Overview

overview

10

Static

static

10

3064-41-0x...ry.exe

windows7-x64

1

3064-41-0x...ry.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    152s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-10-2023 19:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3064-41-0x0000000000220000-0x0000000000250000-memory.exe

  • Size

    192KB

  • MD5

    2bee6f5446dad8ee7a8f5820cecc781d

  • SHA1

    675924021678a1de4b828e448e270349b306646c

  • SHA256

    261485c3cfc1fb8753ba3e984b4d32dffc485a0a66da25dc0174c563e76f8cff

  • SHA512

    2c3874cb0cf4b03c4a40b59b4521d2444ac780b724f71e85f7f27da43b85b193662e45c3060c5b2a99f34035ee0bcd2873640cf11871bde474df80ae1ce5dfc7

  • SSDEEP

    3072:8wSwJp8A/xdimI06X7vV6OPEsUc/W0E0ilHPgM1JS8e8h3:83zAmmI0k7vVe0E0YIM1k

Score
5/10
microsoftphishing

Malware Config

Signatures

  • Detected potential entity reuse from brand microsoft.
    phishingmicrosoft
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3064-41-0x0000000000220000-0x0000000000250000-memory.exe
    "C:\Users\Admin\AppData\Local\Temp\3064-41-0x0000000000220000-0x0000000000250000-memory.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:808
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3064-41-0x0000000000220000-0x0000000000250000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3908
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbf29b46f8,0x7ffbf29b4708,0x7ffbf29b4718
        3⤵
          PID:3188
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
          3⤵
            PID:2944
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:4932
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
            3⤵
              PID:2388
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
              3⤵
                PID:2756
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                3⤵
                  PID:2200
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                  3⤵
                    PID:3240
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
                    3⤵
                      PID:3436
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1688
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
                      3⤵
                        PID:5084
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                        3⤵
                          PID:1304
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
                          3⤵
                            PID:3468
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
                            3⤵
                              PID:1224
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
                              3⤵
                                PID:408
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
                                3⤵
                                  PID:4680
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,3853873060996246649,13632283268876718495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4032 /prefetch:2
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3996
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=3064-41-0x0000000000220000-0x0000000000250000-memory.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                                2⤵
                                  PID:4516
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf29b46f8,0x7ffbf29b4708,0x7ffbf29b4718
                                    3⤵
                                      PID:3276
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:5088
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4864

                                    Network

                                    MITRE ATT&CK Matrix ATT&CK v13

                                    Initial Access

                                    Execution

                                    Persistence

                                    Privilege Escalation

                                    Defense Evasion

                                    Credential Access

                                    Discovery

                                    System Information Discovery

                                    2
                                    T1082

                                    Query Registry

                                    1
                                    T1012

                                    Lateral Movement

                                    Collection

                                    Exfiltration

                                    Command and Control

                                    Impact

                                    Resource Development

                                    Reconnaissance

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      3d5af55f794f9a10c5943d2f80dde5c5

                                      SHA1

                                      5252adf87d6bd769f2c39b9e8eba77b087a0160d

                                      SHA256

                                      43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

                                      SHA512

                                      2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      3d5af55f794f9a10c5943d2f80dde5c5

                                      SHA1

                                      5252adf87d6bd769f2c39b9e8eba77b087a0160d

                                      SHA256

                                      43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

                                      SHA512

                                      2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      192B

                                      MD5

                                      5b24887fe1933f0f9321c2def2fb4d8c

                                      SHA1

                                      43063b27a1088d01549858be068dd91f08296dc1

                                      SHA256

                                      ebcd89704fc8ce0526b0a9e9ae583fe2b9eba89f031f91679ddac132bf2108c6

                                      SHA512

                                      aac444114b602182face5b90894aca28bb02048dabdd6bc1d04d536c92af7c097fbf2277c387040bc1d0911524bf5ad44c98020962b80ddbdb6ba30094e6f04e

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      111B

                                      MD5

                                      285252a2f6327d41eab203dc2f402c67

                                      SHA1

                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                      SHA256

                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                      SHA512

                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      437B

                                      MD5

                                      0a8ea5dae27f141be6436c1a828dc840

                                      SHA1

                                      d69f06ab302b56ead0af142ad60f5ca8acb4f42b

                                      SHA256

                                      24c8b87b69cc0aeee6ce898bce60dbdca51dfa690e7e0720b58a87b9a16e52e2

                                      SHA512

                                      289759ab1f9636c6147526f3419bff7941f77bdc327ba621c5ddbf334afab9723983ff9ce59fb85c3636d63fa402a50becaa9c232c04afc825509652ce2074e0

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      f8bc923b7572a49dbe64bc1c5ca763a6

                                      SHA1

                                      d71fc63c1e2c6a6d30c9a022a144c1606ad2e23d

                                      SHA256

                                      fd2f248aadacb6de06635e6f62dbfdc3c31f1c22ab2468226efd88d3783dd0b4

                                      SHA512

                                      6d523e953678b65773adab973380d9efaae0b0cedbead8b9964da9e8be57dfe3358cf0830ac7cb998635dccb12c0d349092cc04e7a7b35509fdba87bac312635

