d5a200c34505465d309415de2c0b78b3f7e15e0d07583412eca72e7685ab28c9

Analysis

max time kernel
551s
max time network
550s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Techsmith Snagit Hook/version.dll
Size

3.2MB
MD5

e32b1f323bf7a3a5c5eb0a2db0b82997
SHA1

e2a8ef2f9ad9a8383491c7d028c5efd6f040e39a
SHA256

b265f9a80ae5f265fcf008f2e8f9152023764beb02a8bd4d60573f532c25a161
SHA512

dcd3db19ff00ecd2b95791b115f24d63bc44694cc08002762cdb9e2f2f1324e7876e1855dbd777174a58a6e3bd14df344d4831d35382fcdb104a59a1b0804bbc
SSDEEP

49152:DMfqbkbDIRKbsjW2IOmyee1db/eeWyf37vEsbkvRLcy3uDN5MGTMfHMw:DMEkb8R8sRn1dbyyPrhbCRLMJoE

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

rundll32.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ rundll32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	rundll32.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

rundll32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	rundll32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	rundll32.exe

Themida packer 6 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral3/memory/4908-0-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp	themida
behavioral3/memory/4908-4-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp	themida
behavioral3/memory/4908-5-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp	themida
behavioral3/memory/4908-3-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp	themida
behavioral3/memory/4908-2-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp	themida
behavioral3/memory/4908-8-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

rundll32.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

rundll32.exe

pid process

4908 rundll32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

pid	process
4908	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2952	msedge.exe
2952	msedge.exe
2680	msedge.exe
2680	msedge.exe
324	identity_helper.exe
324	identity_helper.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe
2528	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

2680 msedge.exe
2680 msedge.exe
2680 msedge.exe
2680 msedge.exe
2680 msedge.exe
2680 msedge.exe
2680 msedge.exe
2680 msedge.exe
2680 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe
2680	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2680 wrote to memory of 4744	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4744	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4128	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 2952	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 2952	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe
PID 2680 wrote to memory of 4360	2680	msedge.exe	msedge.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Techsmith Snagit Hook\version.dll",#1
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc413046f8,0x7ffc41304708,0x7ffc41304718
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15940022842939679607,5340792455208814111,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3188 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
cddb24aa87492cd8c905d3adf89163b7

SHA1
d0f59043c2147221306baf7511e771a93c3648b4

SHA256
6b1b9544f3135041317bf05839bcb437eeb2a445459af05e286922ec96181bcb

SHA512
44b98465e240efb7445e7edd900bebb9590fd7b60b58576822c061fb8fc9900a7b5662a0c39240beee9a41ef45b0e7451dee04935032580359df8ba134b3801b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
338B

MD5
be317c7ccc52142dd6ec2122ca54c6aa

SHA1
e7d23a638f069bd2a4907a988178e94208c0d07c

SHA256
98618aef3386db126a9f3bcbccb7738cb35d986a8fe333c76b1fbe90fb3ced29

SHA512
50c392033b91087a14ba1664b3387563e3cef3dc7e1c7ac8925e09c0de96af5b6cedf27df9844e5a510b19208b55a2ea5d37af6db17beaccee902fee0c8d9a87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a21b626c9f126bb2cfc9c0c49046da56

SHA1
36105f47fa068713c90b486c8154791c6968ec7d

SHA256
514f1c99c55642edcff4ea993bb9236c4c4eabfdc2d9c93660b634452dd15f86

SHA512
4707fe834e47178a9d1b0c712dacc17c3f8a120d0539723c28b67bb15fc007f9f47cd1459e1ebd2570f704da9c3eac3db81594df89e0019a982991afd385ea03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e7aa76c440c55217c7b8fffb49fbfe5

SHA1
3e8b66faed423c55caa990e7f13fabfdcd30b960

SHA256
1950f7f6b93a5c9e6e7cf45b6dcfb794cf77ef2c7f007e6a47c47a226b5b3819

SHA512
5abc575b804c9f78d0210b16c364d57634602c25b6acc5e6cef4fa39de3b83124fc13078b56b76b92676047206ec694f5729f4a169bb6dc0818536a3d4f244e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
24986ad6e5e5b0adcb2a8edd14944c18

SHA1
891a7ebcb2928cae03912b7c37a6eacca5d54ac7

SHA256
666af976cd218994a1032c9112098a5dd17bc48cf3590773dd04a4277527c431

SHA512
28729f14f19e9f9f849f74f631034efb20a0acfedf14b83bfeed4a1b8581efba65735f0537e8a61fa6bddee8638a854b0402e03f60760eaac28231b492648ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0535703a90d9845f439267eb5f2226b9

SHA1
60a52a5018d357000eee7d4fe7d9a16485a4da57

SHA256
29f9ff167606342dff268e9d3d89a86b9d4cc01ca5e646e636de456c9b3f09bf

SHA512
8d6fab00ff8a283ac720b1bb39b30dfa2b975638e50b4d7dfacc41615fcdad56270cfe826d1699cf19c453c13e68de79d27acb9e643284f79c422368c3fc4430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad8e18809d155bc0ccd08fa34ee6b0d0

SHA1
f93abc177c52b0f0ba9204326f3a20c0256b0b60

SHA256
1d1205b2f2c171dc286936a11d4d88923220b0f38c00f1ba941ce0c651a6fbae

SHA512
2ad02bed1c452ac3238d423e31755d0f17a917563c136130306b6c798de25f8ddd63370f083fb47f4c8f06edd5e4e8fe9b2981594588555b06b179c987c49774

Download Submit
\??\pipe\LOCAL\crashpad_2680_CVZHHXMZRGNBVLMI

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4908-5-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp

Filesize
7.7MB

Download
memory/4908-3-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp

Filesize
7.7MB

Download
memory/4908-2-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp

Filesize
7.7MB

Download
memory/4908-1-0x00007FFC5ECF0000-0x00007FFC5ECF2000-memory.dmp

Filesize
8KB

Download
memory/4908-8-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp

Filesize
7.7MB

Download
memory/4908-7-0x00007FFC5EC50000-0x00007FFC5EE45000-memory.dmp

Filesize
2.0MB

Download
memory/4908-4-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp

Filesize
7.7MB

Download
memory/4908-0-0x00007FFC40EF0000-0x00007FFC4169E000-memory.dmp

Filesize
7.7MB

Download