Overview

overview

10

Static

static

10

KEIN VIRUS.exe

windows10-2004-x64

Analysis

  • max time kernel
    231s
  • max time network
    232s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-05-2024 17:49

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    KEIN VIRUS.exe

  • Size

    78KB

  • MD5

    9f8a43b5ca89a37ac0835c0911f0358e

  • SHA1

    a24e7cecf2e998b6a74a4cbf560dbf97d443b4e2

  • SHA256

    c99c61b9dcbd3ce7fc8596627afa3ed4dfc62c8769cc3e1f7e2296908012ac7b

  • SHA512

    9918fecf89442fb315747dfff40e2a40905fcbd9a4806a29eff14ed88fa4ca47c71efebe813af71fdd295383d6c4e7c281a146e376b4abd0cc0549aebcc4d640

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+pPIC:5Zv5PDwbjNrmAE+ZIC

Score
10/10
discordratpersistenceransomwareratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIzODIxODI5OTI0NjkwNzQ0Mw.GM_DE9.sCwhiQT-xwZE1RaUtI6kAXfQioIKUFeb-kbyGA

  • server_id

    1241809630498259105

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Downloads MZ/PE file
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\KEIN VIRUS.exe
    "C:\Users\Admin\AppData\Local\Temp\KEIN VIRUS.exe"
    1⤵
    • Sets desktop wallpaper using registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3192
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4800
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd37346f8,0x7ffbd3734708,0x7ffbd3734718
        3⤵
          PID:2624
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
          3⤵
            PID:1164
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3228
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
            3⤵
              PID:676
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
              3⤵
                PID:4936
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
                3⤵
                  PID:1624
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
                  3⤵
                    PID:1036
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
                    3⤵
                      PID:3964
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4984 /prefetch:8
                      3⤵
                        PID:1908
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5228 /prefetch:8
                        3⤵
                          PID:4236
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
                          3⤵
                            PID:4588
                          • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:348
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
                            3⤵
                              PID:452
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
                              3⤵
                                PID:4804
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
                                3⤵
                                  PID:4272
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18220468676688496721,14000144001212359859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
                                  3⤵
                                    PID:1276
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:4720
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4052
                                  • C:\Windows\system32\AUDIODG.EXE
                                    C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4c8
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    PID:4284
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4320

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      b2a1398f937474c51a48b347387ee36a

                                      SHA1

                                      922a8567f09e68a04233e84e5919043034635949

                                      SHA256

                                      2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

                                      SHA512

                                      4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      1ac52e2503cc26baee4322f02f5b8d9c

                                      SHA1

                                      38e0cee911f5f2a24888a64780ffdf6fa72207c8

                                      SHA256

                                      f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

                                      SHA512

                                      7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      456B

                                      MD5

                                      084066fdebc8762a978115f15863cd1c

                                      SHA1

                                      0b7ea41653a48450359b3e49329a98cc344a0d6b

                                      SHA256

                                      cba07938ae547ff54a836567d3e9b4e722c2fba5f0896bc205246114d1842926

                                      SHA512

                                      0231ce1903abf77750122ce7be90b4f0a054d9062b50f0bcc9b0f0c33fb9d570a7a206d5f3c0a3e8bcdcd380663f54b82aec4ca5a5791883651cebdea3dd764d

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      67782b8067b602dfa93f3ebe9942508c

                                      SHA1

                                      51bc12772b50d1be5ec14906932b50225b4e4309

                                      SHA256

                                      54efe81e01e5cddb1e46fedad69bd8ae0f9c019c84676c9ef99fdd203d73e51a

                                      SHA512

                                      2e51c2f56a76282ff2471766137d27fdf8f7aac22c25608f56d6049a859e475db1b42ccb4c591780ef41c67f5355ea8052d31d6d0a84861446153673a1b02f74

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      4c63e5b300837c4dc3e4fbc1ea38a33c

                                      SHA1

                                      9362ee432209bffc1c8aec8f34c86dda47e8a6b8

                                      SHA256

                                      b7b5adf925e9d630c4f8dd13e064a9c29a75e8d9fe3a8d3469401fcb6430f2bb

                                      SHA512

                                      876f65329248fb903933e29320d3b9b0737d2dcd6e8177b3b62b77fc320897940ae97abd5c089ec6fe3f44e856c8641d278c4db32b169474861d41ce83da1131

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dcf2bf78-7574-4627-8edc-86934d812424\index-dir\the-real-index
                                      Filesize

                                      2KB

                                      MD5

                                      355538aecfe0df4834f0bff5065f832e

                                      SHA1

                                      8d7fb9809b0e253f1d7efb38a6df274de6c67c70

                                      SHA256

                                      f1b8746a000bbcd7449bcc8bf998b6237f6f270693029db11f308899c426b545

                                      SHA512

                                      d8481b3ad1f60227611a0ab4e80b661357194a7a0b7612d5d8e579fdf2b3c4c83ed41711c6a12c3a780f7c7998069516a77d367a7fe483faeb3e671ec34dcf30

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\dcf2bf78-7574-4627-8edc-86934d812424\index-dir\the-real-index~RFe5ac843.TMP
                                      Filesize

                                      48B

                                      MD5

                                      c600cddb1a30a1d03ce788d87cdabfdb

                                      SHA1

                                      42223fcaa4f887436ded42a0915f549c7df7861f

                                      SHA256

                                      f43b79003d3d4344404ed586a52aa678639f9d530b3e68c2c48f4ef6c40e1363

                                      SHA512

                                      d06d1138c9e33a2f53b162a42d3b4094dbe31e08139661e2642b91d58128723f2a1f85f4b956f67688fb30d1c82a2922bb4fbc15d18dfc98360d20ca58469190

