Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

3

Galaxy_Swapper_v2.exe

windows10-2004-x64

8

Galaxy_Swapper_v2.exe

windows11-21h2-x64

8

Analysis

  • max time kernel
    619s
  • max time network
    625s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2024, 18:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Galaxy_Swapper_v2.exe

  • Size

    4.7MB

  • MD5

    1d0c228d384719d8348c7ca2213055dd

  • SHA1

    a994f33dcd502f50c5849075e06f4d0e9867aebd

  • SHA256

    88f12c6fc3de84fd90dbdbbcc877f883d462b6ec5882631412328e89493e759e

  • SHA512

    9d5b16bf855b4971f65f62f54934648ae739171c19b55e14dff665377c70ebf76cb8fdb02b2d02e8cea5c1374667774f670d4c3373cf9cd89532726860e61b6c

  • SSDEEP

    98304:e3JuhFYwXXRYgqatNTOb69GeDluupSUD3G:e0hyqYgRNTOb69GeD4us

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Galaxy_Swapper_v2.exe
    "C:\Users\Admin\AppData\Local\Temp\Galaxy_Swapper_v2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3396
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://aka.ms/dotnet-core-applaunch?framework=Microsoft.NETCore.App&framework_version=7.0.0&arch=x64&rid=win-x64&os=win10&gui=true
      2⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of WriteProcessMemory
      PID:3448
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc23c446f8,0x7ffc23c44708,0x7ffc23c44718
        3⤵
          PID:4524
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
          3⤵
            PID:1604
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
            3⤵
              PID:4200
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
              3⤵
                PID:2176
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                3⤵
                  PID:388
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                  3⤵
                    PID:3952
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8
                    3⤵
                      PID:3544
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4020 /prefetch:8
                      3⤵
                        PID:4684
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
                        3⤵
                          PID:3096
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5416 /prefetch:8
                          3⤵
                            PID:984
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                            3⤵
                              PID:2840
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 /prefetch:8
                              3⤵
                                PID:2496
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
                                3⤵
                                  PID:3604
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
                                  3⤵
                                    PID:3024
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                                    3⤵
                                      PID:2620
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
                                      3⤵
                                        PID:4624
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
                                        3⤵
                                          PID:1460
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
                                          3⤵
                                            PID:3312
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5808 /prefetch:2
                                            3⤵
                                              PID:3160
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                                              3⤵
                                                PID:3796
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6148 /prefetch:8
                                                3⤵
                                                  PID:2404
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6392 /prefetch:8
                                                  3⤵
                                                  • Modifies registry class
                                                  PID:5112
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7256569191395493159,1272505179408997884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
                                                  3⤵
                                                    PID:1984
                                              • C:\Windows\system32\taskmgr.exe
                                                "C:\Windows\system32\taskmgr.exe" /7
                                                1⤵
                                                • Checks SCSI registry key(s)
                                                • Checks processor information in registry
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious behavior: GetForegroundWindowSpam
                                                • Suspicious use of AdjustPrivilegeToken
                                                • Suspicious use of FindShellTrayWindow
                                                • Suspicious use of SendNotifyMessage
                                                PID:2712
                                              • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                1⤵
                                                • Drops file in System32 directory
                                                • Checks processor information in registry
                                                • Enumerates system info in registry
                                                • Modifies data under HKEY_USERS
                                                • Suspicious use of SetWindowsHookEx
                                                PID:2876
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:4568
                                                • C:\Windows\System32\CompPkgSrv.exe
                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                  1⤵
                                                    PID:984

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    1e3dc6a82a2cb341f7c9feeaf53f466f

                                                    SHA1

                                                    915decb72e1f86e14114f14ac9bfd9ba198fdfce

                                                    SHA256

                                                    a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

                                                    SHA512

                                                    0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    36bb45cb1262fcfcab1e3e7960784eaa

                                                    SHA1

                                                    ab0e15841b027632c9e1b0a47d3dec42162fc637

                                                    SHA256

                                                    7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

                                                    SHA512

                                                    02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    384B

                                                    MD5

                                                    a72f29ef385956f3e4cf9490bdb15a76

                                                    SHA1

                                                    786caef96eada4d2b9d7789d75dc1bcb54edd679

                                                    SHA256

                                                    40dd099587b8957207a3d992d235e02f19804db98ec10335dda54ee92122b4c1

                                                    SHA512

                                                    838307933f8440b159f0a292a2df0e214d86713029df8bb6563f03d84a9a3208da1c047ff941b82c4ce42b6eb2c9b079c686643102111540eccef47013bc72f1

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    408B

                                                    MD5

                                                    976d8afe931cce8d807565926372362a

                                                    SHA1

                                                    1ae7b138350475669302467a218670eae81a2110

                                                    SHA256

                                                    91c2b6de6940e562eeb6a2f7bdf23c41ed84e70bc8d1f96fe227f91c8beec4df

                                                    SHA512

                                                    fe6c08b2d5a88006b418c5817d67ae0e3b66bd4e116779dedb05811044b5f7a54b610cb2a4ffbca460eb245243c03bda38dd546b8dceaacb53c5ec94bef73ccd

