Resubmissions

24-02-2024 07:15

240224-h3epgada29 8

24-02-2024 07:12

240224-h1rk9adf8y 6

Analysis

  • max time kernel
    186s
  • max time network
    215s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-02-2024 07:15

General

  • Target

    https://drive.google.com/file/d/12kR1UzD6iJ423jxMUj8R4eS2E9CGnt-e/view

Score
8/10

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 3 IoCs
  • Enumerates connected drives 3 TTPs 6 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 33 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 57 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/12kR1UzD6iJ423jxMUj8R4eS2E9CGnt-e/view
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4780
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e19346f8,0x7ff9e1934708,0x7ff9e1934718
      2⤵
        PID:4692
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
        2⤵
          PID:3404
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4792
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2540 /prefetch:8
          2⤵
            PID:4368
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
            2⤵
              PID:3612
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
              2⤵
                PID:3700
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
                2⤵
                  PID:2144
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
                  2⤵
                    PID:1300
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
                    2⤵
                      PID:3408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
                      2⤵
                        PID:3748
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
                        2⤵
                          PID:1836
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4920
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
                          2⤵
                            PID:3528
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17165412874277352663,5752317545022625380,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4272 /prefetch:2
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:1192
                        • C:\Windows\explorer.exe
                          explorer.exe
                          1⤵
                          • Modifies Installed Components in the registry
                          • Enumerates connected drives
                          • Checks SCSI registry key(s)
                          • Modifies registry class
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          • Suspicious use of SetWindowsHookEx
                          PID:4476
                        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
                          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
                          1⤵
                          • Modifies registry class
                          PID:3192
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3780
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1388
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                              • Modifies registry class
                              • Suspicious use of SetWindowsHookEx
                              PID:5060
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                              • Modifies Installed Components in the registry
                              • Enumerates connected drives
                              • Checks SCSI registry key(s)
                              • Modifies registry class
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:2956
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                              • Modifies registry class
                              • Suspicious use of SetWindowsHookEx
                              PID:4932
                            • C:\Windows\explorer.exe
                              explorer.exe
                              1⤵
                              • Modifies Installed Components in the registry
                              • Enumerates connected drives
                              • Checks SCSI registry key(s)
                              • Modifies registry class
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:2920
                            • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                              "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                              1⤵
                                PID:4992
                              • C:\Windows\explorer.exe
                                explorer.exe
                                1⤵
                                  PID:4200
                                • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
                                  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
                                  1⤵
                                    PID:3096
                                  • C:\Windows\explorer.exe
                                    explorer.exe
                                    1⤵
                                      PID:1448

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      f4db60c9bb06ea5452df26771fa873ac

                                      SHA1

                                      c118183a1315a285606f81da05fc19367a2cdfe1

                                      SHA256

                                      f168242e74bfde18bacb9e18945a39bb447188eba916c7adf0f342ed8d82281e

                                      SHA512

                                      180ed98f9d5a14a22687a099c4a0ba6b586610f7b8b4c8de89f3b91713b07a2ef3726fcd318cb4e270b1745213b898037d29cca4b490d0c91833b797d69ac406

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                      Filesize

                                      152B

                                      MD5

                                      f5b0bf4edca2187f7715ddd49777a1b2

                                      SHA1

                                      eb78099013d0894a11c48d496f48973585f0c7c0

                                      SHA256

                                      562016f9159ef363fcbe62ed13ee26052b31d4f67dc5ea6d60864a7d5dfa50a1

                                      SHA512

                                      1039b98cffd32ca4c9e37486b96e01b167d76b19dd8440a21da4932d677c463f4c5ce2260239e8337f59bd61ff3111905e23ab71d3ca5b20e7d2935fea7952c9

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0dba479d-2495-4643-aa0e-dca1e299453a.tmp

                                      Filesize

                                      6KB

                                      MD5

                                      2d567a0f972c33e34fac65e530513264

                                      SHA1

                                      a49761649c5544020c28c9e440900158875e4445

                                      SHA256

                                      cdb5eba77194813b0bcfb7ebe44acfe17f69ab4a319c568c5b8244b409402f86

                                      SHA512

                                      fc26ee7c8daca86141d4351c12d1dfa2f3c7a7a468b1e845ac1de6ba8bd98c7095697dc28a1661778f6a83e8a360084260e371043716dfa3560b7fbecc1b0f34

