980970e24b7a2f0df9b56bbcf7f83643133a383893d13cfad11c3207687dc723

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-01-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7be5b51fcb204a9ecfbfc6756d3914eb.exe
Size

146KB
MD5

7be5b51fcb204a9ecfbfc6756d3914eb
SHA1

af03c7e483eda95fd6b8e13bd3e36800603c1748
SHA256

980970e24b7a2f0df9b56bbcf7f83643133a383893d13cfad11c3207687dc723
SHA512

16ba1a2460f362eb415ca7b88e429724ef356fde0785390623d9aa795ae11f178f25d70e1430fbb0ad1b5be5120a3370701af970574ad3652729e291534fb567
SSDEEP

3072:7SkdI1piGkg0OTLvbQEAV53NjnlBr2sYoBOlljOaG5+4:Wk0ir92jbnwlB4oQO1Q4

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
3816	msedge.exe
3816	msedge.exe
3008	identity_helper.exe
3008	identity_helper.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe
2548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5096	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe
3816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4384 wrote to memory of 3816	4384	7be5b51fcb204a9ecfbfc6756d3914eb.exe	89
PID 4384 wrote to memory of 3816	4384	7be5b51fcb204a9ecfbfc6756d3914eb.exe	89
PID 3816 wrote to memory of 3844	3816	msedge.exe	90
PID 3816 wrote to memory of 3844	3816	msedge.exe	90
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 468	3816	msedge.exe	93
PID 3816 wrote to memory of 4092	3816	msedge.exe	92
PID 3816 wrote to memory of 4092	3816	msedge.exe	92
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91
PID 3816 wrote to memory of 4132	3816	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\7be5b51fcb204a9ecfbfc6756d3914eb.exe
"C:\Users\Admin\AppData\Local\Temp\7be5b51fcb204a9ecfbfc6756d3914eb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://br.youtube.com/watch?v=0U2mZ536UzQ
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffeb6a046f8,0x7ffeb6a04708,0x7ffeb6a04718
    3⤵
    PID:3844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
    3⤵
    PID:4132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2460 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
    3⤵
    PID:468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:1500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
    3⤵
    PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
    3⤵
    PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3556 /prefetch:8
    3⤵
    PID:2680
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
    3⤵
    PID:3404
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
    3⤵
    PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:1836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
    3⤵
    PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
    3⤵
    PID:5144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,17286668778410378781,13956801470551763425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f246cc2c0e84109806d24fcf52bd0672

SHA1
8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

SHA256
0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

SHA512
dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
972dcbb272aa69b86a579bf9b123535c

SHA1
9bdf7d9cab6491c0cf19c24f9f3dcef2a7de7b29

SHA256
3fa844422cb57782dc6f3ab512dd21c0de508c6ebc8e666d1bcd76a2c1a206e0

SHA512
8368f92bcc7c480f447daf66ba0569820ba4c0d0533f151194110124c7dca7ebe378dced0a9d57f9a91d0658aa4a8835fed9c755bf832681f25d26745f707a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dc296d7077fda879bf073593e0cf2a97

SHA1
df18e0fa15beda75b1384edb30e704e320e9f598

SHA256
45901e90f314f49bf3f904b578abe2eb687d05b1519b92c053419cbdac1878d2

SHA512
204e8415a47ef4d94ea70ab08a670c8c9f64d38002f3b34ba21ffbe4d2be5bbe5515160b8dc210d92300e73e25bc865c78862ca7ee9ca3938980fe6655fdf32d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7b6dc1c194d822d129a0187aaa5d63b7

SHA1
cbcd2ff8a4f20e93e8d8cec1f4ff941e2d2323b5

SHA256
92aad37432dd935583cd4102d1fd1cbd80c6059da584d38288516d75ced8b70a

SHA512
7b0cd27dd5d5c008365d3556ed26b2c83ed36afcda9044a8838241a3bc563a8ca51414ed35a49b84878c1712e7dfa6c28f2472c7da55574dd1b70b8bd0e75a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2e5ec53e45f6bd0f5cc04bf222807bf1

SHA1
28074b7b0c2ed308ba2fb7457191383ae5dba1aa

SHA256
7700432c2ea12dec5964bcce44402935616b2363b4e63f4861fb1d6a27c73a5e

SHA512
8ef05467bd64158d94975c0670cde150a39fd3813c7f5f95f4819671456a6f88779ece373e41287879e1d7ffb02615e7c7153f078d96e748ec38db7df898b185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
15a6872e49c74d1a1e6c155dbf024ca2

SHA1
014ae131a4b08e8691412b3afc0e0b7dbe826a60

SHA256
b9a2e672546aeb628c7b7c4747666b8bd23f61306b50476abddc30d1973f67bd

SHA512
ef7be91207de04708ab3197dbe8a98ff5b070b6c326d66323184bc054b6e05effdeb41b55f1ff45005cb39ba50472295f396470d76a5e82332f9b93a32a8360e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5e62a6848f50c5ca5f19380c1ea38156