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    2KB

                                                    MD5

                                                    7a4869faa5e48a31658fe871d5c94c93

                                                    SHA1

                                                    9fe5f933b3dcb710eff3336d47a1c9c3ee1cfb16

                                                    SHA256

                                                    528a6c089b78f8227b2dbd47e16ea83751c8aa484a09b127e0aabee2cfdbf923

                                                    SHA512

                                                    a43c1428b6b972ffbff32d53093465f5e4f1938ab3363dd87eda1adb4fab90e7df39581e7f64ce565882f65c821a6ff62d04d8a1c96ecac1dd1c1ab27a327b73

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    fdfe1d1f9d06ea1a9bd3fb61eb9c43a0

                                                    SHA1

                                                    8011bf601698894a040044ddd0bf6d20b9e7164f

                                                    SHA256

                                                    2ee6ea6c6e46d4327a7b1659fcfd13f8d36d624a52046c00c781465a92c7abd9

                                                    SHA512

                                                    f0072118aa0e296dabf9457bfd9010d2ae73cd3cfedc7a5655452f74d78c6cb26cbc40b61c7b0c7552735c8f87b547669b26eea61e7d6c257786fb8dc5e74a20

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    1002B

                                                    MD5

                                                    75ea8a1827f6bcc40e4b5a4d7e186e38

                                                    SHA1

                                                    9b735689f662b157b960d4cb6bc8dd3a088161aa

                                                    SHA256

                                                    d996be07f093660dde3cbfb4b63cc015cea19fa0f21938533e8c6b15b5fd871b

                                                    SHA512

                                                    b5e00acdc02709fbf8a7e2bba5634018115ea38b675986c4cdb33a1dce19b98167d3d1a37499cf8dae31b866d7c2a4f16669dc0b60dea20dea1ce11cc656df1e

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    6310976e546f0a67505cbc637bde3f5d

                                                    SHA1

                                                    13f358514e0911eb4cbfe8f59bd2ed4d115fc1ac

                                                    SHA256

                                                    b2ee58fe7c304e8f741a75079f4113d69ecd9b631b163b142a2a8b853cd1d564

                                                    SHA512

                                                    375ff8763f3c6f0a649dd636652b293ea80cb91ec625f0518906c24fa3188e784f69c89867b5fd97b1beeec01518af5cc6fcc449c97219e1f6ac5165b6c85ae8

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    818bdc27ab1f4de86c123fcda19fa940

                                                    SHA1

                                                    f6e413618416aaf8cd9715a17a5f4346f83f811c

                                                    SHA256

                                                    333e01aba7a4103a96109f815845e0fe59cd4a7c503ee090d701f4880b867f71

                                                    SHA512

                                                    4e04f235d4dccf28a8274464f80a0a95d05fd8b3411f41c5a81798be2f69329a9748d206cabfb14e33b203816d2ba1aedbfa0ca53abd72eaebf4f903f0a5c83c

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    29dee2dbf7869b15deaf71e3fc69e5d8

                                                    SHA1

                                                    bdfb85a327a8ad7124f1d17ee6339036eb355385

                                                    SHA256

                                                    a5ea1f333063b7d9f26918746db4c3c68b5032a0e911eba16392207ba4032ff6

                                                    SHA512

                                                    ee6bc98e4291ef231cddda086827c3fab4af4bb487507e691ccbc20befa77db6e2365a9749c928fa99a476c74d569425b3a98ad416dcf3916a533cd0ac003ebe

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    7KB

                                                    MD5

                                                    6c53b517abe04f6945054410425a337a

                                                    SHA1

                                                    2a25850106e65f3ea01baa820bae7efed6527fce

                                                    SHA256

                                                    c0ebe93b1957acd7a2ac53610de18f85a60b0f4f9826b20a192f559dae81f7ed

                                                    SHA512

                                                    f76d38548b87c45c4934234280c08d39bccf58c3c18aa0342629ccfd592493431e85ecc078481206ab5f49430d66a88232928df3561cbae509a09508f4afb45a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    92e1f6c397d5e42bb0d410a26e60911f

                                                    SHA1

                                                    eae7d0c715490af29f424aa2cf6baff35330e955

                                                    SHA256

                                                    c41bfeca65f80365d1067f6518775713fc4e71cca7f144c7432bbe5a8408c1ea

                                                    SHA512

                                                    52d5c0f1a9a53bb9fce4f0ef6fed23b5c17ca61aaa4d6111c487ad440ae9df8507d55182ec9ca5fd5988748f252c3cf25843f8592d90010656fa59220a1884a7

