dd1f48a0993e19eb838150288095bb5326ebb4a54f69168f061a4bf12ebb6a26

Analysis

max time kernel
156s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1dfbe5f63e1127512c0b7767f5df2817.exe
Size

64KB
MD5

1dfbe5f63e1127512c0b7767f5df2817
SHA1

b82c7f9c433a93b05806176c86351cfd2e3ac257
SHA256

dd1f48a0993e19eb838150288095bb5326ebb4a54f69168f061a4bf12ebb6a26
SHA512

aefabe5d9ec7e084a4b53007f81e85bca751beed358757335d1f08c76bc9df0020a3472ef62a1edae3d88d018ea142380dce862420494c9505b11fda28c4c1c4
SSDEEP

768:ICpqFQuwuL+9WiMOfP6gR0z96A0716ezPet24jtVjhzJ3GbFF8E0yyLvwvuXs8x:vpqFQqHJOfPZTAFTnV13IgyyLYvulx

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3692	msedge.exe
3692	msedge.exe
656	msedge.exe
656	msedge.exe
4744	identity_helper.exe
4744	identity_helper.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe
3076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe
656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4568 wrote to memory of 656	4568	1dfbe5f63e1127512c0b7767f5df2817.exe	91
PID 4568 wrote to memory of 656	4568	1dfbe5f63e1127512c0b7767f5df2817.exe	91
PID 656 wrote to memory of 2756	656	msedge.exe	92
PID 656 wrote to memory of 2756	656	msedge.exe	92
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 392	656	msedge.exe	93
PID 656 wrote to memory of 3692	656	msedge.exe	94
PID 656 wrote to memory of 3692	656	msedge.exe	94
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95
PID 656 wrote to memory of 1736	656	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\1dfbe5f63e1127512c0b7767f5df2817.exe
"C:\Users\Admin\AppData\Local\Temp\1dfbe5f63e1127512c0b7767f5df2817.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.terra.com.br/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffd73e146f8,0x7ffd73e14708,0x7ffd73e14718
    3⤵
    PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
    3⤵
    PID:1736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:1444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
    3⤵
    PID:2928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:1
    3⤵
    PID:3576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
    3⤵
    PID:3464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
    3⤵
    PID:4316
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
    3⤵
    PID:3988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
    3⤵
    PID:1392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
    3⤵
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
    3⤵
    PID:2344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
    3⤵
    PID:5056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7828 /prefetch:8
    3⤵
    PID:5400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8104 /prefetch:1
    3⤵
    PID:5352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
    3⤵
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8584 /prefetch:8
    3⤵
    PID:3260
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8584 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
    3⤵
    PID:5552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
    3⤵
    PID:4428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17905311250311843434,4990649809320929262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3112 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4724

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x394
1⤵
PID:5772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
1024KB

MD5
7a71a721c0579001859e5b35eaaf92b0

SHA1
92b8bee5f6150c2cc835e0879c49064b681e0188

SHA256
ba74640583b8f1c06d2091b24b85c2a22a4a75649d00a0273e53ab132dc9f35f

SHA512
a68b44a5267ed51c0e817a68789bdc3efe1ff35b11429f653739cf4b7ad992b9d75d0a786ffa7872ef7dbbe235f1ebf261fb0d2cadd52e432ba1fd2b13517218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
31KB

MD5
9c7ea200afb2dcee2da5233f1c55e97a

SHA1
ab32e8f411407c2fcbb115d785e8c4d905ee0247

SHA256
17d6efe2bac1da8ade273d0ece69aa09de79305f405e045e9413dea1b3f022e4

SHA512
da3dc551c7794552514b378d8cbae9fd0c32712663b947654967987b530707c82dcbbcd6c56662411cfc59da453861807ca5a527c980ce35534b495c15b88271

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
fbfcd330226e6686034dbce0c96092ec

SHA1
bf5d26b0feef52618bb3e3b94fd70a3538a51712

SHA256
bcf0cf7a2644ea1a961697a3323d22bfe5ce9703a8fdc173e1c4e28c0c866c2d

SHA512
231ca85661f6152bda18ba585adce594c9c5d06043d34e851e098d9851869f08f60dc7be4fb43cf64d49f37d2db2cc8b8e1a6ec4e8bd20ab5cddc94e290040a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f2c0c03c74f941694dacefb70dba819

