hxxps://www[.]bing[.]com/ck/a?!&&p=0093ad211d8c3281JmltdHM9MTcxNzAyNzIwMCZpZ3VpZD0xN2ViZjg1MS02ZGQxLTY4NTAtMjU1OC1lYzQ0NmMwNzY5NzcmaW5zaWQ9NTQwNg&ptn=3&ver=2&hsh=3&fclid=17ebf851-6dd1-6850-2558-ec446c076977&psq=gta+5+free+download+laptop&u=a1aHR0cHM6Ly93d3cucGNxdWVzdC5jb20vZ3RhLTUtZnJlZS1kb3dubG9hZC1mb3ItcGMtcGxheS1ncmFuZC10aGVmdC1hdXRvLW9uLXBjLw&ntb=1

Analysis

max time kernel
240s
max time network
300s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 18:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.bing.com/ck/a?!&&p=0093ad211d8c3281JmltdHM9MTcxNzAyNzIwMCZpZ3VpZD0xN2ViZjg1MS02ZGQxLTY4NTAtMjU1OC1lYzQ0NmMwNzY5NzcmaW5zaWQ9NTQwNg&ptn=3&ver=2&hsh=3&fclid=17ebf851-6dd1-6850-2558-ec446c076977&psq=gta+5+free+download+laptop&u=a1aHR0cHM6Ly93d3cucGNxdWVzdC5jb20vZ3RhLTUtZnJlZS1kb3dubG9hZC1mb3ItcGMtcGxheS1ncmFuZC10aGVmdC1hdXRvLW9uLXBjLw&ntb=1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-540404634-651139247-2967210625-1000\{EB92C9CD-98F7-4ED5-B614-2EDB40BF84D2}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1392	msedge.exe
1392	msedge.exe
4004	msedge.exe
4004	msedge.exe
4460	identity_helper.exe
4460	identity_helper.exe
5560	msedge.exe
5560	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5148	svchost.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe
4004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4004 wrote to memory of 1584	4004	msedge.exe	82
PID 4004 wrote to memory of 1584	4004	msedge.exe	82
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 2584	4004	msedge.exe	83
PID 4004 wrote to memory of 1392	4004	msedge.exe	84
PID 4004 wrote to memory of 1392	4004	msedge.exe	84
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85
PID 4004 wrote to memory of 2252	4004	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=0093ad211d8c3281JmltdHM9MTcxNzAyNzIwMCZpZ3VpZD0xN2ViZjg1MS02ZGQxLTY4NTAtMjU1OC1lYzQ0NmMwNzY5NzcmaW5zaWQ9NTQwNg&ptn=3&ver=2&hsh=3&fclid=17ebf851-6dd1-6850-2558-ec446c076977&psq=gta+5+free+download+laptop&u=a1aHR0cHM6Ly93d3cucGNxdWVzdC5jb20vZ3RhLTUtZnJlZS1kb3dubG9hZC1mb3ItcGMtcGxheS1ncmFuZC10aGVmdC1hdXRvLW9uLXBjLw&ntb=1
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6fe746f8,0x7ffd6fe74708,0x7ffd6fe74718
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6676 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,7769718324508334870,10727171678265047734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3248

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
62KB

MD5
d595aeedb6ab5955252895140cd33b2d

SHA1
54ec38264ca7194d6df71d5a5fe4b7dd5b4b5130

SHA256
94449a2e74b33178a00cbd79505d9251a0fcdff8ee1a0ac24352a6779ca34fb6

SHA512
439d8d57c0e938f28804e4500f6549569090b7e52c9d4048ac8ac266e7732669eeb017b7a32ba027abd590ebd39658a443baefe3a125f28fc5ad00176efa7bab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
29438e89f56125f448a9b07971508944

SHA1
a5f2fb5099600316c8e198eb2ed49d81c30858e0

SHA256
326f07dc97ae036992cf5533e5c1a7d9a0ac3fc9e7dfefa20e96131de7ca0dd1

SHA512
5c0bab1b8e5723a23b00c5bc44ee6f547c933f67fedd454623593d742788c37965a5f2b4e327d828beee6f85d8abccb1f45801104e692c75f1c379b38c5df637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a410bcad366b34ac66995d3c64e05516

SHA1
16a52395f9ba5f3e15781bd1c1b630b51f0deeab

SHA256
1742abf278c1b902b340cbfb8faec43128f4405a4661d2b9ff8cada387772eb9

SHA512
04773ebabd17bdf4e3c1639caf8c02b6cbfa988eaf1338964b3ff3ba3a5b818752c272fc077a356d70ab61e5c179a3c749cbd46446ff14e6532f756271d078ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0851a145902767823f958ee8aee49162

