Overview

overview

6

Static

static

3

b45a7a18d2...b3.exe

windows7-x64

6

b45a7a18d2...b3.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/03/2024, 09:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b45a7a18d2489720e94421d18352bbb3.exe

  • Size

    141KB

  • MD5

    b45a7a18d2489720e94421d18352bbb3

  • SHA1

    8bf2fef1db051210b0fa4674ea973940c3b5fcfe

  • SHA256

    85b09b90ebfb333cc691e7d0ece55a3f150fcd539a640a60f7cadc73617a5613

  • SHA512

    b070d9dc09af0edf81e1863b197da1639242749ba7508dcaa83207ef4a75919390568601fe7ce0c41794705e9f8a5df0bd442e6bb6f7d2d46702906c53b28724

  • SSDEEP

    3072:hjq42C2s7DHzqgJNHnf3YrKyPoPB/Gg49gXoykfgVTL8Daz:h2zQnDJ1KoPov9gYiL8O

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 3 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\b45a7a18d2489720e94421d18352bbb3.exe
    "C:\Users\Admin\AppData\Local\Temp\b45a7a18d2489720e94421d18352bbb3.exe"
    1⤵
    • Adds Run key to start application
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2352
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 396
      2⤵
      • Program crash
      PID:4056
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=vsd3g0h_vs0
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:3384
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc1b446f8,0x7ffcc1b44708,0x7ffcc1b44718
        3⤵
          PID:4840
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
          3⤵
            PID:2660
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2160
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
            3⤵
              PID:4352
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              3⤵
                PID:1116
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
                3⤵
                  PID:4744
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:1
                  3⤵
                    PID:3104
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
                    3⤵
                      PID:3788
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3964 /prefetch:8
                      3⤵
                        PID:2060
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                        3⤵
                          PID:5780
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:5796
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
                          3⤵
                            PID:5888
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
                            3⤵
                              PID:5896
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
                              3⤵
                                PID:5128
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
                                3⤵
                                  PID:5200
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7322690805302413065,12615030232445050611,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
                                  3⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:5948
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 2352 -ip 2352
                              1⤵
                                PID:4824
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1716
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3876
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3420
                                    • C:\Windows\system32\AUDIODG.EXE
                                      C:\Windows\system32\AUDIODG.EXE 0x220 0x468
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4852

                                    Network

                                          MITRE ATT&CK Enterprise v15

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            4b206e54d55dcb61072236144d1f90f8

                                            SHA1

                                            c2600831112447369e5b557e249f86611b05287d

                                            SHA256

                                            87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

                                            SHA512

                                            c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                            Filesize

                                            152B

                                            MD5

                                            73c8d54f775a1b870efd00cb75baf547

                                            SHA1

                                            33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

                                            SHA256

                                            1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

                                            SHA512

                                            191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                            Filesize

                                            360B

                                            MD5

                                            6e1b0ec45a713d76164f92e20328c508

                                            SHA1

                                            450b32f9bc8f5ceda3427458f0111af699d7eb1a

                                            SHA256

                                            49178a19639b23451570322b3bf8942245a1f55a0489ce52801cbef11f6493a0

                                            SHA512

                                            e6d848455760c84349f0de6cee02c8bc93afcf226336464f86f8ae156fbbda106f530ec6e590d0cd8cb345666f841659da2db6c254c41a431689e5f7b90bb0fe

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            111B

                                            MD5

                                            285252a2f6327d41eab203dc2f402c67

                                            SHA1

                                            acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

                                            SHA256

                                            5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

                                            SHA512

                                            11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                            Filesize

                                            2KB

                                            MD5

                                            2add53fa45b7f7bd97df49a7ca0fcf56

                                            SHA1

                                            b3f2cb4b69d6e88b434e6034f15fa255492d3a3f

                                            SHA256

                                            8da5c5cae92ae5952be9ea1fb31ae787ce463b9fb41b65cb29d5576449e1ac38

                                            SHA512

                                            8816cfd94a73ba11179c9fb4d634ea5ba0b35de8ecce9135a9631dcc2d2e6fdd59e37437408dcc0bba27a9c4239e7db539d1c282c546674c955dc347f9824508

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            037a95ef88c5f948657f3d44ba89efaf

