Overview

overview

3

Static

static

1

Minecraft_...AM.png

windows11-21h2-x64

Resubmissions

21/02/2024, 14:10

240221-rg7msshc49 3

21/02/2024, 14:06

240221-rewshshb88 3

Analysis

  • max time kernel
    155s
  • max time network
    157s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    21/02/2024, 14:10

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Minecraft_ 1.16.5 - Multiplayer (LAN) 2_11_2024 10_51_40 AM.png

  • Size

    1.3MB

  • MD5

    5516a9b248156f7b6c88cdb2c931720f

  • SHA1

    2b5f8fcc8e950c5861f5c0379e8bf5983b7df022

  • SHA256

    3fbb0eb5251ffda017b2fd8abf7ba03707b5ea483b4a83d278851f49b1e6c2f1

  • SHA512

    5983d467a725152fdfaf732a523513986a91fa4c89bd1dca66c61d5258435079fbbc0e4ee9bbfc30ebb24c4c5ac23200ac247c8a7c63bf3d5688c8dec70318e1

  • SSDEEP

    24576:dq5AEJqSuUOOyJWIwJCB8c23ZGFq6CdEZi6dhWis2h6Zlo9MBHK9xSNnjkLTuEo5:dwAEwjUEJBwa23Yqr+Rd8+2O6HyEjkcL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
  • Suspicious use of FindShellTrayWindow 52 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Minecraft_ 1.16.5 - Multiplayer (LAN) 2_11_2024 10_51_40 AM.png"
    1⤵
      PID:3856
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3320
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x80,0x84,0xe8,0x7c,0x10c,0x7fff51f03cb8,0x7fff51f03cc8,0x7fff51f03cd8
        2⤵
          PID:2156
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
          2⤵
            PID:864
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1716 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2492
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
            2⤵
              PID:1360
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:2624
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                2⤵
                  PID:4844
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
                  2⤵
                    PID:4424
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                    2⤵
                      PID:2956
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4076 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:5000
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3060
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
                      2⤵
                        PID:2212
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
                        2⤵
                          PID:2736
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
                          2⤵
                            PID:2448
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
                            2⤵
                              PID:2304
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
                              2⤵
                                PID:1312
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                                2⤵
                                  PID:1432
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
                                  2⤵
                                    PID:3748
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
                                    2⤵
                                      PID:3096
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
                                      2⤵
                                        PID:2128
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
                                        2⤵
                                          PID:1648
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
                                          2⤵
                                            PID:2932
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
                                            2⤵
                                              PID:1912
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                                              2⤵
                                                PID:1628
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4724 /prefetch:2
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:1104
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
                                                2⤵
                                                  PID:4572
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
                                                  2⤵
                                                    PID:4456
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4076 /prefetch:1
                                                    2⤵
                                                      PID:552
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1912,15987445264166449725,16401631064665904062,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=6476 /prefetch:8
                                                      2⤵
                                                        PID:1396
                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                      1⤵
                                                        PID:2164
                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                        1⤵
                                                          PID:244
                                                        • C:\Windows\system32\LogonUI.exe
                                                          "LogonUI.exe" /flags:0x4 /state0:0xa3a25855 /state1:0x41c64e6d
                                                          1⤵
                                                          • Modifies data under HKEY_USERS
                                                          • Suspicious use of SetWindowsHookEx
                                                          PID:4108

                                                        Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                          Filesize

                                                          152B

                                                          MD5

                                                          4aa37444d26e81e6f3837eb15bcaa892

                                                          SHA1

                                                          3d00127097989429f311f33daa8380ad7af4cb56

                                                          SHA256

                                                          ab703e5dfb5b92527f094fad6ec479839375907700be9a2fd1c3cb9105f9e655

                                                          SHA512

                                                          f21a34c234433a688602b2b56d6844f224641bea45b8585f77f4853e192107a65c5e104e10cd86c1d97ff41a22fd05d65224993803b22113ed0b517e686c5176

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\526ae439-d59b-4b8a-8636-516d6132e973.tmp
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          ad5e81f95b5cb3835cd24b32e8c11884

                                                          SHA1

                                                          c1b5e3e274decee701876e1787a7d286c85d4c04

                                                          SHA256

                                                          4e3d92ddf57122e364fb301cf2a7904d63768561873ef1bece3d5f5a7c1c54be

                                                          SHA512

                                                          6ecb019d70ebb1916d594929d89556d674c5f6f53c4fcb727afccea18d4b77e974f38e377b0e20d62dad9a1cb61dce7e6a202db3167920b86f1867f3d1d5cb73

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
                                                          Filesize

                                                          264KB

                                                          MD5

                                                          44d8a2e1516fb14391bde516174265c6

                                                          SHA1

                                                          2fa0e5d7fa41ac2486734dcd9c4067a68c62125b

                                                          SHA256

                                                          1b40f1e363f20afbac809f595a3e948d266f7111e462f0f16bbd6808f1005c0d

                                                          SHA512

                                                          b9967ffaa8ec6c1dd6d3aa576744b543ea0f125f4e6fca93b8b8e239f59b01278bfae1324124e838f1f095bc145b103696f02334804c82b8b7d825762aea5ef0

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          84B

                                                          MD5

                                                          32b9dc9cc81d0682e78627c873fdd651

                                                          SHA1

                                                          46c486386d3e153c3e9b11d54cb52cf0064b71cf

                                                          SHA256

                                                          712196693e3527ac1131831f1a2108b6c0e5c68967b26d51a452611cdfb86e0c

                                                          SHA512

                                                          f18bc37f8b72411548da247aa1394cc5ac03c3bbd98e82eb8ba290ef239ef5b8625cf4835bd41ce7c52766d0bc3bfe9150dd22dbf62f0f05992ddde5fbfdc811

