hxxps://replika[.]com/

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
08-12-2023 00:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://replika.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1456	msedge.exe
1456	msedge.exe
2936	msedge.exe
2936	msedge.exe
4516	identity_helper.exe
4516	identity_helper.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2936 msedge.exe
2936 msedge.exe
2936 msedge.exe
2936 msedge.exe
2936 msedge.exe
2936 msedge.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 5912 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	5912	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe
2936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2936 wrote to memory of 3704	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3704	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3540	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 1456	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 1456	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe
PID 2936 wrote to memory of 3420	2936	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://replika.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff921df46f8,0x7ff921df4708,0x7ff921df4718
2⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
2⤵
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
2⤵
PID:3540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:4580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
2⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
2⤵
PID:620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
2⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,11308867605302175145,15665729138149077779,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5080 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5760

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
6f17d201a62bf18f6cbd01b23b72a8fb

SHA1
1af5e43fb9aed83487b31c1d2d28e73c2a158c13

SHA256
6cc8937137ff604ece72ccb17148f814d3d86d90c940b0d21fe679b9914a5718

SHA512
b548cce56ee8d3fc88fecf74225c8ae1b983e0f79003145d5ffc70466a23f4fbb868a1bf01c85b30655c66f46e6011271b4156faa9f1c8c227ddb21febbd9752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
58a9ee207caef8b6881b10e37b4cbc97

SHA1
fa5f0c8626915f39161abb48df2212a79c9c6abb

SHA256
fa60e147e18bd39cb6ce21d725ef37a2072d1d682547d9f7393d3f99e63711f4

SHA512
dd20d10299a8c628c74adb51239c3869a01a731e42946f0039c9138c03524d8c8a940716226f10aab0b0c7aa230195a27e91aea54eed611c6e5dc9f02fa90355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1024KB

MD5
a3e64fda1a3fe8e81d3e557b4ca8d50a

SHA1
ae924ffcd832832c0c7a79d764088c340fdb0a3c

SHA256
77f192dab72db61e10952ba9b0f00cfd8f1c69247a3fd6b7aca1b8736e569efb

SHA512
ca50fe9964aba59254ee97c05205401e0bb1f1062d8561f856dba0aa0533f465ccb81c88700eefac62847f05bd6946e9b2dae1b9f5482af44310ac9cdd94f105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
529KB

MD5
e84a71bbe4fdd72f4329aab267af1cb1

SHA1
8d5586af94743a1f8a9b6e10ec5dfe3bf63feb19

SHA256
ec370beb065b3b4feec1d89edfaa0f2f2dfa7a9f0c4be65cdad1f07196040730

SHA512
c3a963e88c46e921c7fddacf5b2855a3c79654875f3ca66366b84d05e03f82993c0c9bdb40eaa6373830fed0dfa1836d5e266d91475ec18b9f5a9c3dcfd77ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
d8bdd9a2106ea12530dcdc360fcbabca

SHA1
ccc66929dd69b2e7946967dff3bd0b128fcb777a

SHA256
ea6a886c34441c362a3b7db9ae9149ed87ff6f4c713dc9a0372cd2aadd0d2962

SHA512
777baa591d3cfdc3fdd8df049c4f1cc90a9948642081db17ed08d517d2e3e53781fddb6cf77415a9957d18bbded55acf8a351795e07dbe5409f2de4118fd8388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
717b04fbae4d564abe8fa73d30ca3feb

SHA1
fb532c9d8d4935f464baec9adc9f10ff27deb548

SHA256
d2849932c917329effa33b0f7d2e93b5c78c9e80117e40002abaf7a1d130b2cb

SHA512
95cde1c07e0b2d81dbff522d9dc1ed87bbde38e1e91e8003d0c539d86584a8a33744e44ef0448bf8d8eeedd0ebd6861f5dad02982e9406c80d7b02513c821797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9a6721057bac9e91aabb1a27bc925452

SHA1
8e1c2054dececb1ca4237e282f7800e8457e8a53

SHA256
b3486d39572507b60eae305ff5f8e884b8e0a4f99ba11f4d3d77e35b99a0bfed

SHA512
91ad20fefa78c118084b5e8f4a4dfdba3183f23ed969265f9a160fef29de4a26803c3ead4811e4d0999585bdfaca0631f7d0e22437670962c82444eedf11bea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9e103d17d1908277e6ab58448061a70