                                            SHA1

                                            af5c525496efce6ba6a339f8b568944493f0d4b3

                                            SHA256

                                            5534dcb5b1dd845285b22006d735c52be48c70d577b6dfb52e28e1a35eff1a5b

                                            SHA512

                                            7c17fe4b1f709c0e547b9974759973b2aadbbb6fb5d2e8431d842f09b3a72aee185048a5b034bee7680c3120c8660d5d403d73f5662a496f32b45ede2c18f730

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                            Filesize

                                            6KB

                                            MD5

                                            9198404e7cc144eb8ff45dbeb81cee4d

                                            SHA1

                                            8f08324b7dca7f625bfdb5d8788851faf56f03a4

                                            SHA256

                                            ac1a26eb2efaa6e89ec71e672b8f911824bb6a6cce7090fb71b918298d8631d4

                                            SHA512

                                            911d96d5141858bdb68d87445068fd7682536667185d7f5fce53ec976cb20e1199394ee8b799a7822a301bd4867aaa4606de1b034fd158750e52ce6b445feb48

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\734392b8-8b2d-46a9-bfa2-0b33c65b4eed\index-dir\the-real-index
                                            Filesize

                                            2KB

                                            MD5

                                            a7cc12a0fb108ef562da7fa51d5486d3

                                            SHA1

                                            a966a69688018294c580addfbecf2e088133112e

                                            SHA256

                                            53db8a0f32b556f549e8b83a4bd774bff129618bfa57e020aab96d526d7b92ae

                                            SHA512

                                            19ebab8a416b0f3e022c1fe83eccf484ba99c4526b298ec7cc1315b166d8e5173615f6281d7e0690e9a55fad0479388b8e60ffe319865e4beec72e26063a6978

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\734392b8-8b2d-46a9-bfa2-0b33c65b4eed\index-dir\the-real-index~RFe581112.TMP
                                            Filesize

                                            48B

                                            MD5

                                            832e0bd920a3c829aaa0a24cae811521

                                            SHA1

                                            91d0367eeb9b01dcf846da7a4d8c3a452f2dc388

                                            SHA256

                                            49e6cf19ee1319ff05780820cff578d2097c965eeaec1a78f5e51582256db42e

                                            SHA512

                                            78b6a517cfce606167b3e31b39751e5d00221cdaee1e9e38e87f0d47ad03bbe9aa32457e462bb837abc4845e23401919d7a1fba2858f1b7d5366c600bcf01807

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                            Filesize

                                            146B

                                            MD5

                                            a2286292f111312e74e22ae58fca0e9a

                                            SHA1

                                            e00a6e9e6e6d1dc8855ed15f6cc63fd11a01f7bf

                                            SHA256

                                            a6f0976b1a5d7ce52081db266804338b861c144cc9c9ba7753d7f455e1ff6b7a

                                            SHA512

                                            77965070091f590b6f268ecc6a188b5bd3c6e1fc90169d3af2afc72b04cdb6f68ef4b6072444dbf122d394db291190a38c6b753ab190d0c96c913da5c72d542d

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                            Filesize

                                            82B

                                            MD5

                                            28c47b288d6f7528ac55c29840c81f6e

                                            SHA1

                                            306049954e6e7ae0f26434009e2d70d674c9557c

                                            SHA256

                                            ae17d6ff906ef7451274111ad1250c93e1aba589bb5c24ccbc3c42f23b161b52

                                            SHA512

                                            19a509d7794b665fdbb0b56f64738c9864a5ee2121ca6b351a0ec4dbb9bd3354430a3d2dc7131fa0db298aab8a3063d671e10b7e09055bfd814492ef7a3696b1

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                            Filesize

                                            84B

                                            MD5

                                            98f11cf181145cb121e51cb43ac9ab44

                                            SHA1

                                            8b2e372dc20cb0eb5095d54a5818abda7789f7f1

                                            SHA256

                                            f6dc525a60a79585d2449ba2d07311859d06f023a4cf367d18ab3d6b4e5173b3

                                            SHA512

                                            d3c4a381359a50c69d8f775d3a61ed7b9323f816cff4960e4ab25987ee5b3bf758ceb25c295dafd5eed5eedcf9ca61c3f97c8bcf00e0eb7541f3eec09d84d9d1

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b5b3.TMP
                                            Filesize

                                            89B

                                            MD5

                                            e08afab360060b9cc9ffc43b2af1026a

                                            SHA1

                                            a8227d29072f43129641422baa8bc890848433a7

                                            SHA256

                                            227390381661420dadb90bbf9735ddaf605eb5f26c91324daa09b6d8210d467d

                                            SHA512

                                            a4f8f335a2842249455cf718a408ff7bb357c87da6087fa4eb3db221e61e8439a11342a235616c4952f7c60461ef3b8f0429131bcdac15b1f31a3994b5b93b19