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                          Filesize

                                                          111B

                                                          MD5

                                                          285252a2f6327d41eab203dc2f402c67

                                                          SHA1

                                                          acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                                          SHA256

                                                          5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                                          SHA512

                                                          11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          e97b338aa60193ce8c94a321018b01bc

                                                          SHA1

                                                          f1ecfc9bea82c4731dcbe2ab9297028aa3c51de4

                                                          SHA256

                                                          b90f8ebf41b9d9223dfb37ffedbbe5f90094e4d23812f7bd15895cd3ffff8726

                                                          SHA512

                                                          d1d50aed3e29bce540c83e85bb02601e2b0c88e755ad8d53fc9a181cce4302e5cc63f131d692016544840799e1e682fd85fec1552ecdc1d11ae1e1ef645176c7

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          8ea7fa375f53af97d506c95ad66b4853

                                                          SHA1

                                                          c7d9a6bf0929212224b9d5c12a44a9149c6e6150

                                                          SHA256

                                                          344b914f94077c1e38f9fac9573b7c1c181bbc37e29c4349a76131ccb61ce291

                                                          SHA512

                                                          dbd099aeae41d6a17d732b5a8e8f3e7cf7d9e323497703fa2c2585666900ed47674c70353b4a663341642d76bfab5f035ddea75b7561e517e8c194051f7e67fa

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          b92f06388ef209cbe92f9d1286cc22aa

                                                          SHA1

                                                          6649a7ff970868c5a6ddab8a968e7d152ef3dadb

                                                          SHA256

                                                          ca086c691d4d88f976d529425187c91f660d7cd067a910dc007346a6035ceb1d

                                                          SHA512

                                                          3b62d37e22fb1ad0636a69a471348f5066380015834e1cd8a07fa3dbde64fa694ae1fbddaaece7beee3ffc50bc85870435b609ace198a693774540aeace6281a

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          5KB

                                                          MD5

                                                          27b9314d62f4f4ca484d1f15fbeda78d

                                                          SHA1

                                                          2d093f487f4ad814db1c0f1b96236fde9da319ec

                                                          SHA256

                                                          1443bcaf1b8878e356fd3a2a6fac4087f14d86e152f5ff0f63349cf2e337402f

                                                          SHA512

                                                          f4d1b6cc1f96971a37e586a3be5b4c6a1d72ca56b6f56b9212919017ffa78340248530b81f21155c2a18e63f8681911bbbf7b6a4930f0b6c682ecb7654ae22d8

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                          Filesize

                                                          6KB

                                                          MD5

                                                          a445362e1dbeb3aff79b06e34520292c

                                                          SHA1

                                                          ce10159b6fa03731cef48a39e58d0534bf292e21

                                                          SHA256

                                                          af43ec23150e230d06af38c2cf7791340e678b55341f410f23e4b5bcd9adef40

                                                          SHA512

                                                          d9851571123028b2f98038fd54f38e8c8fa5ff2ab525454b9c5a9449acbd6dcbeb3db2eb2220601fd6bcc59e2b126fd01c3339a6885fabda1ff3ec81c5035a31

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                          Filesize

                                                          25KB

                                                          MD5

                                                          40833cdbd5d7994ce8fa41b927a81b3c

                                                          SHA1

                                                          7d0113a707e380a6c12a7581af0184b6e49ba481

                                                          SHA256

                                                          857a656a5e259b4671d5778cf4c93bf038e060b195cb7e9fb3d9c5bf25c8f2f7

                                                          SHA512

                                                          38d77bf562e1abeffd91ada2832a160d29509ed748751f43de43c5846c9fffab53884fe31b19ee7336c36557d726b9ff17dcdda0f311d8f04407e44748f2f4e7

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                          Filesize

                                                          16B

                                                          MD5

                                                          6752a1d65b201c13b62ea44016eb221f

                                                          SHA1

                                                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                          SHA256

                                                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                          SHA512

                                                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          10KB

                                                          MD5

                                                          6a58bf763c36aa5f1f1683b4b8ee7060

                                                          SHA1

                                                          18bc2b6c13cf00de8831ed7671f97c5d7c708bac

                                                          SHA256

                                                          328d27b6083a1fe51ced0821b85c606558f327594e403ec54b267b65f153854c

                                                          SHA512

                                                          b1adf62af1d304a7bcd156df909902365abb1e67e7376bf21981733e7d02077d5dab65083a01a1bb2f71d7a142a86d4e47c0b83f9b4ea83a6d04099cf6dc1bca

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                          Filesize

                                                          11KB

                                                          MD5

                                                          7b44b88ab35f9f8ad3eccc205767b985

                                                          SHA1

                                                          a7b3ecc40d8db34c453c11ce43cae9ee4d28f08b

                                                          SHA256

                                                          524201dbe87ae174db97835fa58aa54d8dc236d0f3a2274880a6ad97927086e7

                                                          SHA512

                                                          01c56a10dbda1e49154a9c79ac738ecd507a1456778ed656dd7648682763578575096923cb3ca2cf24ed32c7b2d3409896bc7e4ac0c676de36494a858b7afd55

                                                          Download Submit

                                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
                                                          Filesize

                                                          2B

                                                          MD5

                                                          f3b25701fe362ec84616a93a45ce9998

                                                          SHA1

                                                          d62636d8caec13f04e28442a0a6fa1afeb024bbb

                                                          SHA256

                                                          b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

                                                          SHA512

                                                          98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

                                                          Download Submit