39bae95c5544be0f503916

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5ce490fa-072d-4e64-88c2-30c2cd6f2005.tmp
                                                          Filesize

                                                          7KB

                                                          MD5

                                                          f12d44d9dab716dab8f431b19128466e

                                                          SHA1

                                                          8ca1289d76d944a54ee52f331578e1b025b633e0

                                                          SHA256

                                                          0c582ee2332d3109828a52a09079cb892384c9dd2aeb7e44966128d5bac0bdaa

                                                          SHA512

                                                          39424118307e65a43ec7d4610bcee92dcc15ce0ece0ef04b048ef4a03bd0bb253c491b4f88194874fe6e84a122c2de5b029b353bbd2ca2cd7bcfb2d45a9bb0b4

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
                                                          Filesize

                                                          185KB

                                                          MD5

                                                          a9673bd087b4e5e2cd21862f8b7d8054

                                                          SHA1

                                                          0854f56b37b3c7c3938ebdd75a79be32c94b281d

                                                          SHA256

                                                          d4226b650de255fdc92e6ba1b89181c445fa23e82e86a1de62059ffde35081b2

                                                          SHA512

                                                          3e919945421b284915da26cd49d55db1e4c5b0530cfafec936982e2b6f400e372b98df78d1f07813a473cf9f26699e9c1ffa555904d6d2b4fc819b2c202afaba

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          591808970160f74b1acf2eceb6fc606f

                                                          SHA1

                                                          947512a627000bdfe36bf9f6f386ea677a4db1d0

                                                          SHA256

                                                          201909b6f5c7f9065013ba558e42eedbedf88b83bf28ba9b99b75158d854cf80

                                                          SHA512

                                                          07317e1420724fba78cef101910a574b3fcf40cc7dd39aa3c62291472957ce3f320e7ee4c8514734417d38146bce98ea5da09511f8168de0456c0a9b46bfaa5b

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          111B

                                                          MD5

                                                          285252a2f6327d41eab203dc2f402c67

                                                          SHA1

                                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                          SHA256

                                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                          SHA512

                                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          2KB

                                                          MD5

                                                          c76b51983a3cf46713a2e2e342b0de20

                                                          SHA1

                                                          db6b96db53108a75877c6100f57c208d05a305ec

                                                          SHA256

                                                          f28e32c8edfde218140a4b04952af74582d73f396f7a32ad4d903727fe978c48

                                                          SHA512

                                                          47f91d00b61cb01c60b64e7fb606fb7690ecbb22fee7ce0dba460446335b9a53bd1ffb514a091cc7e58b229aa1ebf334b15d20621ea9f9a648a089e2c4eee1b4

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          908fa7e5300462a9a422a84de8febb18

                                                          SHA1

                                                          6474351d3795803d61ab645ec30ae3c92601fdcb

                                                          SHA256

                                                          3a804b60592d10b485805d547f2fa20369e9d613f06437adf616bf7b80ccf295

                                                          SHA512

                                                          73517abe5d0d498e2b5d3af2f91d0c73a2c44619bc8058b47d627e5246c9436d9e175f32ae45c19ee70a0d685b3a4d85914e06cf4787ab63879c5d24d89acef7

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          9833e3723c786905cd0da7895ffd7569

                                                          SHA1

                                                          caa4d08044b057cc3fbe1bac294d7cccba7953a6

                                                          SHA256

                                                          1519d16bbc96c2527a23a28b887739a55c89c8a17da0b1773a596638ddfed385

                                                          SHA512

                                                          c127285a95d1b98b833bfcdb87f536dbdaa3d0f7cc7fd8c4cc37c19e0f424595dc9a9015172789ad41a6a2152a52c14b577a0c143fe68bb171ea2c40f2627df4

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          5dc2127b1319d8ff01aa33d160a1f62a

                                                          SHA1

                                                          9c66c095fbfeba30282743b103c2fc229f556b8d

                                                          SHA256

                                                          a483c0aaa27ac792de3d63eb8b195766595a9abe152ed6e2573a95dec1a9cb71

                                                          SHA512

                                                          263075e2f3d22d109d6017b14d21492d8125533a7af8b1241c5e57e101f113ab674b155a4b440773f523714cecc22cc50a3920edfda54b5b30c49273e6139b0c

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          8KB

                                                          MD5

                                                          b98d3eaf1fb0794cadf74a8b1a878612

                                                          SHA1

                                                          205e19913bdf9a7691e5da1697381fadc75f39f2

                                                          SHA256

                                                          fb9e1858019c89978f69c645087a200b6197810aa29ffe07e2c6c025ecf548c7

                                                          SHA512

                                                          484e488d6d7a7375288400d8cff966e98f74dceb20ead5b292dc019dc102cd226b5916ffa7e5567bcc2214bf132f76f22858e755ab0678a304830779d7126c86

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                          Filesize

                                                          24KB

                                                          MD5

                                                          15ad31a14e9a92d2937174141e80c28d

                                                          SHA1

                                                          b09e8d44c07123754008ba2f9ff4b8d4e332d4e5

                                                          SHA256

                                                          bf983e704839ef295b4c957f1adeee146aaf58f2dbf5b1e2d4b709cec65eccde

                                                          SHA512

                                                          ec744a79ccbfca52357d4f0212e7afd26bc93efd566dd5d861bf0671069ba5cb7e84069e0ea091c73dee57e9de9bb412fb68852281ae9bd84c11a871f5362296