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      89B

                                      MD5

                                      517dfb7c5a395328bbd96c60340539dd

                                      SHA1

                                      e0fb95259f8056f45ae3fadd2745a58e224d67bf

                                      SHA256

                                      6ed4bcb5b768a53314196a0917a406ef6f1204f07c2c1383b01b61af364a3d7e

                                      SHA512

                                      77b80e33350c0da0b8bf88f81cae7f1fc470da590b69a4b243415b096987ec0a7f7074beb0732d6fabb9c17d05225c7db03f58d23117c95936e372d7323852be

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      146B

                                      MD5

                                      858315e0cc69fb8f5535aa2d145c3c54

                                      SHA1

                                      ea11d66595d4fafbbc4763e83f3b8794cfceae40

                                      SHA256

                                      697be09ab22b3f52865914dee8cd4161fe9a028a279b61fce6623f1fedbe110d

                                      SHA512

                                      cbfc158b5fe45b13740a80ea4769ff38dc170545cdc51e27b8c5e5ee7a333d0c933d347a5bf4704d30ce1aeda699c1b92a22ddcfc0206225073645e13d64d94c

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                      Filesize

                                      82B

                                      MD5

                                      5c09100389d61d730f8c92507aac5b35

                                      SHA1

                                      2f3925b2178f00d3678259c885eb6a3187c942d6

                                      SHA256

                                      42317e951afdd8d2b6632bcb704437dd1409a491c739c3f083ff86993b294bd7

                                      SHA512

                                      0a2f5e63a409bb93cd6bed001608cf32b5e00a65ab6081ab27f982a071991ed93f631147b3dfe18a0a11576489e14df1ebb0ba927f40c3f01fc4d9e492e1aae4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp
                                      Filesize

                                      84B

                                      MD5

                                      4779c10e54971ab27f098280dbd4c498

                                      SHA1

                                      6846b19d56cbe41996d82c36935e212c017cc29c

                                      SHA256

                                      f68fd700e8de8f5a361b43b0b91c591a3ba7c867eedf415a0442502ac37b80e2

                                      SHA512

                                      f18111149f6e6a955bec05761e8a1a85d5c18692c9e915280485e8bea2962979d85cfa1559e056dfb5cd5f20679d95a51a7fb2020009d3898873a1ac354fcefc

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      8f100e7725fdfbee697a52c90c45f671

                                      SHA1

                                      023e7479fbe4765b73674309016323fcc844e8f9

                                      SHA256

                                      7027ce073185284648ab7b7d74836d0599a6ee86b52eddc5c8f11bc791ad6bb9

                                      SHA512

                                      f17d6fe942bb6e66b641ff306f2664b25aef5f456d59655fdf55ef916f600ebf348e7d7eb59d93f7befa56ed6fec030fac253e0396223460fe980da3c9c41ae8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ac390.TMP
                                      Filesize

                                      48B

                                      MD5

                                      a1ccf57d083cc4b06d9f3af98f792d24

                                      SHA1

                                      aa64a651ee1348f5a45b252dfcb9becdfc8803a4

                                      SHA256

                                      1500a534e24ede51fc02dfda337d5377f959f680c24b26e22bfc3ceb86d4f857

                                      SHA512

                                      4fd359538df210bdfd57c9d51004593b42eacfdc4740d41fc2630a6161d57f1f910b8699da359c63583333213faeb7a9631ff6e09e2ef7fda3b60bc0ca3582e8

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      29771a27996f569ac02ed555c90679b6

                                      SHA1

                                      f2cff1fcb00d3a86a4abfa88e274e9445e8e27b0

                                      SHA256

                                      82d371d2418ae00785187a84c6e34c438d6439a3bb3726faa86d63992a18cbeb

                                      SHA512

                                      36ad3116b0b2fab8dc0f43abcd187ffde274b092eee81bc61714b8f05c5769532b9c2a5f0e806be9e53629ce2032e35dbb81c5f86c7b49bd6421d858e02c6732

                                      Download Submit

                                    • memory/3192-10-0x00000213BE500000-0x00000213BE51E000-memory.dmp

                                      Filesize

                                      120KB

                                      Download

                                    • memory/3192-1-0x00007FFBD7163000-0x00007FFBD7165000-memory.dmp

                                      Filesize

                                      8KB

                                      Download

                                    • memory/3192-9-0x00000213BE0F0000-0x00000213BE102000-memory.dmp

                                      Filesize

                                      72KB

                                      Download

                                    • memory/3192-8-0x00000213C0620000-0x00000213C0696000-memory.dmp

                                      Filesize

                                      472KB

                                      Download

                                    • memory/3192-5-0x00007FFBD7160000-0x00007FFBD7C21000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/3192-4-0x00000213BE920000-0x00000213BEE48000-memory.dmp

                                      Filesize

                                      5.2MB

                                      Download

                                    • memory/3192-3-0x00007FFBD7160000-0x00007FFBD7C21000-memory.dmp

                                      Filesize

                                      10.8MB

                                      Download

                                    • memory/3192-2-0x00000213BE120000-0x00000213BE2E2000-memory.dmp

                                      Filesize

                                      1.8MB

                                      Download

                                    • memory/3192-0-0x00000213A3AF0000-0x00000213A3B08000-memory.dmp

                                      Filesize

                                      96KB

                                      Download