SHA1
4b7814dc50c6cafc757355be31e518f3cc33ee04

SHA256
ef4dc4c09cdd2b8bb75e6135c979dd7b3770221a9a5c15f963a5b0f69bedf6f6

SHA512
5b0cd272feb03ba476c5484fd943da873da03f6d7bdc1655241847f3e16451104041c587ebabb1be85d3e0591f5ad28db672a328df7dedb9f23356845f01d7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f7addae19186062bb73c9249ea065d86

SHA1
c349688bcc398629e539509662e41b40d5374f7d

SHA256
43a69527f2ec6832cc1254ea215cc43656216dda726ccc00e266906feafbe11b

SHA512
639af8fa416157ef068dac2d5f08798dd31e4aee96afc1d7966b379be7208b6b4e6cfdd2d1e2e95360b39ca428d31a0e540151e699ad4dc2ed875b473d6be486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.terra.com.br_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
e272b7df3be50e269adb27450a869c4e

SHA1
19b5398e657dbd108e92e3e41d5ec094b10d5517

SHA256
6061ca4486b68841e0cbc745fd5a9aa7e1c87e3bc0d5f340876f3197039b5e48

SHA512
ef47784b5e0173bdd6d6fe84c3d0f262866d122a999f4d2354cd9e063f4c7aa9bd6a491c0ee3923bb087fd673888a0f342434b3e391f3e432bf0387c8bc2dda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cc1c10a6b81cb7e738ca628d8b97aea5

SHA1
0d4ec11c96e845ca410221f15074e644135f5d40

SHA256
aba2d1a29d09ea57ea9d1f98484a3582e8e5b21bb9f7a9269921b8e3e4b1bbda

SHA512
bbf53c7a28e8ccd5de43324bf7189d1861556b9a809027606c3c390098c547ff3abbd3e7b422f17ae7aab9848b78038cca6ade3c11af37bbae5570bf06e8e658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
470f878ba848f3f3b32b8f28e4ff4278

SHA1
8799683ad869143aef375598fe97fdcab95a23c2

SHA256
867f0832f4d07a17a72b8ddc49ccdadea971021f223529bf39d7e50312ea21f5

SHA512
b842ca0e82ab11229ad41d2795ec742f3f8f9c00da5794050584da0ceb067f447319a99209f456d44b6845e98380ea293fa82a67f79bb433f8648391fed2c3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
095623ec21da0d3e9ca4a7942e8540b4

SHA1
d41d3d780e62d559377d4a527c013b622602608d

SHA256
09ee207d38dddc0085ee97922e8a2439bf026f0caea09927ba680af21b944763

SHA512
c0d4690ad9a632a460bec83dfa6733aff495a13b89f865675895cb026f7e31545e5096459080f1f647c7a35b3c612aa3bee2f16b401056c4cfd3e260a3f4c283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
05063009efa990cc3ca8a2703dd86819

SHA1
bdc0919111e8a3129f1b3d4b16edf7848a35c840

SHA256
2c43057c7bed5305ab917c7b86771af9cfa8abe68d0f16fa4d23998886cab41b

SHA512
92a343814027e04714e31bdf07694f46faac5419ffc5c88ab9f2ded8691fb2e1aa7b8947e1538e23450ce62b920a84c9d1228871431bf1cb483ef56f22229a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0b6f8a99f8133f4312ac51a8b795b1d3

SHA1
228ee346af1e207d86ac9369f5ff2adb8fb48357

SHA256
52e7ebef3d48a0a0cb78884dd31d525334bb454373bc954b134fe89a1402d979

SHA512
ae76428ed791d2dfe51773158c8c71abb5cf6e0e9ba35f914a46ba337523073c547c7ea04557fd4edf86193b538fac86a8b2220cad8cc468e9d16f2ae770596b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
af5716bf69a19cbdbbdb17162abd436d

SHA1
485a11024aa77bddfecdfa0bdfc45b749b4c860c

SHA256
07c233c56374ea589d4f34fe27e7dba92e0b82347289164601c217fa3a1a28a8

SHA512
e3a7979d06fddde8b7eb5a52e4c7ea2c75b7e55ef94fe15a3f61ed2b2a606d3d14b4c3330932b76ed53ac15fdcb8baaae0a00cd2c4a067e88bbe3cc84427ed91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
b29f590ff2c031cdff6ee327b9d0bfcd

SHA1
453dd8e9b151b9bdaf2b19d3ac3d80d46d39d8f3

SHA256
718be9ed6a62aa5bcc82376ec7f7120758b65db2d0f4e01dfe6bc42450e0d410

SHA512
4eb58a8ce52e05a2fb3f147ae26ff16d87a73834f6b61779b02f8ff75956967a691feacb6d6729ad439fd52639a6995badeba69d5ac5b9695b519c14c8c88efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99812ed5032338adec55fcabff4227bc79101f6e\29c4ac69-5401-4be5-a367-19dddcb3f06f\index-dir\the-real-index