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

                                      Filesize

                                      408B

                                      MD5

                                      96ca1cadc38088f888e144fb260667a1

                                      SHA1

                                      6ad479d54eec9bd37e4926ce2a8cf455a6d81aab

                                      SHA256

                                      944f0575922a80f5937237255c96f4dfa2d3078c0151553e1b7346d00c0a8731

                                      SHA512

                                      7cc595f6c428d98639d735b6f7e6c302b17bceb46f25ea6b14f96337727d43d26f09104b8d3f31546033dcfef0c7b4b6b8aa39e6fbc0397c62f7c5d98fe2e5f1

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

                                      Filesize

                                      2KB

                                      MD5

                                      7c1458848ac158f06e72a25077c54576

                                      SHA1

                                      68ec02c52102f1d2e99cc66a30c24f1c2681885c

                                      SHA256

                                      649d1b97320f5d21946ad11d93512c5093cb044595d0bd0463175466e7596fd8

                                      SHA512

                                      9878b9ac846c2fa46d2521813ff4df8ee22d7cca37b6bb877b547749d60f3521ff88ebbe4ee4b3467d4d2c955b38d85fe83756df61e280c51acbfbe522c48a0e

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      22a28dd94d4a026e24630ca9cce58961

                                      SHA1

                                      f0317141fb322bae24da50ca375be1e1fb210c57

                                      SHA256

                                      36d9aafb232c10777c145066257b05249fe6e2fba61c62e600779618f92107b0

                                      SHA512

                                      c7c8f526b6720ce5470617b1f1bae8880d15ae75ecf2924ad40094381f8bd1559203b2440e3e146b39b6045474b1e5a30153ff033af2811b30bec9e94c010785

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      8ad9b8624e0713836a9edf7b8af94d1f

                                      SHA1

                                      1ab256b1f7a8b4137b91cc15b8059785b383eee6

                                      SHA256

                                      91c55c6dfb14118862d6443a0c3ebe3ed6942d7f12340b7a44ebae05755fd3a4

                                      SHA512

                                      bafcd1584361b7ce468c36bbc1e8c4c605244a3ecd7295fde9e24f1ddeaefe7e7574e3535f28bb0ca0993d5e0dd041c102db9ee275219805952b266ed4b30779

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      1d46f5d5f081b1a90eb34c8d2b3e832d

                                      SHA1

                                      4f303cbebc1b17fffd6b553f78c296afe928f752

                                      SHA256

                                      1495ff73ebc068a21d518d0117b5885d2642a11ab8d8cb0a3c1cf27d8bc5ee55

                                      SHA512

                                      b550a8a1821e5851da5d25a52dd6927cba68b2af6d48ab14e9c366fa485fbd8136c6d9c7d0c34f0181654bf8dd13208d30d5caaf7190474af123ab602cd23952

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      0b9bd428033715698e5c7fce1f445852

                                      SHA1

                                      24f65bea3db40495bc9824744dd780e4d3702cd4

                                      SHA256

                                      096499c8558a9241f62cfe5444343f1557a66ad73ba160143cc829fbda2e42ce

                                      SHA512

                                      d43115fd8949c7bb99b078e3c92f6025019cf9213cbd0f72a5cd684f36309450ce78a3bae6a3084cfd32d7bd6e6ba54d2107bf62e9274cb18a51851ada789405

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      539B

                                      MD5

                                      74fffbc281380da44472bda95307ae98

                                      SHA1

                                      f549b8a363d28ed9c95a0d1e78c3a6e65a4a6467

                                      SHA256

                                      d170ada5fcebdd2410a32f4919ecadb78a736a7725f9edaa6ede9fcfd4de7cd9

                                      SHA512

                                      56c0c18369f4f7c10b7290b3667e1d0cdc7ddeac8e8aad224f9d93cf9ea88340756d6a81a23126e23ec03ade0e0ca0dd4bf6029269173612e52d4e7f6f960b39

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      1KB

                                      MD5

                                      d859acb175b7fe8be30033e9a6676a60

                                      SHA1

                                      f82ef95a3b744c24bb4fe85c27ea956d7dc092c7

                                      SHA256

                                      cb2d7e38f18be50acfc0ecbe4417a8634e6e717753f834f51d13f92f13eccfa6

                                      SHA512

                                      be538b6178f72dfc1fb9f0814bd68f77e37268e9d305f12ba4a070d0c4f7717971bd452b42b4839fa5b20e23133b946db3f4eb01e5946f81e193daab48840729

