Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

7

Keygen.exe

windows7-x64

8

Keygen.exe

windows10-2004-x64

10

Resubmissions

14/02/2024, 04:27

240214-e28z5sac24 7

14/02/2024, 04:11

240214-erxjcsgf8z 10

14/02/2024, 04:02

240214-els9rahf93 10

Analysis

  • max time kernel
    155s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/02/2024, 04:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Keygen.exe

  • Size

    200KB

  • MD5

    9718045f5002b741172a6c659e3b97fd

  • SHA1

    101403393b50c9de54efc4370d078922ba5f7c47

  • SHA256

    2a8eea400ff4d71f70d7d3b5d5ff6e636a98c84fbcb6217d5ac705a10a3b1fa7

  • SHA512

    2a68394fba1c7585d8c37fd5811285d064579a411e7d7b0616a17164f3ddccc15557e35062b03f3c5a4634b00913dad71d1756d94683571dedab8423372a9a88

  • SSDEEP

    3072:9EbmpgY+Iu0VSdVe4DOprtjG+URYEPZL4jAoI0PRy2XDZd+p6ewDejhqrY5S/+9T:O93Iwe4qDjGR/y0oDdNd+E2qrvWIMk

Score
10/10
evasionupx

Malware Config

Signatures

  • Modifies firewall policy service 2 TTPs 4 IoCs
    evasion
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: MapViewOfSection 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsass.exe
    1⤵
      PID:688
    • C:\Windows\system32\winlogon.exe
      winlogon.exe
      1⤵
        PID:632
        • C:\Windows\system32\dwm.exe
          "dwm.exe"
          2⤵
            PID:64
          • C:\Windows\system32\fontdrvhost.exe
            "fontdrvhost.exe"
            2⤵
              PID:800
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k DcomLaunch -p
            1⤵
              PID:784
              • C:\Windows\system32\wbem\unsecapp.exe
                C:\Windows\system32\wbem\unsecapp.exe -Embedding
                2⤵
                  PID:3176
                • C:\Windows\system32\DllHost.exe
                  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                  2⤵
                    PID:3840
                  • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                    "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                    2⤵
                      PID:4020
                    • C:\Windows\System32\RuntimeBroker.exe
                      C:\Windows\System32\RuntimeBroker.exe -Embedding
                      2⤵
                        PID:4080
                      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                        2⤵
                          PID:3168
                        • C:\Windows\System32\RuntimeBroker.exe
                          C:\Windows\System32\RuntimeBroker.exe -Embedding
                          2⤵
                            PID:3708
                          • C:\Windows\System32\RuntimeBroker.exe
                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                            2⤵
                              PID:4828
                            • C:\Windows\system32\DllHost.exe
                              C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                              2⤵
                                PID:1096
                              • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
                                "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
                                2⤵
                                  PID:4508
                                • C:\Windows\system32\SppExtComObj.exe
                                  C:\Windows\system32\SppExtComObj.exe -Embedding
                                  2⤵
                                    PID:2232
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    2⤵
                                      PID:1352
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      2⤵
                                        PID:4328
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
                                      1⤵
                                        PID:960
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                                        1⤵
                                          PID:548
                                        • C:\Windows\system32\svchost.exe
                                          C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
                                          1⤵
                                            PID:844
                                          • C:\Windows\System32\svchost.exe
                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
                                            1⤵
                                              PID:708
                                            • C:\Windows\system32\svchost.exe
                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                                              1⤵
                                                PID:1108
                                                • C:\Windows\system32\taskhostw.exe
                                                  taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                                                  2⤵
                                                    PID:2556
                                                  • C:\Windows\system32\MusNotification.exe
                                                    C:\Windows\system32\MusNotification.exe
                                                    2⤵
                                                      PID:388
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                                                    1⤵
                                                      PID:1060
                                                    • C:\Windows\System32\svchost.exe
                                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                                                      1⤵
                                                        PID:1036
                                                      • C:\Windows\system32\svchost.exe
                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                                                        1⤵
                                                          PID:1188
                                                        • C:\Windows\system32\svchost.exe
                                                          C:\Windows\system32\svchost.exe -k RPCSS -p
                                                          1⤵
                                                            PID:900
                                                          • C:\Windows\System32\svchost.exe
                                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                                                            1⤵
                                                              PID:1240
                                                            • C:\Windows\System32\svchost.exe
                                                              C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                                              1⤵
                                                                PID:1688
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                                                1⤵
                                                                  PID:1664
                                                                • C:\Windows\System32\svchost.exe
                                                                  C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                                                  1⤵
                                                                    PID:1492
                                                                  • C:\Windows\System32\svchost.exe
                                                                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                                                    1⤵
                                                                      PID:1704
                                                                    • C:\Windows\System32\svchost.exe
                                                                      C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
                                                                      1⤵
                                                                        PID:1816
                                                                      • C:\Windows\system32\svchost.exe
                                                                        C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                                        1⤵
                                                                          PID:1940
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
                                                                          1⤵
                                                                            PID:1968
                                                                          • C:\Windows\System32\svchost.exe
                                                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                            1⤵
                                                                              PID:1976
                                                                            • C:\Windows\System32\svchost.exe
                                                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                                              1⤵
                                                                                PID:1800
                                                                              • C:\Windows\System32\spoolsv.exe
                                                                                C:\Windows\System32\spoolsv.exe
                                                                                1⤵
                                                                                  PID:1748
                                                                                • C:\Windows\System32\svchost.exe
                                                                                  C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                                                  1⤵
                                                                                    PID:2120
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                                    1⤵
                                                                                      PID:2392
                                                                                    • C:\Windows\system32\svchost.exe
                                                                                      C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                                      1⤵
                                                                                        PID:2420
                                                                                      • C:\Windows\system32\sihost.exe
                                                                                        sihost.exe
                                                                                        1⤵
                                                                                          PID:2400
                                                                                        • C:\Windows\System32\svchost.exe
                                                                                          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                                                          1⤵
                                                                                            PID:2084
                                                                                          • C:\Windows\system32\svchost.exe
                                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
                                                                                            1⤵
                                                                                              PID:2584
                                                                                            • C:\Windows\system32\svchost.exe
                                                                                              C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
                                                                                              1⤵
                                                                                                PID:1876
                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                                                1⤵
                                                                                                  PID:2736
                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                  C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
                                                                                                  1⤵
                                                                                                    PID:2884
                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                                                    1⤵
                                                                                                      PID:2936
                                                                                                    • C:\Windows\sysmon.exe
                                                                                                      C:\Windows\sysmon.exe
                                                                                                      1⤵
                                                                                                        PID:2952
                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                                                        1⤵
                                                                                                          PID:2996
                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                                                          1⤵
                                                                                                            PID:3004
                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                                                            1⤵
                                                                                                              PID:2728
                                                                                                            • C:\Windows\Explorer.EXE
                                                                                                              C:\Windows\Explorer.EXE
                                                                                                              1⤵
                                                                                                                PID:3488
                                                                                                                • C:\Users\Admin\AppData\Local\Temp\Keygen.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Temp\Keygen.exe"
                                                                                                                  2⤵
                                                                                                                  • Modifies firewall policy service
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  • Suspicious behavior: MapViewOfSection
                                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                                  • Suspicious use of WriteProcessMemory
                                                                                                                  PID:2972
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
                                                                                                                  2⤵
                                                                                                                  • Enumerates system info in registry
                                                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                                                  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                  • Suspicious use of FindShellTrayWindow
                                                                                                                  • Suspicious use of SendNotifyMessage
                                                                                                                  PID:3424
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffafeb546f8,0x7ffafeb54708,0x7ffafeb54718
                                                                                                                    3⤵
                                                                                                                      PID:2508
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
                                                                                                                      3⤵
                                                                                                                        PID:1840
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
                                                                                                                        3⤵
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        PID:4276
                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
                                                                                                                        3⤵
                                                                                                                          PID:2104
                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
                                                                                                                          3⤵
                                                                                                                            PID:3872
                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
                                                                                                                            3⤵
                                                                                                                              PID:1984
                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
                                                                                                                              3⤵
                                                                                                                                PID:2380
                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
                                                                                                                                3⤵
                                                                                                                                  PID:3308
                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 /prefetch:8
                                                                                                                                  3⤵
                                                                                                                                    PID:4468
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3872 /prefetch:8
                                                                                                                                    3⤵
                                                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                                                    PID:1632
                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
                                                                                                                                    3⤵
                                                                                                                                      PID:3564
                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                                                                                                                                      3⤵
                                                                                                                                        PID:208
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3888 /prefetch:8
                                                                                                                                        3⤵
                                                                                                                                          PID:3020
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3668 /prefetch:8
                                                                                                                                          3⤵
                                                                                                                                          • Modifies registry class
                                                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                                                          PID:100
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
                                                                                                                                          3⤵
                                                                                                                                            PID:4636
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
                                                                                                                                            3⤵
                                                                                                                                              PID:884
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
                                                                                                                                              3⤵
                                                                                                                                                PID:1528
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
                                                                                                                                                3⤵
                                                                                                                                                  PID:3872
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
                                                                                                                                                  3⤵
                                                                                                                                                    PID:3848
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
                                                                                                                                                    3⤵
                                                                                                                                                      PID:2676
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
                                                                                                                                                      3⤵
                                                                                                                                                        PID:3852
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                                                                                                                                                        3⤵
                                                                                                                                                          PID:2332
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
                                                                                                                                                          3⤵
                                                                                                                                                            PID:680
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
                                                                                                                                                            3⤵
                                                                                                                                                              PID:548
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
                                                                                                                                                              3⤵
                                                                                                                                                                PID:3888
                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
                                                                                                                                                                3⤵
                                                                                                                                                                  PID:2032
                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
                                                                                                                                                                  3⤵
                                                                                                                                                                    PID:4200
                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,4118342595421724545,3244660185491191602,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
                                                                                                                                                                    3⤵
                                                                                                                                                                      PID:2296
                                                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                                                  C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                                                                                                  1⤵
                                                                                                                                                                    PID:3628
                                                                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                                                                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                                                                                    1⤵
                                                                                                                                                                      PID:3580
                                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:5064
                                                                                                                                                                      • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                                                                                        "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:3744
                                                                                                                                                                        • C:\Windows\System32\svchost.exe
                                                                                                                                                                          C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                                                          1⤵
                                                                                                                                                                            PID:4844
                                                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:3080
                                                                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                                                                              C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:1568
                                                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                                                                                                1⤵
                                                                                                                                                                                  PID:1032
                                                                                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                                                                                                                  1⤵
                                                                                                                                                                                    PID:3192
                                                                                                                                                                                  • C:\Windows\System32\svchost.exe
                                                                                                                                                                                    C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                                                                                                                                                    1⤵
                                                                                                                                                                                      PID:2036
                                                                                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                                                                                      C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                                                                                                                                                                      1⤵
                                                                                                                                                                                        PID:1476
                                                                                                                                                                                      • C:\Windows\system32\svchost.exe
                                                                                                                                                                                        C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                                                                                                                                                                        1⤵
                                                                                                                                                                                          PID:1468
                                                                                                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                                                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s DsmSvc
                                                                                                                                                                                          1⤵
                                                                                                                                                                                            PID:1460
                                                                                                                                                                                          • C:\Windows\system32\svchost.exe
                                                                                                                                                                                            C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                                                                                                                                                                                            1⤵
                                                                                                                                                                                              PID:1376
                                                                                                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                                                                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                                                                                                                                                                              1⤵
                                                                                                                                                                                                PID:1312
                                                                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                                                                                                                                                                                                1⤵
                                                                                                                                                                                                  PID:1224
                                                                                                                                                                                                • C:\Windows\system32\fontdrvhost.exe
                                                                                                                                                                                                  "fontdrvhost.exe"
                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                    PID:796