SHA1
1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

SHA256
23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

SHA512
ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b943d00-a0d2-4802-be3d-01070f608a6e\index-dir\the-real-index

Filesize
2KB

MD5
671d3aee99d3a4d2fcbdd3282ced9019

SHA1
5f97652830100a32ebba5757279f304a22fdf243

SHA256
01399b11537e753976dddc1c54f9a5b966e17265e14381a02cc612748846e7a4

SHA512
5c556057fa7e37993520bc19cee7d27b9ba4ea8a3d57fe9b03d506489f17d2d6c6902c14891158ffef39ffc214ae737565cf8bedf42f9a04567b8dd512c0804e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7b943d00-a0d2-4802-be3d-01070f608a6e\index-dir\the-real-index~RFe57b621.TMP

Filesize
48B

MD5
f5a6b0d1b9b1e7f412a085fdc1d60627

SHA1
ca5b574dfd1f5f7f3b43296c856c331946a3113a

SHA256
f0a34ffbb16b79e81c8982018a11505fb87675acc0abf3bf740e5ee432710f58

SHA512
2b56f50ac1d5819e1313479b80f771cca49e3dc7b0aa2ed6fb5f93e1ca93b0d425169e67b26adb3d7976e5b1d2a4865b138a15b2a38e1fc6498bb31b8e044605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
e414461e35f6ecfaab6d36913c823a64

SHA1
56162dd9865d225721bb90e71b00a6424699d0ed

SHA256
019f7b0535ec761cd64238ee1b8c424246765dc77c73a4f5ed50b87a9ef9a7d8

SHA512
8898a338c96c6561dec9cb7a5747da8d2fe57ca8b2169122b43f41d3311bb852d50ee1bb66a442171d388965e4e76d41830f68ea59711af828c4a53159691017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
54f4f5f32404e3f5fb2e04f6cd37a56f

SHA1
27cbbde8f8a2ed5963470254a7eba167290134bc

SHA256
fad6991070b3018507a0f63e1ca1e4499b57fe34a8a76ca685089f4795bb44ec

SHA512
8b2adfbbd367da1c2a388772d4dc7b164e8d5a6c63b40a389afe15227aede1ec7c5c822072fbdaf660727f50a16a13bd51f8f6a41b6c32c775760b32c54e2026

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
75fe9c0e1230436b7400b09a3f15b6ec

SHA1
5f92c137fe64da71abe445811c146223239d86ee

SHA256
039ebe15338254108254ea2eec8665c54c19992ffe6dcaf7e06dc105efa7e958

SHA512
f3c2180fa359b415828d5c02a32538f154d20292211b650937a0e91fa30c8aa85f3b884f02335b8e014a633fb447c97b73817d041cbff0d2fe2f1a6fe680a8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
17e7c6cbf9abd1281377c7d187a29294

SHA1
22941e4c26e3a9bbd3b0d7d7c2af699830222a23

SHA256
3eb1f028f7fa766d9ec43285b6a00e68a94005ccb11d89a5e49269bfd0542a91

SHA512
697926f5b1575dc5c4c131f595dadd65cb68ee2189dc748f9cd568da5dbcfcf1e62b46f2cba2ee8e86265b9431de54a89cd91312e546bf1bdd136731f6deee1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ebab0f9df1b78355fd99bac449ee1514

SHA1
9a0bcb2bab32d27d59e2bf195f74e0d005e388b1

SHA256
7248ad572b43a4d51b3344ac2a84dce38f8e72a9a1b872fcb41e3ba7fccfccf3

SHA512
e95508ceba80c8b851174aa6b138f7d4d2336d74581daf7caac093298992e8371cca0f8af4a2a95f48d9b1883a62248d2c7c6de33d2bc9bc0afd4517e1c8522a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ad18.TMP

Filesize
48B

MD5
9c7c82d2976c834a9c1905c3e7f4fc4b

SHA1
c3f80f7e05cfa3c8d46b1305762c8f4fe2d1176b

SHA256
f56d3033c86660de224278791f9493b5e5896e852e65eaee2be32de35da9d605

SHA512
99a378e67c0c5d9abd52aeffb8038a37658ac0aab1236732947cecae72ba6debf03a19cda9dce49e7e00ca579f9f450634ea82f4a8f02292130b866412b4c1f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ca089d0372c5d777a5f499ba303ed063

SHA1
ae6c9944ff3e4b69919327ce7f4d9377ae8cc8e9

SHA256
6f47a2514f68248d2a5ea2bb609a74ad6000e10c4c2360ceeb34d87407303b8f

SHA512
c8bfe8a60ab75fc15076f90f539e1b6d5cf2d225e17e2cfbdaf77d1e1f3ff1dbd920fcab98989352489558b847a4fad58dcfa31d5deacaf0d589bb1e17c5f2e8

Download Submit
memory/4384-272-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/4384-303-0x0000000000540000-0x0000000000542000-memory.dmp

Filesize
8KB

Download
memory/4384-0-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/4384-4-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/4384-2-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/4384-1-0x0000000000540000-0x0000000000542000-memory.dmp

Filesize
8KB

Download