Filesize
168B

MD5
f370f1a044157539001fde692758adba

SHA1
d03a43ae0f28e485fd0c9fee09d52b9ca22ab5d3

SHA256
17e74f6cc3508087357efbda4010e7a1c291baaa7588e49f6dab0c1675dd23e5

SHA512
65ef678453b7207c972d089d782fdfc5446512d2c9560e9f1e3934eeef4c4000e61921758b9bf52f0ffd447762d2d99af7c9a5f2975789350761ec5a6777834f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99812ed5032338adec55fcabff4227bc79101f6e\29c4ac69-5401-4be5-a367-19dddcb3f06f\index-dir\the-real-index~RFe57fcee.TMP

Filesize
48B

MD5
872c96a6a8f0d997116a39d45e6c5b48

SHA1
efcda4af9bc313a750b01ad16ab53f3a76560078

SHA256
eeb796548c3d4ec5164ebb0a5bf56825581c625f96519d26d685bdfe4f971b39

SHA512
7454a2be8cc0e61c5b417edbfbc4ac061f5263102bebc20c9d95add74743eb88e2299f8222b2ba07734d50061e2f1985db4df34b1ea5153c967b6511da6d414e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99812ed5032338adec55fcabff4227bc79101f6e\e680b8ae-5e89-41ad-9800-0a2d574837ff\index-dir\the-real-index

Filesize
72B

MD5
5f8be50f72cd9760ac5fd6461ee4f3a7

SHA1
28b0d2ab51e5f644ebd5d46564f8e62975632118

SHA256
e5476123a6f7090e2cca5664ce7cd6161e2dda58dbfa18586bbbc27938c35e37

SHA512
36d5961b5b5616efe731b7dbe12698c95ab26452d029136865ed9a01d438b47239c1f70ce9c16b80e714b83db1dca76b0659ed36e3aff68e09519aef8135477f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99812ed5032338adec55fcabff4227bc79101f6e\e680b8ae-5e89-41ad-9800-0a2d574837ff\index-dir\the-real-index~RFe57ff20.TMP

Filesize
48B

MD5
4278356af48502b35919c80507152a62

SHA1
33e68c441c268b7de0916077d30406522f75a092

SHA256
e8f5642b45bb2bad33456b3f1a840a9d7b7c4d9576d3c86a6737e91339af7ae0

SHA512
676eb620e996e035013f9d24cfe9f9a470a1e4e645b4da21dee434a7d19e9b58a995437a5491543e4423ab82c999639158d691db1d5194f895a08d2569cc0902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99812ed5032338adec55fcabff4227bc79101f6e\index.txt

Filesize
93B

MD5
bb2931194faf944c436a1aa82e1cbf20

SHA1
60084586383fec24d455e8a49bbe88c39a01d283

SHA256
f781a65fd389cb0d5280d871d4a23076a0848fa575c8cae01af020ceeb5a60f2

SHA512
a93ef28cc47bd2ad52705326cab359ef642c29836cf0c52e5a587cfedfe879652b1f44a867a57cf4571d8f3d577c3bcdaec4da52ccde20d8fbaa316936031dfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99812ed5032338adec55fcabff4227bc79101f6e\index.txt

Filesize
152B

MD5
75d7e9c3f4577e16f9906070596b855e

SHA1
07f77274eb6901d4f14ff8da7b973b216dfa28c2

SHA256
1687b876bcfcd88f3fc32d998d2ae21f267938bf13214f60f16593447748698f

SHA512
a9f584ae4338f30a0ba56ff75051716834cf1d9a44ba91dedbef782162fa8f4bd91ce979aa5eca167b4e4b49c61dac182e5027735b5491598a458419c2ab474a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\99812ed5032338adec55fcabff4227bc79101f6e\index.txt

Filesize
149B

MD5
c2fc95289e46bd211ec10b8b9738521f

SHA1
2f575d572b62d344087da22edee0c664de09109a

SHA256
16939b916091e20636ab436020530339257c92a49ada5a0e398558f50c58eecc

SHA512
b635fd3db5ee4ce5fa9476973a8b9c34da5352195c5ad4f0d29e5110afdce36e7113f51cf22dbd059d2570c954335746458c2197e779542f598e0c6fe4da62c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
f9397749432fd8145b3654664e539001

