Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

Analysis

  • max time kernel
    133s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-05-2024 16:49

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://gofile.io/d/iZ9arn

Score
10/10
nanocoreevasionkeyloggerpersistencespywarestealertrojan

Malware Config

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Downloads MZ/PE file
  • Executes dropped EXE 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Program Files directory 3 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 41 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/iZ9arn
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1684
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaa6046f8,0x7ffbaa604708,0x7ffbaa604718
      2⤵
        PID:4468
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2016 /prefetch:2
        2⤵
          PID:1188
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2724
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
          2⤵
            PID:3084
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
            2⤵
              PID:4032
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
              2⤵
                PID:4896
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                2⤵
                  PID:4612
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
                  2⤵
                    PID:5080
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2352
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
                    2⤵
                      PID:3968
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5348 /prefetch:8
                      2⤵
                        PID:380
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
                        2⤵
                          PID:2080
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5988 /prefetch:8
                          2⤵
                            PID:1844
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
                            2⤵
                              PID:4476
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
                              2⤵
                                PID:2068
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
                                2⤵
                                  PID:5188
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
                                  2⤵
                                    PID:5196
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5560
                                  • C:\Users\Admin\Downloads\NAME.exe
                                    "C:\Users\Admin\Downloads\NAME.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Adds Run key to start application
                                    • Checks whether UAC is enabled
                                    • Drops file in Program Files directory
                                    • NTFS ADS
                                    • Suspicious behavior: EnumeratesProcesses
                                    • Suspicious behavior: GetForegroundWindowSpam
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:5660
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,17288726879728463601,15783673456901342279,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 /prefetch:2
                                    2⤵
                                    • Suspicious behavior: EnumeratesProcesses
                                    PID:5352
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4264
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:380
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:5900
                                      • C:\Users\Admin\Downloads\NAME.exe
                                        "C:\Users\Admin\Downloads\NAME.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        PID:5992
                                      • C:\Users\Admin\Downloads\NAME.exe
                                        "C:\Users\Admin\Downloads\NAME.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        PID:6048
                                      • C:\Users\Admin\Downloads\NAME.exe
                                        "C:\Users\Admin\Downloads\NAME.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        PID:5684
                                      • C:\Users\Admin\Downloads\NAME.exe
                                        "C:\Users\Admin\Downloads\NAME.exe"
                                        1⤵
                                        • Executes dropped EXE
                                        PID:4852
                                      • C:\Windows\system32\LogonUI.exe
                                        "LogonUI.exe" /flags:0x4 /state0:0xa38df055 /state1:0x41c64e6d
                                        1⤵
                                        • Modifies data under HKEY_USERS
                                        • Suspicious use of SetWindowsHookEx
                                        PID:2932

                                      Network

                                      MITRE ATT&CK Matrix ATT&CK v13

                                      Initial Access

                                      Execution

                                      Persistence

                                      Boot or Logon Autostart Execution

                                      1
                                      T1547

                                      Registry Run Keys / Startup Folder

                                      1
                                      T1547.001

                                      Privilege Escalation

                                      Boot or Logon Autostart Execution

                                      1
                                      T1547

                                      Registry Run Keys / Startup Folder

                                      1
                                      T1547.001

                                      Defense Evasion

                                      Modify Registry

                                      1
                                      T1112

                                      Credential Access

                                      Discovery

                                      System Information Discovery

                                      2
                                      T1082

                                      Query Registry

                                      1
                                      T1012

                                      Lateral Movement

                                      Collection

                                      Exfiltration

                                      Command and Control

                                      Impact

                                      Resource Development

                                      Reconnaissance

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\NAME.exe.log
                                        Filesize

                                        496B

                                        MD5

                                        5b4789d01bb4d7483b71e1a35bce6a8b

                                        SHA1

                                        de083f2131c9a763c0d1810c97a38732146cffbf

                                        SHA256

                                        e248cef9500ed6e0c9f99d72a2a6a36955a5f0cfc0725748ef25a733cc8282f6

                                        SHA512

                                        357e18ef30430e4b9cc4f2569b9735b1cd12f934c83162e4de78ac29ba9703b63ddb624ccc22afd5a5868f6e9d91a3c64581846abac22e9625f5b2e3d80b3ede

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        c9c4c494f8fba32d95ba2125f00586a3

                                        SHA1

                                        8a600205528aef7953144f1cf6f7a5115e3611de

                                        SHA256

                                        a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

                                        SHA512

                                        9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                        Filesize

                                        152B

                                        MD5

                                        4dc6fc5e708279a3310fe55d9c44743d

                                        SHA1

                                        a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

                                        SHA256

                                        a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

                                        SHA512

                                        5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        288B

                                        MD5

                                        6741deffacb21623191d360f5b7195c0

                                        SHA1

                                        e6bd95448ec782aeb31c8f7c944a130cd4ed450e

                                        SHA256

                                        6cb9f165fb18a5d7aec7300bc41998dc272eb7d547ed80e1eeee3b10d0ae9753

                                        SHA512

                                        80ae49a8679d639bad2eff25e0dfe2d20aa9d4be39014a8cccd61609224a7db223ac1ed3cbfc69e72832d8665f9ac59e269a66e563a06e105c81260ccaeca3a0

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                        Filesize