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      39345eb77be9ba1217eedaf999d44935

                                      SHA1

                                      55cd9364cc17fb493e839cfa77e956469cc2f97f

                                      SHA256

                                      c8756a80fb039df0ef6409d8563522f42de278b52eb76537dbe9f303605028c1

                                      SHA512

                                      c3f44ffc4f054344ece50e7c47a38f6768696b76348b285a5cd62d890bb0ca0fd4d0da6e8c7aad4db93a0a3aad64ac6215ac3c1ef9e17a8d2ca7bb8f597aa8d3

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      9354f067cb23c9294bda5f3fa32102c0

                                      SHA1

                                      b38f21f5ea82803d06c032cb3f037a7a59dc126a

                                      SHA256

                                      fd4d9d831e37ce096b497d92ac34a89bcfc204d2730cab431456195c38bc2239

                                      SHA512

                                      b771ae011895007e38d96e358d07cf2cdb787070ef15be0693f3da0005f2836726c300f3d6321dd414a9642fbf07d9acd5ae5cd4c2a8ebb7d1a3be22230d539d

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      a55a01d10eae8a97b220503bfb69d5d2

                                      SHA1

                                      0c12bc474dd54e5076a34d4cb6ee214587d0e0b7

                                      SHA256

                                      4f7d3d0ece088b3146001b83b76905901179aa3f6e420e34c0d4d6ee68485759

                                      SHA512

                                      5c549d6982c8f4de26e53f831919310833c0b27a0c983675364c6e2ca72cb8b8ead49d5aef6653b178fe8da75346c95dbc850af5e1d86d24f4da8fd4bb9519be

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                      Filesize

                                      24KB

                                      MD5

                                      10f5b64000466c1e6da25fb5a0115924

                                      SHA1

                                      cb253bacf2b087c4040eb3c6a192924234f68639

                                      SHA256

                                      d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

                                      SHA512

                                      8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      371B

                                      MD5

                                      3307a2133427006e550de920d6ab6fcb

                                      SHA1

                                      dad753196c87597e94ad148143feeddcfade6a41

                                      SHA256

                                      9120e2a3e703fb844f1cf1f2f039e3d6a98837677858106da857c4620454b1ff

                                      SHA512

                                      cfb1a04515c9573c0f29d4f8ddad9c7208933329970977b98dff200fbe37433e3fa9118a1f8bc4258d9ed56bb5a2b4f6c01bcc40227752701f0b078c86afc163

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                      Filesize

                                      369B

                                      MD5

                                      2196dbfaebc4761a681e5540e97258bb

                                      SHA1

                                      fd4e2d38308b0214fa3938bf29f34919d6b937c8

                                      SHA256

                                      37f18f609ae3b82968f9e08bceb2c76bc9b5a49af8a6bfb999f6872398890e5e

                                      SHA512

                                      29e9636acb46de256b556efb1fe0f44c5fa4a3c338b62dfbc119d41d2e5a9744d211f23df7fd5a338feb392a0a54f0c214c8a3004066286409958b32f841c39f

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586ef1.TMP
                                      Filesize

                                      203B

                                      MD5

                                      a254b63d66c850bf1a5dde35aec46501

                                      SHA1

                                      a24dfc833088b89449b40bb89d8a10c281a970c3

                                      SHA256

                                      3c8bd55458b08c9d63b5449acac245451a427a207c8a282ab456ae55e32c5dd8

                                      SHA512

                                      8518de32a3dd5def62efcefab0d41cdd5e4c0d5b415a280718c65a5e38a286d2035d6a0f73600675ea3608022fa8e63b345d0893aa5d02cd9115ccf165643b3b

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      d88313221d81da3495bc2edaafc578aa

                                      SHA1

                                      f82556bd16d9053359cc2721338f47869e092a85

                                      SHA256

                                      4e80658978a0d7adac76b0f10c5e713ad5bc47bf37629fd73e09a1e169902275

                                      SHA512

                                      7ebbfa0051752dc88f552b4b891b87e6321fe146f7df2c151c9eb04ebd6ac3b51604f506c1d2b1b8e91a80e5703adc651ea8d923b184b7f5235b89ec75ea2c50

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      ae96673474e280798e5ce3372a7f3d79

                                      SHA1

                                      a4f82eb7aad06fa1190659946c18595311aa4d59

                                      SHA256

                                      86b7a1f82066f60fe42187f2952163624c68ad60ab76e3b42b04d44cd0f17ef4

                                      SHA512

                                      844ffee42851828d7f143352b684834d51ce09860d32ea107e6b76318c9fa175ef81b3f41ffed06c3e108b3d4916393402f2c529cf177171893b689ded802147

                                      Download Submit
                                    • \??\pipe\LOCAL\crashpad_3908_TQUUAQSRRCFVIDKB
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit