Overview

overview

9

Static

static

7

Horizon.exe

windows7-x64

9

Horizon.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    208s
  • max time network
    208s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/02/2024, 15:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Horizon.exe

  • Size

    4.2MB

  • MD5

    84a78a46f7f73f4e9e1dd4edb23b4efe

  • SHA1

    d6d887c8e8466631925c99a7f16520d5149c7c3e

  • SHA256

    d93c1da3b87c88e076f5d7265ce28d4b9c095658fce22ea45d069da81fcd08a8

  • SHA512

    673194543421ba31332797b178d1a438394768d58d3fc7f1e37835ee50a25ce939dc751e5d7563b993b72f9f8b5e96cf038594575a6f487620a7b9133f90de75

  • SSDEEP

    98304:C+jxsbUT64hkiHjRn9zNVw8S5Lak1xW6UDqX0imVRbHp3JzxI9szKia:0Z4CiHjfzE8S5LhLUDqTmb1woja

Score
9/10
evasionpersistencethemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 7 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 29 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Horizon.exe
    "C:\Users\Admin\AppData\Local\Temp\Horizon.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Sets service image path in registry
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: LoadsDriver
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2708
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c color A
      2⤵
        PID:1680
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c cls
        2⤵
          PID:4260
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c cls
          2⤵
            PID:1384
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
          1⤵
          • Enumerates system info in registry
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:5092
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdb64946f8,0x7ffdb6494708,0x7ffdb6494718
            2⤵
              PID:3988
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
              2⤵
                PID:4688
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
                2⤵
                • Suspicious behavior: EnumeratesProcesses
                PID:1504
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
                2⤵
                  PID:3508
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
                  2⤵
                    PID:3020
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                    2⤵
                      PID:1488
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
                      2⤵
                        PID:3812
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
                        2⤵
                          PID:452
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
                          2⤵
                            PID:4452
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3448 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1464
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
                            2⤵
                              PID:4372
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
                              2⤵
                                PID:400
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
                                2⤵
                                  PID:64
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
                                  2⤵
                                    PID:2288
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
                                    2⤵
                                      PID:3872
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
                                      2⤵
                                        PID:1244
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5372 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3836
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:1
                                        2⤵
                                          PID:3076
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,7752279180284261899,302897831007808403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
                                          2⤵
                                            PID:1956
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:1340
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:64
                                            • C:\Windows\system32\taskmgr.exe
                                              "C:\Windows\system32\taskmgr.exe" /4
                                              1⤵
                                              • Checks SCSI registry key(s)
                                              • Modifies registry class
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              • Suspicious use of FindShellTrayWindow
                                              • Suspicious use of SendNotifyMessage
                                              PID:3772
                                            • C:\Windows\System32\rundll32.exe
                                              C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                              1⤵
                                                PID:924

                                              Network

                                                    MITRE ATT&CK Enterprise v15

                                                    Replay Monitor

                                                    Loading Replay Monitor...

                                                    Downloads

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                      Filesize

                                                      152B

                                                      MD5

                                                      f246cc2c0e84109806d24fcf52bd0672

                                                      SHA1

                                                      8725d2b2477efe4f66c60e0f2028bf79d8b88e4e

                                                      SHA256

                                                      0c1014ae07c2077dd55d7386cc9cf9e0551be1d67fe05a6006957427ae09fec5

                                                      SHA512

                                                      dcf31357eb39a05213550a879941e2c039ec0ba41e4867d5d630807420f070289552d56d9f16c6d11edcdb0f9448bf51e7d2e460e88aa9c55a5bfe5d8d331640

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                      Filesize

                                                      528B

                                                      MD5

                                                      c93725ec44e60c10293db8372d933e45

                                                      SHA1

                                                      d13eb6a67e9a3ad017ba3b3dee00002058e5c79d

                                                      SHA256

                                                      bfee7caa2905c3842c7be4558e4d0733410232118b09877cc6ae65d603f07359

                                                      SHA512

                                                      9d68cfd68392d157398777eb034c5226f4e7f64cab2f2ab4d83165e6c4e304a7e0fd442b7007af77db6b8ff675fb5e7164a7e60b6b28ba2d4b7486799670aebc

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                      Filesize

                                                      180B

                                                      MD5

                                                      00a455d9d155394bfb4b52258c97c5e5

                                                      SHA1

                                                      2761d0c955353e1982a588a3df78f2744cfaa9df

                                                      SHA256

                                                      45a13c77403533b12fbeeeb580e1c32400ca17a32e15caa8c8e6a180ece27fed

                                                      SHA512

                                                      9553f8553332afbb1b4d5229bbf58aed7a51571ab45cbf01852b36c437811befcbc86f80ec422f222963fa7dabb04b0c9ae72e9d4ff2eeb1e58cde894fbe234f

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                      Filesize

                                                      111B

                                                      MD5

                                                      285252a2f6327d41eab203dc2f402c67

                                                      SHA1

                                                      acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                      SHA256

                                                      5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                      SHA512

                                                      11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      9a0994128f40ecaee5cbe88b43b463a7

                                                      SHA1

                                                      9ea94bf3e764e8ca980786929194f2cfdb721c67

                                                      SHA256

                                                      405f6f2926f637fcf3369b888edb8c2f729b54fffd20d0407cc72efd8be3ec7b

                                                      SHA512

                                                      e378b14dcb4c34f91061c176b08f2b932caff38b7c843f484629d336e3e23256e08bffe2ef8438345bcb9299bef8e215eaa7f38280259d2e3dc0d1d3dad237ad

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      ccd41944cff05ccaeec6926fcd0441ee

                                                      SHA1

                                                      a640d10b2b8789cfd52383c67132fa443224e1fd

                                                      SHA256

                                                      73049f527cf38d4756e2c8c3809696494122f5a93d4992284880c53b8a143521

                                                      SHA512

                                                      bd54d91975ffd296c3a6d7a5fa13b2376d24109130d0c05da112838a0e73e6ddae2584f65503ad92a1fbf90fba3e6cac1c207984eea8b683e5481033a4d00aff

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      74e1ef71c95830667b29d6069df9c05c

                                                      SHA1

                                                      8b3cd72b0e0f52c07b7b790e95d352bc834b3892

                                                      SHA256

                                                      c26442ee96004737d4098ac738e54cf962da8c58ccf047788abe3ed5662981d1

                                                      SHA512

                                                      0e6813716043cb2b61aeecbfd547039d3d39798dc7ac12268c6546db5be101879fd751da2ccfcfadd7fc23e9bc55d091b26fdc18f457fa9edd90142779d6716d

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      6KB

                                                      MD5

                                                      4bccbe6bac2e2e32b456524c07c36158

                                                      SHA1

                                                      e11b9845cbfeb567a450772a4d0337ed19d74c2d

                                                      SHA256

                                                      f2d5f52b8712de554ce653f79f8541b56f680a0dfc7f0feae3cf5f60bcd145c2

                                                      SHA512

                                                      e1907f0465ff144b95489eff3fa43e2873c39711d45597d49cd32597ddd5dc9d2058146e3efa305c97d786b1deb8b5aa1c76d16b27786f1c2d229e313aef8910

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                      Filesize

                                                      5KB

                                                      MD5

                                                      e0301fd649de7e9db8a76147d937bd9f

                                                      SHA1

                                                      ae27b8773007daf595ed92999ea2f715027d773c

                                                      SHA256

                                                      ec771ec886a2aa1196657f2be43bc2359d2e7808c431f3e60d8d6f8caf00fd15

                                                      SHA512

                                                      dbd96484649e56634e228117f8647063079c6ac4464f581d00a03b1ce1d8c6825591472c8932cf13f703fc5ad306fb42dbd371f2e97435d3ee80f1291f49d05f

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                      Filesize

                                                      24KB

                                                      MD5

                                                      5e62a6848f50c5ca5f19380c1ea38156

                                                      SHA1

                                                      1f5e7db8c292a93ae4a94a912dd93fe899f1ea6a

                                                      SHA256

                                                      23b683118f90c909ce86f9be9123ff6ac1355adb098ffbb09b9e5ec18fc2b488

                                                      SHA512

                                                      ce00590890ed908c18c3ec56df5f79c6c800e3bea2ad4629b9788b19bd1d9e94215fb991275e6ec5a58ac31b193e1c0b9cbaa52ff534319a5e76ec4fc8d3ba54

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                      Filesize

                                                      16B

                                                      MD5

                                                      6752a1d65b201c13b62ea44016eb221f

                                                      SHA1

                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                      SHA256

                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                      SHA512

                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      10KB

                                                      MD5

                                                      26e30b670acdf060f90a4502cceadb4e

                                                      SHA1

                                                      e612ce5caadbfca46ea81c8269ff98715bb282d4

                                                      SHA256

                                                      cd2636d42f365702a09df7a0f53bcbc1df5ebfcfc86fb4ee72db0d2d01b2d2e9

                                                      SHA512

                                                      7e6c735aa03b46155ad11c1d1207a6bc49954b1883d79349788591e24ff6a4f3cc757b4ceaca06d91b9f27c630718e7d7bc45cdf290a7a01674d58938e50f0d3

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      10KB

                                                      MD5

                                                      915925b7a8446c97ed723dd28f6c851d

                                                      SHA1

                                                      44fce5feeff4766b74032e812349856fa37a6daf

                                                      SHA256

                                                      9cc5a1d7f2b96c00bebd72b9ae808b498da50e94b6e2929bc605b290f5e88f03

                                                      SHA512

                                                      cced224638b1cf9dba7a6919b916de4545b85a91eb09976b57ebb70083876b5902ef723e76ebcdedebc12d5d059ac3573c8a183a804b575f71eff7475618b270

                                                      Download Submit

                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                      Filesize

                                                      12KB

                                                      MD5

                                                      e6dc82330e3ab51dbf8f02457f5c9574

                                                      SHA1

                                                      17e3a56bcf7646c052de05f5342c113687f36eae

                                                      SHA256

                                                      da0f13c6af26f40c346e1417badbc020036c8cda0e1981c4b002bf7f5b3a8f85

                                                      SHA512

                                                      2a41826ef0165e6e7594a7cb9654ba561e41f9590ef9c7b2b146c19992ccd22c6d3bd167ace5a527ef13b5c8f8b778bb0f7f3a1c6c017349874da1da624f7b33

                                                      Download Submit

                                                    • memory/2708-12-0x0000000140000000-0x0000000140B00000-memory.dmp

                                                      Filesize

                                                      11.0MB

                                                      Download

                                                    • memory/2708-1-0x00007FFDC4D50000-0x00007FFDC4F45000-memory.dmp

                                                      Filesize

                                                      2.0MB

                                                      Download

                                                    • memory/2708-0-0x0000000140000000-0x0000000140B00000-memory.dmp

                                                      Filesize

                                                      11.0MB

                                                      Download

                                                    • memory/2708-11-0x0000000140000000-0x0000000140B00000-memory.dmp

                                                      Filesize

                                                      11.0MB

                                                      Download

                                                    • memory/2708-7-0x00007FFDC4D50000-0x00007FFDC4F45000-memory.dmp

                                                      Filesize

                                                      2.0MB

                                                      Download

                                                    • memory/2708-5-0x0000000140000000-0x0000000140B00000-memory.dmp

                                                      Filesize

                                                      11.0MB

                                                      Download

                                                    • memory/2708-4-0x0000000140000000-0x0000000140B00000-memory.dmp

                                                      Filesize

                                                      11.0MB

                                                      Download

                                                    • memory/2708-2-0x0000000140000000-0x0000000140B00000-memory.dmp

                                                      Filesize

                                                      11.0MB

                                                      Download

                                                    • memory/2708-3-0x0000000140000000-0x0000000140B00000-memory.dmp

                                                      Filesize

                                                      11.0MB

                                                      Download

                                                    • memory/2708-13-0x00007FFDC4D50000-0x00007FFDC4F45000-memory.dmp

                                                      Filesize

                                                      2.0MB

                                                      Download

                                                    • memory/3772-362-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3772-367-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3772-368-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3772-369-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3772-370-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3772-371-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3772-372-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3772-366-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3772-361-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download

                                                    • memory/3772-360-0x0000029AC6EF0000-0x0000029AC6EF1000-memory.dmp

                                                      Filesize

                                                      4KB

                                                      Download