f00308aae6f3ec9c123e52e555d70be9649e9d245afb3602abd7b46e0bf1e6f0

Analysis

max time kernel
47s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fc60f052de967809714b2b7726b1c2b.exe
Size

141KB
MD5

1fc60f052de967809714b2b7726b1c2b
SHA1

01551312b357ddf24e108a48fccb894ffd255cbb
SHA256

f00308aae6f3ec9c123e52e555d70be9649e9d245afb3602abd7b46e0bf1e6f0
SHA512

b23dac833770cae7d32dea1676bc57810a5f691d73b9cf436db9e383cd4e3352bf59181915e4c306d00f334c92c4755bc7a8365d4f5a883d2bb989557bcd9a10
SSDEEP

3072:jWO3oqen6Ue1eGRALjahoaMkbXW+bZtXW9FcGKUxEnlon7lVG3Ywg:KADUeMGRCjahVMkT1nGFc36cIG3

Score

7^/10

aspackv2 persistence

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral2/memory/2508-0-0x0000000000400000-0x000000000048B000-memory.dmp	aspack_v212_v242

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wmplayer = "C:\\MessengerPlus\\mplayer2.exe"	1fc60f052de967809714b2b7726b1c2b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4000	2508	WerFault.exe	16

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\Software\Microsoft\Internet Explorer\Download	1fc60f052de967809714b2b7726b1c2b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures = "no"	1fc60f052de967809714b2b7726b1c2b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000\SOFTWARE\Microsoft\Internet Explorer\Download\RunInvalidSignatures = "00000001"	1fc60f052de967809714b2b7726b1c2b.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2508	1fc60f052de967809714b2b7726b1c2b.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2940	2508	1fc60f052de967809714b2b7726b1c2b.exe	101
PID 2508 wrote to memory of 2940	2508	1fc60f052de967809714b2b7726b1c2b.exe	101
PID 2940 wrote to memory of 4732	2940	msedge.exe	100
PID 2940 wrote to memory of 4732	2940	msedge.exe	100
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 2848	2940	msedge.exe	104
PID 2940 wrote to memory of 1600	2940	msedge.exe	103
PID 2940 wrote to memory of 1600	2940	msedge.exe	103
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106
PID 2940 wrote to memory of 3764	2940	msedge.exe	106

C:\Users\Admin\AppData\Local\Temp\1fc60f052de967809714b2b7726b1c2b.exe
"C:\Users\Admin\AppData\Local\Temp\1fc60f052de967809714b2b7726b1c2b.exe"
1⤵
- Adds Run key to start application
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 384
  2⤵
  - Program crash
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=gOO_UqzEc5Y
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
    3⤵
    PID:2848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
    3⤵
    PID:3764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:4884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
    3⤵
    PID:1816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
    3⤵
    PID:2488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
    3⤵
    PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
    3⤵
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
    3⤵
    PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
    3⤵
    PID:3192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
    3⤵
    PID:5248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
    3⤵
    PID:5724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2204,7155335981399386341,13443785806345268196,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5900 /prefetch:8
    3⤵
    PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2508 -ip 2508
1⤵
PID:2204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa59246f8,0x7ffaa5924708,0x7ffaa5924718
1⤵
PID:4732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5684

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x2f8
1⤵
PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
46fca9864d965657a7e2ae98210c2cbd

SHA1
c24a886cbd13e673f1b546c90316dae12709edd1

SHA256
bda878e7e630ac353b810dc17d5ce3be8971fd117e03907e092c45cbb3bd5e86

SHA512
9c80daf7cfc0a441ec6302236059587950d0b0bc20fc5adb465d59bf9fb1c9ec086e612cacac5e95ef8e04c888587d1b0c2a3f8f0e9d31cdc01b682a266f9770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
a15dd24d5b0b385e499c23586e7cea5c

SHA1
a4582cf8b253e2a1599b3806fce816ec363573d3

SHA256
fc05f4451a9f737d9dc1908bd4196a1772a83fda5239ae8f0a4009e8e3f460db

SHA512
64ac845c20c31c1b33e4e6b9fde97d9996645aab6dd02d5e328fe64f71b7fc95c7cfb0aaf5eed17690628f291fd7965b07c963488df2b91287b31c5f51212888

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b3cbe1a369d51ce3a08d460d19086ee8

