a8aed95b67e887c5a101869cf20ed283449c44252befab7ea715201a95df2009

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 03:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfb3197e967b47e5be31682f483712c3.exe
Size

14KB
MD5

bfb3197e967b47e5be31682f483712c3
SHA1

0edb9afe94ba65dced3b1fca8f0426c95aed0dbb
SHA256

a8aed95b67e887c5a101869cf20ed283449c44252befab7ea715201a95df2009
SHA512

07d2b3157fa0bc14a4beb62a896e44ac7e44ca41c0ab4a26fe3c972a7ab1ef4e07a868f758dcf807d9549f5d4e7a7449b220e6df5c254f597b01f73aa7f15dce
SSDEEP

192:Kr9sK+lGFKbWLLKSq4zqD9YjtY8gU3xneFI5ue25fh7Kv30DGpsK6t:Kr9DFKWLe+zqD9YRL5eFI5ueOxKf2t

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings	Explorer.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
2240	msedge.exe
2240	msedge.exe
3484	identity_helper.exe
3484	identity_helper.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe
1356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3000	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3000	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe
2240	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 2240	4300	bfb3197e967b47e5be31682f483712c3.exe	90
PID 4300 wrote to memory of 2240	4300	bfb3197e967b47e5be31682f483712c3.exe	90
PID 2240 wrote to memory of 4440	2240	msedge.exe	91
PID 2240 wrote to memory of 4440	2240	msedge.exe	91
PID 4300 wrote to memory of 4488	4300	bfb3197e967b47e5be31682f483712c3.exe	93
PID 4300 wrote to memory of 4488	4300	bfb3197e967b47e5be31682f483712c3.exe	93
PID 4300 wrote to memory of 4488	4300	bfb3197e967b47e5be31682f483712c3.exe	93
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3720	2240	msedge.exe	94
PID 2240 wrote to memory of 3168	2240	msedge.exe	95
PID 2240 wrote to memory of 3168	2240	msedge.exe	95
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96
PID 2240 wrote to memory of 3628	2240	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\bfb3197e967b47e5be31682f483712c3.exe
"C:\Users\Admin\AppData\Local\Temp\bfb3197e967b47e5be31682f483712c3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.youtube.com/watch?v=xkoBlCjLX6w
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff86b846f8,0x7fff86b84708,0x7fff86b84718
    3⤵
    PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
    3⤵
    PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:4028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
    3⤵
    PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5196 /prefetch:8
    3⤵
    PID:1168
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
    3⤵
    PID:1808
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
    3⤵
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
    3⤵
    PID:1504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
    3⤵
    PID:5292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:5300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,11684478987552653758,15117169147732637512,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1356
- C:\Windows\SysWOW64\Explorer.exe
  Explorer.exe
  2⤵
  - Modifies registry class
  PID:4488
- C:\Windows\SysWOW64\regsvr32.exe
  regsvr32 /s svchosts.dll
  2⤵
  PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a0 0x344
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
de9ebc6a8ce3cb974c8151a351c17737

SHA1
de8489e96f44bce1aaead4503009d6c98196a3a2

SHA256
7f862a1e66e1e39d567042d35be55c97bce94d222004bdc38fdbd4bfd9901824

SHA512
67b30f6c0cf75d2702d1dc38d6e7e2b3be0260f2ad03baa0b89d9ec94c643ef016f5013c7bb9657d9430ec76fc813cf2ccbedebb0127f97c012bbc7c4a9f89d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b8e254402f4e68bd72e2c20ec4053d9d

SHA1
3108aefdb9993b4ea1b136707b6b747f7ebd2848

SHA256
e28d5297541284d72c56df6784535c61b590c37c1c6b5480a417af16ca93cdf8

SHA512
ff7af8a48e6089982fabcf50e520e6a19571dbe810dd0e119b6b197c966c6167de40c9c68224acad20791b18ff0e1af7877b46c1f25df61b6c0235c0ce249fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
025e3ee47ef0c08b26ed291b1b23eceb

SHA1
554a5a0ecf810041ce02d9bd0ee3b78d0384b9f7

SHA256
f76b53f570aaf4c36f28052a3e23f3a67f882e3e2f077cb602907bf05527ec1e

SHA512
30882ab1c8934ad5a0cf9997e0f9e2edd45d4fe5087a5ce82de98d7819b547448d5775fe69c59c5e0bc5c30075000d5d9d902dd3e1a59d9a19143667517e413d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a6426f2993ced71fd3b13979558c4c5

SHA1
e7f91600f27e30f25f5e15b7dac22a1affad9ee6

SHA256
9fbd963e6b6f01c8eaff42e2ba6417512d15cf678929288c6c6905738ee59179

SHA512
6c377a4ab043632f388211558e49a98ddf1b9095e7b55656f53224b6ecbbe4e8f43c7930b3f32ba022097400f914ef8a1758afa84b80cfc8ff693f7c55b50046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8c4591a8427d9d16a056c01615629c3

