hxxp://minecraft[.]com

Analysis

max time kernel
1730s
max time network
1778s
platform
windows10-2004_x64
resource
win10v2004-20231215-de
resource tags

arch:x64arch:x86image:win10v2004-20231215-delocale:de-deos:windows10-2004-x64systemwindows
submitted
13/03/2024, 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://minecraft.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
3456	msedge.exe
3456	msedge.exe
3876	identity_helper.exe
3876	identity_helper.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4424	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 3528	3456	msedge.exe	85
PID 3456 wrote to memory of 3528	3456	msedge.exe	85
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 1636	3456	msedge.exe	86
PID 3456 wrote to memory of 5080	3456	msedge.exe	87
PID 3456 wrote to memory of 5080	3456	msedge.exe	87
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88
PID 3456 wrote to memory of 792	3456	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://minecraft.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff977e346f8,0x7ff977e34708,0x7ff977e34718
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,4648871638688414637,1208501329037424239,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3672 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1404

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
e72e85b6a25bc650916f80ae57099b60

SHA1
e765dc29a8e1aa0b26e63cee008822e76d8451a4

SHA256
3927d0a1126a45e6e7564bedc1efcb1fbbde359f3a2ddf1211cefd2febb38a3c

SHA512
f170c942b57bfb03c8604ce0a47ca05b743fe8292d071317659018c33a953804f0faffdec47f8ef52e343b6da2d8dd33bf196f42a6d0a4cc0f39b01c7afb4897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
894B

MD5
8f6969d80d75ce82f1da87adb6418420

SHA1
ab397241c6eb96636ca20c2f22bd24ba48155398

SHA256
086eba7664edd7ca928e1526171b9d078b6e1602d81df09f11c58b7c5d353482

SHA512
ceda167f827da7082a07e8469364177971adcbb39ab2b6f29f1f3dcae80bb88d4c31f265948ec4e5a9abdc2a336cb3f3505d6b17d9c14b31d96169bd8585388c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
818B

MD5
3bd85814324f5e84af1e87a6f9500d8c

SHA1
33933c911f53865ac41b88a5cd60921efd0026c1

SHA256
171c13442680b4d1996bcf131e2a7054d4a23ee26a8f1ccc665c6487a8c5ba9d

SHA512
9a36b1094b4fc46caf2cfb1b90b95ca509a9a0763f113d05fa0cac45fa268b7f266097cc4c8134c5c1b4bf7039f4ac61b3e0335515fbd0263643fc847265faba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
894B

MD5
8921b903a30ba1adf0a00a42f06753c5

SHA1
70aacea55fbd291e826cbdf877305a0a7f967ae2

SHA256
922448bb966a6a7ada731b9c0bad2ffb0939ed46e10efd12abaafdb0cbb18a2a

SHA512
b6f5ca2048b4582b00f74162ddb3ee6367ac3a7986faccca3d1ffadef0a4e6acedbd6dc44f14dc4310ae6050e072b8472029a593a256284eb9d36b0e1ab3354e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea39edb349aa8c385ac15c65f461a392

SHA1
dec237c9bb70111ab74c372ba3edbd3eab95ef3c

SHA256
f747d49579381e06f9a3834e1317f72bb454db6697eb0b4670cfe993da4fd13a

SHA512
cd2f2333a79fe3aa9e4aefce5d95bf31c968260195de82d94e64172783e0c185b82ff668fad9fd0cc3f60282f0c0c3ba326c41092de50a97ba11b2fbd9d380e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
95da39cb726bdd6e7b46e56f51627d28

SHA1
33b099e3ef14b5ca7e0e9f858f05e0ace9a13067

SHA256
c3bb681bc43dbc4f9d51d87dfeb6e301fce928617eec405b7d80e967a341a4f7

SHA512
5f52e81847bea6cf12450e76b48a810b2eee27ce87b5ae625834316a667c2db9f14b134e4b0739c1cacc3a78620d48b36fd11c8772559cded3a8050215076d30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ffaf0e95d2e633ac7a3e75a307b03ed9