SHA1
8578db46532ea467c8cec0ade9f22c539137f0ac

SHA256
0dabd9b66abc3dd200ba29dbc899ea960c00ecb8d1928ec0da9cf6b26a522ca2

SHA512
ec7bdefd4fb9fe2c6c680438a040090d9577c069519842f2db23f510029ed83ac4e20349cbde7ac1702e011b6589e9843a8f91666a4034b8041d58232a7a53a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2fa012e673bacc89a684443467f1e58

SHA1
fa4631a54502da9a88bd0ca7153c35bbf92d6a18

SHA256
303e42af989b816cde9176ed3c2cb290abcf3d246c274c39cdbfeb3ffde716ba

SHA512
df8a9cab3ae165766d47882212cb2c6a46c3dfa9bb0d89b71074c1e14d7d24b277000ae5b3cec7c38458098a3aaff4dca04a1d10ef880a0f9fbc2d7b22f48b62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
948795146e16ca9d3a2875e3864ef760

SHA1
52ae565bf284e0761d4b4bfcba84aca64eaf24b0

SHA256
dce44c535e84f952a293a7d27b6c2fb0c18a1d5c14f2965be43192a183d8191a

SHA512
041c7bfbd0b4e4be6fc280fc3230f7331a0f8bff1551c6d19cbb71c770466ddfd83569bb3bc4eebd53c7af179e08004458c3b285a39c04e7a1b7c2f34000cbfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93675515238aa74f681e1d703cec1192

SHA1
e4ec3a18d10da012d86bd38f74e376f2ccfe8d83

SHA256
8caf057751efaf1e8741d882533420c3be5a873da60f0ffee71d86e425eef3df

SHA512
54f27f8f2e05b8b47bb716bdbd94bb108ea130b2a7e64dcd6abe885d15e02a17339cac1f8a03fc8bd6b36d6cdddec3aeb5d55a069ffe5791f2852ff6e940993d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fec5a35444f515c544ff0a43469fa2e9

SHA1
5451ca080d41556cbab87b4791e16731d262f64a

SHA256
dfb11897db4c7f8b9284b315c4a29399db3c97cfbf70e349d834c66101599942

SHA512
f5392c1b5e504aca8bd32da158505e69666bfbf85f6e3d3838212c7b6761268cba20994b7de8c88db8a11b4bbccb9346e9c0ce26aac76b8ba9ec1412ffe78b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\038e03f7-4033-436a-9979-538ae2917813\index-dir\the-real-index

Filesize
2KB

MD5
40f6704ac23d30c438619117c6845d7d

SHA1
3eadc5a2de93b7c4a71a7a387bca07245a2c83a5

SHA256
1c9eaeac0e5f95e0303046c24798c2f21d41158a16d74ea76eeed6e867987410

SHA512
778ec5131e22068f7cf55c88c1ccd3244598c32f4ec2c5b704fe014eb5ee6fa0a08ffe35fae55c1ffeb7c81ed6b3ad201536ff0ca569441722627bdfdeba8831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
a4efde591283ed3982409aaaeee51f80

SHA1
2a48200c31769b7f3467954a1cb291d074ea45a0

SHA256
96ea0e9bf2a5e135f9c93a3b4c8583c5c196846347bf0604179c84b0ac12198d

SHA512
84749667e4c68bb4a638b8c4ca2aa673b0aea0d45fa775267baf741cffb3d84a317ee8f06cebcf8d00fde234f4ca267a7aec18e3840c0e480452831f32373a11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
a558c738a85c3ab861d88ccf78402701

SHA1
18764495b23492a787bf2483a6bf4e337a4dc1db

SHA256
ac12b950113da2c2ec6739ec655e5691ae0e5c68b187c4f28f2e57e781cf122f

SHA512
9f320831c07c30debe1f9dc40d0f0ac3485a617a536d77a397960b2962e64ecef494411d8a430f53566731f871def7c8bfc717afe05fc281571bcb81e76d218f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
f8e706dbcdc046a42168294e215d113a

SHA1
28f30262bb484d25f4a70708021bcd94b0bb2ecb

SHA256
b7795f52c56bf9b496f61c898758cde5154de7219869ac285eebd92208ccf73d

SHA512
da419f6ad3cb71fef67e5e8c974de5a6d5ee1cf97e7f4981cdcccd6d0e48b72130804a02299404104ef07d315dcf161c8c1e7da09f0181d1282ef6189a09deff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe586db9.TMP