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                          Filesize

                                                          72B

                                                          MD5

                                                          4cd33c5a05e0ff9da4d167af7d5cdf00

                                                          SHA1

                                                          a5db8435f63e3171a714c9087c51b3cea86ca503

                                                          SHA256

                                                          28057aa8765045f1ebe11a149c6faba4569974cd5f7fe50a93fa0f924e4c7ab5

                                                          SHA512

                                                          cd2bb560792a843c5d384b924bf01a5f851a5afeaecc5f68dbe95772c4e1434055a6399c8b580ffd904c883a3fa55302800ccc7c54dcdc6a1ae5271d6ee20198

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585b89.TMP
                                                          Filesize

                                                          48B

                                                          MD5

                                                          b73c8c9e5f335663fa05977e5ae681a2

                                                          SHA1

                                                          38ab33e004a995d7103ccad38421cbd39c48e66b

                                                          SHA256

                                                          652bddebb40918cd71907be047d71f2c74d66e27a9698b33e811744d2050c7d5

                                                          SHA512

                                                          5dcc396c8fee34ace9b450f402f9582d0a384635b36aeaeabbefff4dd9cfc6e1a89d92e0c8de332d5fdc0e01e267f3f6cc2505382b51fbea975aec78ab8f3f02

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                          Filesize

                                                          1KB

                                                          MD5

                                                          7cc2a829d64a883384cc8fef8e532fe3

                                                          SHA1

                                                          0691c73e5dfca6d4d5e33b578f3237eb2111cae5

                                                          SHA256

                                                          0e67e622df1ff1a11b82b3d265d21b4ce71d9a3482d0706aa1bb7f544084fe29

                                                          SHA512

                                                          d0e873527d238c36c96d8a0f4cc16a145b30def75e0dc05da823a04f76dac52d558a1fa4594a879c2e5c46bcc88c727ff9185c90e9e21ae0cab80719579bbb89

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5827f5.TMP
                                                          Filesize

                                                          533B

                                                          MD5

                                                          7ac3eeaf58cfc8ea8b1003867a893489

                                                          SHA1

                                                          ed26d1ca9cc6dd36ad342911d47b6a2f1fa9c5db

                                                          SHA256

                                                          8335c7aeef7a336eb56a33ffdbf4fde756304b6abc0050f0b1c266ed66437436

                                                          SHA512

                                                          2e5a4d826687c9230331265eabd2bd5db43ea28c52d99f4f57703af549a5a975d3a15d36959290d75fe9afed8e2534dd2db1bb60933fb006843f8588be25a3d2

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          6752a1d65b201c13b62ea44016eb221f

                                                          SHA1

                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                          SHA256

                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                          SHA512

                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          10KB

                                                          MD5

                                                          247447bd46f2b30eb1dcea87fa91f827

                                                          SHA1

                                                          6904b0f98ed56effe2ede2b20fcda0b7507289f0

                                                          SHA256

                                                          597bfd290f5d473ee31665bd1435da830fa58f48a07f2f13d4f5da4f8dd71bc4

                                                          SHA512

                                                          63683d3ec91e014a8ecbe6aadc25da6f1478a6f767c11c952dabe5c371d83aea20cb9b4a7160159eb8a19e3b79622d6e4ab9410e9d3ee8af237bc5685184d7c0

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          10KB

                                                          MD5

                                                          8dc6a33e6cc053e274383dc0d6877f48

                                                          SHA1

                                                          3f15232dc2f8b5f0eac9ce631fe6ada4e075ed1d

                                                          SHA256

                                                          d7ac2dddbaf2d7d2833e6cfa4a62ffe0520fec33618f9af4c55830eaed2753e2

                                                          SHA512

                                                          cc24d4409cc34f94f39d1d2f077a158e5ba125f4a9d3241f0a32bf08c36e9a29f886fe6ea4551a6184768b672a3d5fe90c1efdaf5e0e88e648e04bb23310f3da

                                                          Download Submit

                                                        • C:\Users\Admin\Downloads\gsrsaovsslca2018
                                                          Filesize

                                                          5B

                                                          MD5

                                                          4842e206e4cfff2954901467ad54169e

                                                          SHA1

                                                          80c9820ff2efe8aa3d361df7011ae6eee35ec4f0

                                                          SHA256

                                                          2acab1228e8935d5dfdd1756b8a19698b6c8b786c90f87993ce9799a67a96e4e

                                                          SHA512

                                                          ff537b1808fcb03cfb52f768fbd7e7bd66baf6a8558ee5b8f2a02f629e021aa88a1df7a8750bae1f04f3b9d86da56f0bdcba2fdbc81d366da6c97eb76ecb6cba

                                                          Download Submit

                                                        • memory/3408-462-0x00000204946A0000-0x00000204946B0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3408-478-0x00000204947A0000-0x00000204947B0000-memory.dmp

                                                          Filesize

                                                          64KB

                                                          Download

                                                        • memory/3408-494-0x000002049CB10000-0x000002049CB11000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/3408-496-0x000002049CB40000-0x000002049CB41000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/3408-497-0x000002049CB40000-0x000002049CB41000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download

                                                        • memory/3408-498-0x000002049CC50000-0x000002049CC51000-memory.dmp

                                                          Filesize

                                                          4KB

                                                          Download