SHA1
d5bd329c93ed1ebae028662295e3bd374b0205ff

SHA256
6b4fa758ea7826bd2a2e95367eb7d50550e4bea027bd02c1cce88f9d98b6b9f4

SHA512
e630270321bb9af573293042f39eefff286250abdbae9518a9ba210093631a94c6905fad1b27cb14b748fe3341043ee08216bd7285c3f6b8efcfac31e2bfce8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f7ed.TMP

Filesize
48B

MD5
2a35b0bf8e9c1ba3470001d61d31d500

SHA1
e9b0492dd97d5dcaef7d855e2c9f7b0a1c47b7fe

SHA256
fe6a126b73257d47092f5b679a6c1626b945cdbe6c0e502baf48ba35e349d2e8

SHA512
8d78b2f3dcd88a889dad484f52d5fb821d430ade17c4881f4ab1c92094f22963f788fa7d597160a0b40a14484c41e2193e9f39103eb070ea77df0430a72072d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
1ae468f97d8a6edf1e396efa08a6bde3

SHA1
0a69a76e6419417704eab456eb6739a89b393b08

SHA256
ef372bcab3b60b106d7a9b2010ec730f0ab2294b4239c31aeb9a0c0c1369af1e

SHA512
3365a7221c7b1f01c34f4836f584723d9ca2d866d81d47648f5d958046232204299945b380574eb0e02850a4f4a5d6480409a0a0a2272ccaa71f8fcf1c272be3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0c6e6a43af51f27f54df7bc391bce018

SHA1
a7d0fefb9b942f32fd19ae12bc72f01c37d28f9a

SHA256
f6a2d047925260c2bd23e8549bfbd35996e107b4c28d9cf046b5dca5a17dccbf

SHA512
10274271b107c3a6300383645d64f91c3208bf7c5031d4a96c2e22e187ff8fab8907f266a605703f12b9ec54f87c05fa06355f283e3386236e22f961feb3184a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4b4d15ae62c624c66eead6c6c49e1b36

SHA1
7874064afc964d94332615a68627bda9efe36810

SHA256
82868f51fe8670b4a1288fb1fa760c91c8a7c8cfb45268d43baff1b30f028bfa

SHA512
86f6632ddb77c35ab1c00a9fc94aa5e2d644d284b45f59d89571bcc014ba770462763333a01dd3c4e4e4e788de9ceccf3543db46b7525932b6760c7730367a25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ffa606d00394e821709437e257ca52ff

SHA1
10e190f9436a4378c47a354a6f5c9dc252355a9f

SHA256
4c90545c5fc3551c5edb7a06071762afa4f56fe9bbd6c231d305d706ca42c819

SHA512
6c5a571e092fe178321d21e21fff18591023bd7bff1364b7de5e9fffdfbc17f4914eff96f21f31188637634d8c387dfe185611ea7dfc8893dc7c9ed45f61ce15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
22b4d65b8092ace099721f888de34434

SHA1
ca0e57ec8e0d76bc02242b7054384a4fb09496f0

SHA256
298e27e56da4c23096acb7750573e68d67daa8ae5946ae56683c5a8a7a3ea02a

SHA512
8004354be2c0dd52eee8a6bf6f6ad9729b08c7631f8be2b78bdf6697cea8b0fae711aca259895f9426c783c369be76990de57e93172dadee70e115df95e8d71b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580376.TMP

Filesize
2KB

MD5
00c04be78d40857e8138760ea1769c0d

SHA1
1828ba7e13b62519a8b895001e003064c48c7911

SHA256
5e5b16f523077f33ad232a43fd59c5a6d549e14dd32ccb3798b914dd1fb25fe6

SHA512
cae9b32193af0e90c3bec7acedf3f9a13c6b58eb45ce3585f79de5ceae4fde0933478db90ae8ba9e7ebc5bdc15b402a23dfa07845c25f183aa9e350610d3e9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9bf759aa62431558a454e84a9d1028e2

SHA1
8f7df2413b059fd614ae3286e09bc0c7499e58bf

SHA256
7ef63abfb39870a3a18eadf9af1b94255a042b1b0c9c1e5293ba76790716112c

SHA512
0437623cbcaa5555acb26f6aaa63c15ca5c8eb3603859c3b4729056e2fc84c4e5a997c56c20d6f545d628606a210369a1b6bb4f332a358589a4174ad50f5362b

Download Submit
memory/4568-369-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4568-335-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4568-173-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download