SHA1
a9b27083562284fe54048e3ec6281a8402c3204a

SHA256
46f4895af3beafdcf2ac8f1c1c12d23b4ffe199a12f3fcf03878c66d1da04255

SHA512
e8b4a98f2437f6e9c89d3508a1228c6fced01c0d93524c03d1a28840b112d243d20110649f57fad8c84a47e55dc0f3607d04f5ff9011ba322f93bb1ec1782536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
319779890df5cbbc1ce967516b21f1e2

SHA1
11e050f4036df78be38255cd8314dbc9b500db8f

SHA256
2acaef4232bd0a581ab41b4345c8455a1547a25cb4700d68769c516b9d9ac339

SHA512
5de6dbe76981a7aa63f9e6cf485b6304a3bb34d0b645f72d62cdc6adc1adcf58d1305262af4ea8af2887e9a99496bcd490e27c550df5e50e24dc7a9131aff4bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7be049d7c959fde1e41f35b7a720efe9

SHA1
52ad63c6660922da4e8f6adeb3ffc02c4680b5f6

SHA256
3e0f584c3f5eed5d694d28d0341dbeccd25f72ffc95dd44082cd087a8e7dddb3

SHA512
4d46689ec5be60bc5e4de95f0547bde8670a99c483fe9395f2df77e78a4f1f438d5865a024a6daecce3c0e7314d006b3e84682bc7e201e521f7c33b3343590da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
adbfb315c534ead7a69afe5685e15c35

SHA1
2cf8577135ab1071b4774a3b53c100ac9a11c498

SHA256
5ee8fcc0d88f13c2e944e7b2247851ae72550db86b9529615f42393b9b85b48b

SHA512
301dcaa367cb825b90eeee7b2d991a7fdee24713237af1f12d4e6009fd4d3dc67dd2f7df3c5c1646d292b37ceba043fba72b6c647d0fc56c43e3810160459ad6

Download Submit
\??\pipe\LOCAL\crashpad_2936_IDMKUYPYRJXECDBB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5912-250-0x00000251A5C00000-0x00000251A5C01000-memory.dmp

Filesize
4KB

Download
memory/5912-257-0x00000251A5E00000-0x00000251A5E01000-memory.dmp

Filesize
4KB

Download
memory/5912-248-0x00000251A5C00000-0x00000251A5C01000-memory.dmp

Filesize
4KB

Download
memory/5912-249-0x00000251A5C00000-0x00000251A5C01000-memory.dmp

Filesize
4KB

Download
memory/5912-231-0x000002519D640000-0x000002519D650000-memory.dmp

Filesize
64KB

Download
memory/5912-251-0x00000251A5C00000-0x00000251A5C01000-memory.dmp

Filesize
4KB

Download
memory/5912-252-0x00000251A5C00000-0x00000251A5C01000-memory.dmp

Filesize
4KB

Download
memory/5912-253-0x00000251A5C00000-0x00000251A5C01000-memory.dmp

Filesize
4KB

Download
memory/5912-254-0x00000251A5C00000-0x00000251A5C01000-memory.dmp

Filesize
4KB

Download
memory/5912-255-0x00000251A5C00000-0x00000251A5C01000-memory.dmp

Filesize
4KB

Download
memory/5912-256-0x00000251A5E00000-0x00000251A5E01000-memory.dmp

Filesize
4KB

Download
memory/5912-247-0x00000251A5BD0000-0x00000251A5BD1000-memory.dmp

Filesize
4KB

Download
memory/5912-258-0x00000251A5820000-0x00000251A5821000-memory.dmp

Filesize
4KB

Download
memory/5912-259-0x00000251A5810000-0x00000251A5811000-memory.dmp

Filesize
4KB

Download
memory/5912-261-0x00000251A5820000-0x00000251A5821000-memory.dmp

Filesize
4KB

Download
memory/5912-264-0x00000251A5810000-0x00000251A5811000-memory.dmp

Filesize
4KB

Download
memory/5912-267-0x00000251A5750000-0x00000251A5751000-memory.dmp

Filesize
4KB

Download
memory/5912-215-0x000002519D540000-0x000002519D550000-memory.dmp

Filesize
64KB

Download
memory/5912-279-0x00000251A5950000-0x00000251A5951000-memory.dmp

Filesize
4KB

Download
memory/5912-281-0x00000251A5960000-0x00000251A5961000-memory.dmp

Filesize
4KB

Download
memory/5912-282-0x00000251A5960000-0x00000251A5961000-memory.dmp

Filesize
4KB

Download
memory/5912-283-0x00000251A5A70000-0x00000251A5A71000-memory.dmp

Filesize
4KB

Download