Filesize
89B

MD5
f5e5ddd7b914dcd9c27b5396cb514645

SHA1
8779fb2a0c60cf81736f250ac32f9155eab5d763

SHA256
790bf2913edec7eecdd61a0f012a2a56785c791b764a7e2e035ad189937d1c8f

SHA512
3e6e5eb172dc39aa40b0b6c95c00155ace36543224e0a5a74183d3b12d408777be7a554815106fd17c3cd92c8e490a2918b58b4d4e015c19621ca698acc0b16b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ebf377c06321ea71c7918c4856f173d3

SHA1
b0d701cbcc818b6fcb792e705a65715b2eb588dc

SHA256
768ca13674f35a86a1215fd7a7015b057d7fe7e8256859f03e2e081278e57000

SHA512
8de55bca68785f81dcd8792108f7b6398da2107f6ef3be698050cf3bbac4ac184f2d4e271bcc52459db9e7b8f3ff44e1ba131939ba5e79fb98840f76104584dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58bcd3.TMP

Filesize
48B

MD5
44d8e7a5ebf39f6c0c5500cb7e350fce

SHA1
0f371a464fc984b7202ca35977b6b5bc093e1474

SHA256
77b4e24b6a5edb9877a26a085ca590611960ad853fc89a55a40e2d0f04587c2b

SHA512
94f56169c5d572c246ef4b16a371f01095452363c026982087817f2745330ba79b873b3b62708edd0de9502a634d5f0880c84e433d05e1bd4299b9254b1da723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
93bfa3bc509147f12b073c8a4b0463a7

SHA1
aa2b04d0825fd68bc0bc23e2e2299cd1f260d7e1

SHA256
a3ddb282776143998803a30aa9f41d1000793c597d284d33a9c96f0cedf8d49a

SHA512
2aea4372ad6d601369bffe32f12d50c9c01692c250b5cadcb2b02e322ab33c35da4fb3c022c573472f61220c88ba53fa316b5c0b9e01d45659819be2aa40466c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
6dcd1844c7c025c96df10b94d9fb02bd

SHA1
d8cc5ba0348535a482f308cc143fe3a923832533

SHA256
835a6fe873d79265b5adb820e74e29d9374e2dbab1b48e09df78d5d672a9a850

SHA512
6567821c28519e759fc09c263399310684a181748e95e5f40c1c5e7396ce33b6806527dddfee09a1be2963c99387c02998e1548fe07d5542de35cd6bc199df2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
6cd4900e75d682fb7f2ee67d425a6d7e

SHA1
8b06396136961978f05c7c5c34fc605b5f1c0703

SHA256
4901ab0af590e03aef77251119877509bf9e68f14fdd58c6f60aa1136af5350d

SHA512
1e13059c8a777b0e90cc14feb2f4e5b2a38c2ee888077c57212f77cfc34b343ec469943ffa27bf873362df4dc9a8a7e0f458a6b9f3a2930d55f03d9b02958cf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ce76.TMP

Filesize
539B

MD5
ef87a6020961e8fa9ca55db6f7b0b68b

SHA1
65b1439678d3d4fc10c1ff19b55c124a3bfe03aa

SHA256
c68f893bbf6f9320a44d4563e32f68a560a9fc4cb89b2ec378b2bcfc2cb1f31b

SHA512
c359f5eb069b476486273566b38341e0c774045d8fe218b3149ac4c6be684dcaa0c538e40dd4f8cce0b5ea995c19dda4be2faac16a69dabf47499aa6f60c80e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c770b28a06b8e0e17df48901d8bbde22

SHA1
5e83cfa076fea1519c4f49fb212aff14ba656baf

SHA256
a23395e7d3e4dab04cfb198f2af143cb7e5a876818fae6e63f8d7df909679c98

SHA512
efb6be9fe917bee7594631de45dc1e0c26e72ed729392a542431bc178f79ed9b56cc3bb9a268e8d04085b8b97d6a4b2573b312af0a3148f849dca047818dd074

Download Submit
memory/2508-11-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2508-10-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2508-0-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2508-9-0x00000000004E0000-0x0000000000526000-memory.dmp

Filesize
280KB

Download
memory/2508-8-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2508-3-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2508-2-0x00000000004E0000-0x0000000000526000-memory.dmp

Filesize
280KB

Download