SHA1
b84234cb0d81eb71a0108a5132ef56d4c6fd4827

SHA256
7a53e4b60384ce3938929943339b104cc394bbd9dbb80e7ebdce764c0abaf9d5

SHA512
6f7c78fa51ddfc21c2c890caccdf833ea30e827c0ab59818077002211136ab09002220a01e6ab53aca825526491478a50bbfcf7fbb5f1b4c4b6ed81e69975cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
ca6e25515e86a1c07587a4fc998db84a

SHA1
7255a3f1ee0b1309d676e900b424343714f44222

SHA256
9d9bfd5970e6aeffe14f2233197d573f87e898972a572d9eb69256eebb3b1650

SHA512
42407ec05fc4f9144b869e328d23f5e20e079c6a20d8fc520dbc358c674bc6c8533d6dd2cf9d007e991629b17805f58b980f661a3767c90a01cef5340cb885d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
37932cb5e1512d6d45d65dfc55de00cb

SHA1
44882e72be5ad76703c6dc664c462b214ac7c0a5

SHA256
f9c56428582120f83bcf5d50347b2f0d40a65e17ce6cb27d35cc03c544c55b51

SHA512
93cc996f22adc4bf7abf46aae06cec1b3d61e5dd44f360e9acee8f52f06db9b9534ef3704fac8c1fb90b57cf80ec145ab2b59ee91c86c817c916d40e12226c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
2922ef2e91507632eb7e10deffe7bdc1

SHA1
94d85d63a52d3ab13efae2a1da91342ccbf7ac58

SHA256
a5dcecd64f3df1c319439d5d0dc946d654426524b4d01d05dd36971f3c5c647f

SHA512
00a3939488366c46d0b13284df962fcfe08101652322864c777488ead22a1034734503c93ea3318da7416f968d34a57f549b2c0e0f822526da1f9c94aca87e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
21934310f772a90fa879da39088b1e78

SHA1
49803f09594c52ad3125851bfd4a4d02c696da97

SHA256
7d7cb368f7a641ac10583a0be60d7f62450dee2b9184f81d77b3e3e337a9e76d

SHA512
840c091fadce24c98793e753e1cff3ad709a568a5cd78556517f87dfb4304a907a80a1a94f80f126ba7c1eccf3e619bff06a9cb7f475e27b0ee63f3948ef795b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5c17e5.TMP

Filesize
371B

MD5
7ba46a5a39565e9bc241a06310c036c8

SHA1
243556a46ebaab81bda5bf18cfe2a35737bee92f

SHA256
32533e01dc8cf81e5138bfa770b072d8e21c3888bd79ebd6536a550b2c5190d2

SHA512
2de971e04df94df18822f94c6cb1312f2e3311c88d5c5da73d99bf2ff9984c5de62ddb97dd1c740e0c12400ed3d08777cd4fc0e0adcb828dd292050503741ca5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e02b9f9ed4625ab572cdb91c75db76fc

SHA1
2d470e95253cbc77109244e4bfce0f184d99ecd7

SHA256
77237bc22ca4ba0a55b9d9535538f5441d28d5a7cd568c125f5f3bb28abb0f67

SHA512
18e14b8f0e4b3d21b84d4440504e91e449837619585e3410b47684723e21a9420aaeed029e1a941d8f5399547669323fbec7ce5ef4b21e1177c46ad9c8d83834

Download Submit
memory/4424-327-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-336-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-321-0x00000223B2870000-0x00000223B2871000-memory.dmp

Filesize
4KB

Download
memory/4424-322-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-323-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-324-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-325-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-326-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-319-0x00000223B2760000-0x00000223B2761000-memory.dmp

Filesize
4KB

Download
memory/4424-328-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-329-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-330-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-331-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-332-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-333-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-334-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-335-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-320-0x00000223B2760000-0x00000223B2761000-memory.dmp

Filesize
4KB

Download
memory/4424-337-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-338-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-339-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-340-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-341-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-342-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-343-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-344-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-345-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-346-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-347-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-348-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-349-0x00000223B2770000-0x00000223B2771000-memory.dmp

Filesize
4KB

Download
memory/4424-317-0x00000223B2730000-0x00000223B2731000-memory.dmp

Filesize
4KB

Download
memory/4424-301-0x00000223AA440000-0x00000223AA450000-memory.dmp

Filesize
64KB

Download
memory/4424-285-0x00000223AA340000-0x00000223AA350000-memory.dmp

Filesize
64KB

Download