                                                                                                                                                                                                  Network

                                                                                                                                                                                                  MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                  Replay Monitor

                                                                                                                                                                                                  Loading Replay Monitor...

                                                                                                                                                                                                  Downloads

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    152B

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    efc9c7501d0a6db520763baad1e05ce8

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    60b5e190124b54ff7234bb2e36071d9c8db8545f

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\CURRENT
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    16B

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    46295cac801e5d4857d09837238a6394

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\MANIFEST-000001
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    23B

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    3fd11ff447c1ee23538dc4d9724427a3

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    1335e6f71cc4e3cf7025233523b4760f8893e9c9

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    111B

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    285252a2f6327d41eab203dc2f402c67

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    5KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    b55bcdc288cfe7ccd085cf0d77a1747d

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    f077259c20e9d24050d33512ed7555015a8df21f

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    c695b1f27b15ec9c482fc4338b415fa861356b7f777146851211c2ea07f1a022

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    311b95685f9e9d60a4424bf235cd13eaff6b8e18c0c0c0ec686cd85f6ca8c2ae2cd48a664da916649a1d585d8770ae81124f9d6dc892e8332ed35d2c31184910

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    9KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    477e732287b843eaae7beaacb83ff823

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    0c58fbf80eced0f117aba0f89f77f2507bbfec5c

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    371e96438f694cb6199f812e4f9d65ce5ffc7d007b5bb85b7ceec0ff918a135d

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    b52aab36e40dc07d9e2078e34246a13b7dc3c75faca37092431ea7d6659778aa3bb5fe9ae671d8f68c0a0dbf30729a4ef7cfde6b54464296ed0f70c1b80a9ae1

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    5KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    5e28cb167335c45698f5d67ebe23a547

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    425a7652d2a7c422571bdf0c371fda8ee559f0db

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    316c97469f63407d8353e725c3a7492171fc7f0af2241418128eb483f2c28b1c

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    f3852716c8d627f484bc0830afd99c450397af1a7d4ed9161a3894e37cafe01c44fc3ae9463073e57485b9aa68b68a710ec638e0ec1b8bf75a8bff62814995f2

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    6KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    9656d1ec23613659185f27a0b593fd18

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    1a04b7cf0759d9edebb1778413832607d0827cac

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    6328b82a25a03c5fd0acc45f82e8794e7c4a8dbfb0017690e9c057b50b8c61b3

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    e13eb055c74d115daf682e91b808d512969b4b3e706f665f764add1f98b219ee0a307233ab2db5129a275c90dba815270ba3cb23771ab455bf9d6151415f8047

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    5KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    e4079758f3ca912e9a991e42e4b04ca0

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    19e7c28c3961d85419eef54c6d84c72653a7bb86

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    118f1e8d1f5fdaae216e0cf9052da9b2f8b2bc7da4917537348e05af1922fcd5

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    030314e1918fbc6e4a797c07cabb24a4cdeec2a893740a689305b6daecc205c14eb8c7274ee5116f04b3d03f0927f6ba41bd751bfbeb00e1e898b3132a134564

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    6KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    a1cb08e735ee93fc04d29e924081f4f7

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    b5b058bd0b1beb9e53c2db477ddf3623553d2db2

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    c72d3e6c175dcf27caec3e4bda0ae896a13d6575c557c3511d757b0fc57e9652

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    86506cf52db8656d0022eb54fefd966d84ef7a0a4686a96125d0bf2429ef63c668c879d98a483da3609eb067afc2aec33e6f62f1a25e7ef758c1baf0bd8a1ce1

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    24KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    121510c1483c9de9fdb590c20526ec0a

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    96443a812fe4d3c522cfdbc9c95155e11939f4e2

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    2KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    ace42cb74dedfdaf9ca3806647c9d73f

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    61eadceb5c9376c7a02fef06e755490332fadeef

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    f343e53a5ff7852cb6c25e48807e5018a58b5d50c0b4dc6e6113f4a867d45e9f

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    5ba44ab50b12f3ea6a334909c0eb5404a0035ecaaca2ed647a3df3721a71ef91ac9f15b2a20fac881c480f4764e8467388d9b4be83bd04f41be2e471c103cf2d