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            46295cac801e5d4857d09837238a6394

                                            SHA1

                                            44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                            SHA256

                                            0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                            SHA512

                                            8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                            Filesize

                                            72B

                                            MD5

                                            7943ca1a14f78ac6d107c5391e52af32

                                            SHA1

                                            c26a822780283858cd4b705ac89eec7591e91635

                                            SHA256

                                            f038622f719c736c770c643403a300e9ea9c68f6412cf995953dfbcfb9f1b9f1

                                            SHA512

                                            9d927e8eff1e36a191d1d2eba89f4af315ef988ab076467761dd15d52bbc2383db8360f7a0e915def778b83c35dd6fa63c3a01924fcf32e7ceb40b21d76e5ddb

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580599.TMP
                                            Filesize

                                            48B

                                            MD5

                                            2c063e7f3de3aa9a7cd1772fcd92ff8f

                                            SHA1

                                            8d5a325b9ced5f76bab7ea27cada5ed3f8b9231a

                                            SHA256

                                            5226f1dae74a95c0796dac180291ee246fcb87f728242bdc16bcaefbddb1988b

                                            SHA512

                                            504fcd13955bc4efb2f992c2eebc5530096d50fb72423c10df5e62a0c857118266c6c21ce95afcbb0306605f48e9a20542f503afe6a2ff06850156ee66a2517c

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                            Filesize

                                            706B

                                            MD5

                                            5f1f7fa0f8371d5b82c16ac40f9589b5

                                            SHA1

                                            3a1ba6bffb1596ff03df1c6a73ef5626ca0bc545

                                            SHA256

                                            453952772516ae75c2581555b599637e42bb473a9e83eeea39e32095300ccda0

                                            SHA512

                                            05846b389bcb1a294e53ce31b399c714cac65f34732f238dad16405534c36e7d4d667b7c474b04f4e02b94f4ed962829420e0bf7561151851e3488f98783191f

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa1f.TMP
                                            Filesize

                                            539B

                                            MD5

                                            194689c7f8a1aabab34a99bd2301d7cf

                                            SHA1

                                            bf25c657486fad78a96df19ac32c0b097cd3bda4

                                            SHA256

                                            e442166d7c2c718b970a879d252a9aa28e2e3fb1d9596ab0e404b5f39c7eee94

                                            SHA512

                                            ed88f4ca814f4fb68f7c85dd483acb86c710569b2e62c949aa538f9004a29cae8193a48b72a1ce317191001bd58bf905bf1373fa558eb8bfdf886ae9a712e1be

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                            Filesize

                                            16B

                                            MD5

                                            6752a1d65b201c13b62ea44016eb221f

                                            SHA1

                                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                            SHA256

                                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                            SHA512

                                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                            Download Submit

                                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                            Filesize

                                            11KB

                                            MD5

                                            79bc6525854f93497830ce70785a7139

                                            SHA1

                                            649fda6f27e4c08f5e5699b2983e0d87adddc694

                                            SHA256

                                            4938e1f54c0ae756cf7fcb48580deb7c6590929e1832a1f772989d28714fb049

                                            SHA512

                                            1de9a8c2fbdb08627aa0ef9a54892c77b3d96d5a6d03c7f9c9e1e3ff04cc699c4ce691611a8ff6c1935b488bf6f377c312339a365c780c5d561fffed4a899c77

                                            Download Submit

                                          • memory/2352-8-0x00000000006F0000-0x0000000000736000-memory.dmp

                                            Filesize

                                            280KB

                                            Download

                                          • memory/2352-7-0x0000000000400000-0x0000000000483000-memory.dmp

                                            Filesize

                                            524KB

                                            Download

                                          • memory/2352-6-0x0000000000400000-0x0000000000483000-memory.dmp

                                            Filesize

                                            524KB

                                            Download

                                          • memory/2352-3-0x0000000000400000-0x0000000000483000-memory.dmp

                                            Filesize

                                            524KB

                                            Download

                                          • memory/2352-0-0x0000000000400000-0x0000000000483000-memory.dmp

                                            Filesize

                                            524KB

                                            Download

                                          • memory/2352-2-0x00000000006F0000-0x0000000000736000-memory.dmp

                                            Filesize

                                            280KB

                                            Download