SHA1
08f2f62b516151fb0829e5fdb2f25748bf37cac1

SHA256
ff46168fb6106132ebfd6573db4b5c6f8ed2d7e43485ea9839c7228227f3edcd

SHA512
05d9c4b4987ba99e578ea8e500d396ec8a48e3f33fd3200ee449ff138529d2edc8d0adb4a2d7f260f4768aec0d0c72c20c3e9b25b0c5854f75b78510606560c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\faaa4f21-2f9c-49fc-9eec-d1f972a9a35f\index-dir\the-real-index

Filesize
2KB

MD5
d2f68946c168b699550e29fabd05ca00

SHA1
1bb86bddf968d3f9eb53a7a7bf8ad7497a1c997e

SHA256
a97094cd588829ecf63b4c06c9fa075c7dc227168fce4a1700eaa84f7c9f15e3

SHA512
527cd7848a06ba816d78d80ff0954637fbecfa9d4cc1cce41bb847b7dbb84ef46dd20d433010eecaada846d79e3cd85fdbc32483f200323b03f2b686af7e4a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\faaa4f21-2f9c-49fc-9eec-d1f972a9a35f\index-dir\the-real-index~RFe5796c2.TMP

Filesize
48B

MD5
ae1dd5d6872665e11c7f5c515b7fa9ad

SHA1
947dd94392705b4279b98acfbfd00971d1391c02

SHA256
f2a3ec0138436dc66bdfd5c1a8ff95658b80bdafca450ffe679ba40c66a0cded

SHA512
4ccea0d14d617886ddb5abaf21b3dff6753129ef81cec61d74a093dfc36c9dabfa2a99aeec44746e6b32ca4427c5b89a0dc7ed6e12e75267cc39be302625d90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
e1837f6817474ac02d665935adf435be

SHA1
542a345a9f62591f609a71e9a7f233b3126470a9

SHA256
5a0e4f3bd0af75e4c327d22f9098a20b8542255fc71da9bdee199e13a0fa4713

SHA512
27a2eddbb09156ee88118cbdc5777a522305cfc60c3a0300bad150875055c161e28c8275434380342e6c485a63488275ca45eac879079c827ff66aaae33bce70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
5cf8e28b25f9a0af95022891d0732094

SHA1
abda91d8e4563a9ec91fb5e0e4717e5f3b83d58b

SHA256
711ba91a1942fd3fa059a35688828c22ad370c586792e923369b3ac402991a24

SHA512
aedebbeb5a5c477d8711ba2bf6c0d0eca2635c6910025d5a152cf2a2cf22d63a77fd1b376a8da38b1a77e8ee19394fa7d0e4b0627d88821d28d2144fa8cb9fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
6f3dfd30695474749098d2da8d01df11

SHA1
17d9d89aeab300ab2474e6bfa67df51dbe0d36b4

SHA256
032409e90d6112154cfb4a8830163e2e627fade38bce792bb981855243926c3b

SHA512
cb3ecdfa55553745d6d76b476565006412036fa594edd3ed799e5d8023e062a0d3a92cc4502e4cef0241f67db15596b3830892e1669715f1adc505bd4f63a67c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
f99f14507f601888b0fc2e485e6194e2

SHA1
52e8dd1e26b446c796dfc6f22cb1a3daeb0d2983

SHA256
3eef3f87a9fa7133c192dc8678e73f768e81c30b4573e15b93b2d3e257599944

SHA512
5da8d3b211d0e75f11579dc027eeebc3284e15ef497cea223e979e5270e0536d0baef5911bf6e0a9efadae263cd9adc866b7740488a1bbd14c62e28461e89617

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e0dc3b1e3690bfb46e537621a239fa7c

SHA1
15abcb2c0d0450fdd7a7d36c7bd22d4eea9187e3

SHA256
50a3cca3570403dbbde59e709550b4fd7b41887af1012b19029a4fab30418c59

SHA512
bdb595715f9074b72c54ebe974a77a42a54963900925fe4bafbde919494188c6fe1bff0d4921621588ba23af9109335261747ffff2af4d9919bf536f09f6c2a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe578f01.TMP

Filesize
48B

MD5
934df0899d8247d4413fe30fa21ca420

SHA1
e2cec6d0905fc1657fcb97ea2d8c7d8ba3f6a0b9

SHA256
a51551eadf3783f31054240eedd6b1d7b92e79753bef82ba653d830b430f414b

SHA512
4cb4f64a242cb8c06436fe0fd7bded103c549f7a03b1954778bcbc0eca0c431a25e006f2b401c7a073af41079c21a432f7d622f13c4311d92735fef2bec47fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
094262beb0d83b73ab9f2d88eb2c0b91

SHA1
f5371492b9c497be74ddc860dd39ffbc14792bf8

SHA256
91df927dc72e9f57afeb7aa3dc3745d6112f595005f3b70c91cf59f248be51ab

SHA512
d13ad827c384a8529596bc53b8bfee481d155f14de0c670f670d562c32d35e127d2cbc7404a9f4a6cf85e1371c656377ded0d87ece15b8a996dbaab4be55a870

Download Submit
memory/4300-0-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download
memory/4300-23-0x0000000000400000-0x000000000040F000-memory.dmp

Filesize
60KB

Download