                                        317B

                                        MD5

                                        afc6cddd7e64d81e52b729d09f227107

                                        SHA1

                                        ad0d3740f4b66de83db8862911c07dc91928d2f6

                                        SHA256

                                        b5e81a7c7d80feaaa10ee7bc8aaef9f21a5c1e4b03b3823ed115022311d674a0

                                        SHA512

                                        844edb69585153c378a7c97709983776fc9303a32fb5ef8122ecca32adfc0b265f5ef7118ee07814da5c020ac7ba1bf2a2f66d46312e4d8e6df99aab2e5f9b2a

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        5KB

                                        MD5

                                        7a4105801afc16f9d24ccd68f748ef80

                                        SHA1

                                        f1740495cec5ff09e3b1b73d407382843f0ddc4e

                                        SHA256

                                        1a6e2608b868f0c5f9d9bbd14328f0c9d6c3594aab4ec6e6a51a498df03c7f23

                                        SHA512

                                        13535490fce9299cffedb8a1d0ef5a72252790a0101e786571fad5112e48892f5967b4cc78ecfb73f509c5e6a2f06f55f3953ad6a90f12ef67bb081c78b12ef7

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        185bf0b43559cd688ac99e820c3487a6

                                        SHA1

                                        727608c8063498e703d6bc5c00edf8f7e3970a78

                                        SHA256

                                        5cc27768e24679bc0d216094bdb7febb289f93bdc53aff3033d20f0d24c1e8c5

                                        SHA512

                                        d4927ceae551fd7376b5b17463846a359d6185e97ece817ad0a04209092f4500502b52fbe2491860ddd8a188210db2e5735e6ad1513cd162cf790b32aac8b830

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                        Filesize

                                        6KB

                                        MD5

                                        a8a066912f385f2fe531d1e3086e44bf

                                        SHA1

                                        7bccb90565c21d5f7efa92e3268c6e80340d8cad

                                        SHA256

                                        b862efd84484f4e53c5e17b225f347169a6963035481b89867943ab877d557ca

                                        SHA512

                                        ed6d242088f9580fbf51c2f0aa14bc8db1ab0b0528ab2927c1981c648a49b18b0cb3bb4551f2427b917798eeaca5dd16d28606171fc8a4516315bdc9790d5bbb

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        46295cac801e5d4857d09837238a6394

                                        SHA1

                                        44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                        SHA256

                                        0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                        SHA512

                                        8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                        Filesize

                                        16B

                                        MD5

                                        206702161f94c5cd39fadd03f4014d98

                                        SHA1

                                        bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                        SHA256

                                        1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                        SHA512

                                        0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        11KB

                                        MD5

                                        71af77e84afba8bafc182f59d03246c9

                                        SHA1

                                        9857a1acd2e251074b963544a82490f8185092c3

                                        SHA256

                                        4cafac38d67ec36e2696bd98beb40695c3755be18463207b806bf81ee4280537

                                        SHA512

                                        033726705ca7fc463ca5466db3d7604d6919e5c12940cc8d8f635976d9fc086228d19cf46b87b8fe295b81241ef3c61cb15af1da9cf74a97034f5082bacfe7f8

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        12KB

                                        MD5

                                        1404ae61a135a5e986562b47e523cf27

                                        SHA1

                                        780d5a8bdc278e8f91eded33d8c28ae417eaeb6d

                                        SHA256

                                        dc689de878fe81b6455210646767f7eab57c302822c9c8155d8d5c9cd496b0de

                                        SHA512

                                        e101866aaf1371c3f4b4edb5141d7dff9171024fadebd8b325f037750065a541512b2fe57af370bccec87e4b563be68349693e31902e327611d0635c7120b879

                                        Download Submit
                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                        Filesize

                                        11KB

                                        MD5

                                        a06740989c139cd0fd9bef5d6a5b1810

                                        SHA1

                                        9e9f2cfa3f3f54ea64292b8e5ab696efd8a70b82

                                        SHA256

                                        b082742f91b0828288f1c62755154ee2c67e4409a3df475b77f88ceb7fd7c5eb

                                        SHA512

                                        6737112316a8397c72abba02c0e1444494787f8017126e5bb948702690ff56f461949b91ad12a50165953fa3b1297eb4e7569721d3cb772202f8f713a279e04e

                                        Download Submit
                                      • C:\Users\Admin\Downloads\Unconfirmed 838940.crdownload
                                        Filesize

                                        202KB

                                        MD5

                                        eed85e92266793c87a6f65748055a650

                                        SHA1

                                        3aefd591917e1d3d62194d376547704f9e342d11

                                        SHA256

                                        1d42bea84a39ae9d447cf9a1d5bf60b040d008f13fc0d3b52fa275e59e14cc36

                                        SHA512

                                        ffe54c15e5f7a26f70bbf042f6fae3c6fd731d5799f09dfb4f4c7fc118f428cc971f558e49724c92575968f1b7c945971fb476f4ca722a03b1414e6566624a02

                                        Download Submit
                                      • \??\pipe\LOCAL\crashpad_1684_JSOBUFLRKXSPZKXC
                                        MD5

                                        d41d8cd98f00b204e9800998ecf8427e

                                        SHA1

                                        da39a3ee5e6b4b0d3255bfef95601890afd80709

                                        SHA256

                                        e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                        SHA512

                                        cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                        Download Submit