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    2KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    770325821364f0fe0eec084d5ffd7292

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    4bf711f8523204a432ae0e5d2b8b7924b2b4b97f

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    4d01f191349db7bf8ebdce13a8cc457333157fd2eb73df4d67304c25dfc0682d

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    2cbfffeda835545f380e858e136f62ea4d136266dfe15fcfc149354f1bb7927f82f121509048e7eac396f34ce68807e5118309c9b63d2624e64cad1f7c3f9603

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    1KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    78ffcb8bb441d80c513e8b508e0b431a

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    cabb024096376579f8976669b280da699baeaa7f

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    781f1a72ab3401122c027261243d2d174c9eb6bccf714593dffb70936f1493ec

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    44120428fad8513545f0061a65d0e6f47ef712c7f8f46696d86977f0812960960787eb75e8ab6dab5c0404e685ad23040057457c1b4a6db813014a861f82f656

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597e8d.TMP
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    536B

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    2ea38922a4166ddaa131a470366f591f

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    dc4fb39471a4580ed0944f4179c69dfa2bfda8ee

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    4d82303d080e54b726f23e49c4f4a4c9e81d46d7154a303bcc3f6bb98e97bafd

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    d6a4d069d34a6af16ae0c279de40bb09e99dcdf37be8209d418b81d550a1bd079ce1d13e6f6b566e5056672b62e79e3a65c344d5f9a7ddae13005d4a1c117399

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    16B

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    10KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    9f389d90f914686628f3c5ad7b91b8f7

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    8d20fb15ecf420864ac051e342bc02e57ef52dcd

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    559fa68287ebccc6367dcccf7e1aa02716aa9654f1469b0365bd74229439953c

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    d74c9b6efdeb5c063fe0d0bf1f5bcca9f2726b27a522c6c9657232ae671835feecf5b51ec6c6f2305bca6e56d65f70750ec8d2bdeb593c0ec2316b52191b6113

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    10KB

                                                                                                                                                                                                    MD5

                                                                                                                                                                                                    d7031db09086ac07fb69e4d3d3a10737

                                                                                                                                                                                                    SHA1

                                                                                                                                                                                                    3daa4919cd9017c163439eee7f46fe81b9447164

                                                                                                                                                                                                    SHA256

                                                                                                                                                                                                    dfe3babd099018767c13c4812c538900bf926a238d938c9f8e5e28a392b3f8cd

                                                                                                                                                                                                    SHA512

                                                                                                                                                                                                    a263c8a90ca53c9ebc7510b3e52fdaff14549a10c743e66fb2a328c051e5e098874482ce38ed480716f73b1e4c11b226307bfd0e176e485c9ea41cf3be265441

                                                                                                                                                                                                    Download Submit

                                                                                                                                                                                                  • memory/2972-0-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    340KB

                                                                                                                                                                                                    Download

                                                                                                                                                                                                  • memory/2972-7-0x0000000000400000-0x0000000000455000-memory.dmp

                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    340KB

                                                                                                                                                                                                    Download

                                                                                                                                                                                                  • memory/2972-5-0x000000007FE40000-0x000000007FE4C000-memory.dmp

                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    48KB

                                                                                                                                                                                                    Download

                                                                                                                                                                                                  • memory/2972-4-0x000000007FE40000-0x000000007FE4C000-memory.dmp

                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    48KB

                                                                                                                                                                                                    Download

                                                                                                                                                                                                  • memory/2972-3-0x0000000077DB3000-0x0000000077DB4000-memory.dmp

                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    4KB

                                                                                                                                                                                                    Download

                                                                                                                                                                                                  • memory/2972-2-0x0000000077DB2000-0x0000000077DB3000-memory.dmp

                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    4KB

                                                                                                                                                                                                    Download

                                                                                                                                                                                                  • memory/2972-1-0x000000007FE40000-0x000000007FE4C000-memory.dmp

                                                                                                                                                                                                    Filesize

                                                                                                                                                                                                    48KB

                                                                                                                                                                                                    Download