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    874B

                                                    MD5

                                                    803729fd2b8abe6060c2317993d1f8af

                                                    SHA1

                                                    1f923affa8a062694aa16f14e4590edf1859eb09

                                                    SHA256

                                                    7ebd71902def7e61e8e6b686efd55e3d01f0941499b0d3af4ca8d4ab8f3bd474

                                                    SHA512

                                                    c89b774ff87a5c484c732a08683d9666d1b04b7366b40173a8b2c090eb46ae883c10ad4f847b0efc98c6aad2fc7baf6ff54a9e58798deabdf2745daa560b7939

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    707B

                                                    MD5

                                                    e6900da6c844ac70855ed7af1470d5c1

                                                    SHA1

                                                    7919f0b763ea746e29648f7ed0e4f8fa0877bfc1

                                                    SHA256

                                                    a08461dfc3549fd3f2d6ca95ab51c95bc2e9e44232af229a4c8fc2ffe21c27e6

                                                    SHA512

                                                    de21f8b048ee307397cfccb49156bf29ba13cc00e77f0d5d6d0af486f84727d29f1bd51de775a455519199f26ab51b0365cdd520a1a6fd687615de5c74a34ee1

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    707B

                                                    MD5

                                                    9adf1bf493ec58e0f8f1546870841669

                                                    SHA1

                                                    765c4d58b1ee36b3a3bbe22253f33054e6abd0f7

                                                    SHA256

                                                    1286e53c06e528d31c70a841b9f16eb739c7c8949e8f1b9cd5b60a38c091d706

                                                    SHA512

                                                    1c30f025607ef1ccaf4e6c2553f207a825af58351add9bce2e4ca84b595201456afbecde33f002bbb2a571e935db508bf7a1c828f094148b5e34c32ddb0a5d10

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    539B

                                                    MD5

                                                    7ab4d6ea2bdf9877f4a2ffc5d0308c0d

                                                    SHA1

                                                    0def4afe3e997b23d3b6f218da7672642e005b6f

                                                    SHA256

                                                    7cc1684bbebb6182e138cb011bfcaae43b9aa276fb9065cdeac872fc64140317

                                                    SHA512

                                                    6ac1f2499d41c6b50a8e4752514f7bf1fe3a90579b3f3ca21a0241b11209ecbd9fe5dd28e347d0cbaf44e30995a92cae24c31c5db2f8183404bcb50985bea252

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    a77dbb207dad320a4813570d51903124

                                                    SHA1

                                                    594e12b8b0deff4bc0513215d65ecbc83a3a9ffe

                                                    SHA256

                                                    b2f29ae8344185e391a42eb5e465250d90ed0fe43d5c61e2a7a2b2cb0d67fb41

                                                    SHA512

                                                    44636a31046e96832f23dcb3f3638c714ea657eb90ccf2d757b7c0202da1215aa00f4692cebc36ca896018cb7011c70e425e44b408d390d7df06cfc846caf4bf

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    1c980569cf9a0fc365d4f511aaf0eac8

                                                    SHA1

                                                    d48a315823e55e5311956ab989f3b7713be61e17

                                                    SHA256

                                                    5cd16444285facf37f440b18844e21167ab020cacfeb43c5d66021b9d493792d

                                                    SHA512

                                                    c1c938e0ff0ffdcee06884b3ecd21ce363a5ac4a74894d64b9698780654b7537718fd726d8db46275c793c7a68a348a70eb5711a4678ae7f9650e77018b0d4b1

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ab641.TMP
                                                    Filesize

                                                    371B

                                                    MD5

                                                    caf8b93f9c4fc6f0d1d80d7dde049612

                                                    SHA1

                                                    4df6d0bee77c80205dac57f090acfe50b328ead8

                                                    SHA256

                                                    50d7488d0a29e462143baee96190c4e90d71ea023afd24b6812398c2e132fc06

                                                    SHA512

                                                    2f9d6f1ea0942230ff18940119d0aa0a128506839d0b36c1d8c4dd445369de45a70b7935316f96f5b08a33d3eaad90fcc26b6489c7386a7ec23fed56afb01e37

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    11KB

                                                    MD5

                                                    ae5ef92e3cdf039959da3fdda648d16e

                                                    SHA1

                                                    d267439a198797514c3dde566ae9d19fe48527ae

                                                    SHA256

                                                    54f88c0d010f8f2047cc9d30277c6574600420ccf76e0207478793cd903df298

                                                    SHA512

                                                    59c36816524f082c521d4299e7783841f50c511f1d9614dcdee15e118ed8b6c25fc5f1f709c2fa9696db8429d4d5ab004c0edd5250e4178d062ec5dc36e0f146

                                                    Download Submit

                                                  • memory/2712-8-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2712-11-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2712-9-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2712-10-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2712-6-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2712-7-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2712-0-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2712-12-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2712-1-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/2712-2-0x0000025590D80000-0x0000025590D81000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download