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

                                      Filesize

                                      707B

                                      MD5

                                      b541263defc699de09df4eb702f5b817

                                      SHA1

                                      34cf89a1bcab29a2a5f36a16b562a00246d73193

                                      SHA256

                                      34bfc65fea67be6b148a10fa0f7fe0c6756e18d676d6a283d6f1a8e9c2605a13

                                      SHA512

                                      d9015704d29565a1ff344d3255cfa37fab31aa93b9d482f9b49de12e5bb59d18dbf2b50bc470f4f03400a6759624631b42731c8f4f0d5fce6eb9bfeef8ded123

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599c17.TMP

                                      Filesize

                                      204B

                                      MD5

                                      2545dc702aadfcd07a46a4e2b726d1dd

                                      SHA1

                                      4bde70756f3e7f51de95ba42ebe774c9b0ab522a

                                      SHA256

                                      c9dfa9be0eb85132d8db2891d481870f8ef69efe4bd5c2d1edb7763a6193df4b

                                      SHA512

                                      c7eec13e71bf71b1cb0b19bda7387ea886c65d9764370f260a7c1f20bc7a679ff6c2ba224d70ee29e11a491ed3b95b1af08c9cee49b29d2603f736d4ff9c5dae

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      8KB

                                      MD5

                                      4d15707ebf4ade9f284a30dfac6940fe

                                      SHA1

                                      11400ee353610822bc8cd0793fa04e018580b2db

                                      SHA256

                                      b8ca01e752740869ddb3b5546ccd65e9de53a5820810600c441b5d43f571a814

                                      SHA512

                                      a83902058c7bae18878f1f0c2514e679c07436d22bea668024bc3302ae82c0cf367d56b9102dab00dd83fb6b84b0d6f825c9637219c8248d26299499e183a8d0

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      11KB

                                      MD5

                                      51236676185680ef093b1f133373f2bf

                                      SHA1

                                      878a62305b046245c8b96f7e9ce9f2c54c2fa704

                                      SHA256

                                      43a7b01f823a1db5fee0ceaa967778ee592f8dc868157b59e50f1df11dc0e246

                                      SHA512

                                      43c6a0d5b84113b68cf51a77ae7aa7203f20693bae2f1c293b1b9307dc1ad906f3ad9d6f4967772a9c8db873a2116be9acaa129f6d436885b5ce352d21041872

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      12KB

                                      MD5

                                      1b3aa8ca33e2573bf6a4441119babb6f

                                      SHA1

                                      69ea5adb13791a91ab72b1b2e5447466f2538384

                                      SHA256

                                      53d51830fb7fc92409ed60599046d31040a017560c737f64559fae57bb9fecfd

                                      SHA512

                                      e5747bbd51b458dd6af4c7683746248df7caa1b87dd9e38be006b6e6460051777e7a1c7566a2ca26e0a08f5eedc0fd15b5a6837f4a3153af4dc7e0d00abbfee1

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                      Filesize

                                      12KB

                                      MD5

                                      11c7b9e1f3d25e6208b415689ea78a8e

                                      SHA1

                                      46ac5fa7924aa44372dcdf47456632b22ae199db

                                      SHA256

                                      afc44164bd155679114542e25b67ce00653099f71bc1605f7d2dd1a9f488cada

                                      SHA512

                                      de5e0a382ed61c27e041ae7f1d7324eadc3effbbdaf7806632b159bc64cf970e4a17a7cbecfbf0a989ca477ba527e4091227901723fcb1576d8bbdc21ca81c74

                                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133532326189553998.txt

                                      Filesize

                                      74KB

                                      MD5

                                      b98cdb070ea557f909749f0582056331

                                      SHA1

                                      e9f70e380ce8853264fdb4ff302c98d9809eb0e8

                                      SHA256

                                      d8a6d9b4d632ce889c8147253c581995909bd39831cf09cfdf0589bfd559bf64

                                      SHA512

                                      d5b7a4f3003f2f7f481e52116e6031d6e03e47353e963d334c3815b97d09e7e1ee0e390034a6dfa638eae2b43b1d349d7e48ae16447ca85cf027feb09b628925

                                    • memory/2920-240-0x0000000004750000-0x0000000004751000-memory.dmp

                                      Filesize

                                      4KB

                                    • memory/3192-246-0x0000019BBF6D0000-0x0000019BBF6F0000-memory.dmp

                                      Filesize

                                      128KB

                                    • memory/3192-248-0x0000019BBF690000-0x0000019BBF6B0000-memory.dmp

                                      Filesize

                                      128KB

                                    • memory/3192-250-0x0000019BBFB30000-0x0000019BBFB50000-memory.dmp

                                      Filesize

                                      128KB