SHA1
ac478e5fa286cc002aa18092482da3e37abbc679

SHA256
9d2d928ae1feb08ceec250aba89486f97c01d6213b6cdef6b12686aa82389955

SHA512
3da3a64508a16fca19ae7d010df0ebc6fb2d4a2accf5284634f1cd57765732391e6ca97c1e91d9ba9da92525ca2925fed71f87ec12f07f1cefeb723c6a84633e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
79b87b26432d5f1f9c889f8103acf42b

SHA1
13301f3ef89855239af0a4762533e4a58ecb3218

SHA256
06f7868e04d519f5c206612949bd55cf50cf8b05dd79acbfac6adbdb8e505ab6

SHA512
bd20156b90f8b8531f4b1b8b72f75a03770abca7d4e4953ac66ea8874dd95c1320c4029df31dd1b55ee20a539bb954ec211e6ede651e84ab9fb1302020361cd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
29d6f6aadc21274a10e51ae56b79cf26

SHA1
2edf29d1cfab9fb3ae52ceb9df34e9d2cf92fb7b

SHA256
d9ebc74b49b242cc9ac9d9919afc9dab72507ce84044fbc6f172229af8a94d85

SHA512
a31710332d9773f47c93c9e630f382d898280417d87af069681b7542660af0fd7a1f0c11fe5630f4434e62bb135c73aec0c58484209da307206f16ab1dff1c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
28b3bb268d8576c06f57f30ce7635a8b

SHA1
e565ff4ce5b12a50192901d583022c9134dcda3f

SHA256
17f27656179cd5e1cbde29aea71593de50a0812f953c9b76fe2031e29cb971b1

SHA512
f9d577f09ba2cc16f2291c5a4e5c288eb7d121bf4d472f8e6c17003cddd1243f24c3e84e848bb5269672c39036d5c8456df49c2516ff552cb4eaecc5e45ed0b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
876bdcf93bb09cad84fd05dcd126a271

SHA1
0381f8eece3115491ddca03db3180ac6b5706b4f

SHA256
68ba22d1986472d7f61cc9f745e9b8e489aa75cb71dafd3dc353b0ddfbd3d5b0

SHA512
efea439a0013b7fafed5938d31f77abb9fe6fba6490f95b9e4eb81c48edbac1f2753b05e38e595f9025f81989e2f00e1babbb7b34998fa8879ba9ec74bb590b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cee9.TMP

Filesize
872B

MD5
1619dca5688e96f6b6a3e10dd6cf040b

SHA1
d2caa08b905cc180bee5a413c202c9edf465b4c4

SHA256
62f680ca2bb1b8ede82933671d5b36384b61ac3ce09cf06b40d03f3d50d7138b

SHA512
ab7f92c9d625ade720172beff262dd96deb50481bef9aa4dde55b1286155e242380a0d501935e652df8741b805b5acd32358bbf2b350855710740f25db3ac281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a0ffbbafe15a44f03f71f1ceb3f61e36

SHA1
5ab38bfaa07da6dd051a196d484a3b1b9a663c33

SHA256
54ff2489721676400507b63737f14dc9c0827a6e67c8db584dd4c567f258a2d6

SHA512
cb91a9703fc644a040df77ea9b35fcdf85e2daf25b2806e9a031ae149996c52db659df9ce5eade15f87b9deca43ef9c81ca1696ff2a064b8d600c91f337cb98b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1d0546117c1fcaf65ac92fc83d5aa578

SHA1
f18fbdff514e0cdf4746e87ba62e7c3fef7e65d0

SHA256
018f0544c58a11ed0ddfa8cd5ee8f4c58b4b0537b3f9be7d29499862bf55e83f

SHA512
f0f6a59c325c24b93ce5fd209a013fb3658b63897907c2d6eff5d8e6ac9619ad513e4ee8345beaf778c187a8ee7d748fdbfeb298f8497b6384a438966e38fc9b

Download Submit
memory/5148-328-0x000002AC45940000-0x000002AC45950000-memory.dmp

Filesize
64KB

Download
memory/5148-344-0x000002AC45A40000-0x000002AC45A50000-memory.dmp

Filesize
64KB

Download
memory/5148-360-0x000002AC4DDA0000-0x000002AC4DDA1000-memory.dmp

Filesize
4KB

Download
memory/5148-364-0x000002AC4DEE0000-0x000002AC4DEE1000-memory.dmp

Filesize
4KB

Download
memory/5148-363-0x000002AC4DDD0000-0x000002AC4DDD1000-memory.dmp

Filesize
4KB

Download
memory/5148-362-0x000002AC4DDD0000-0x000002AC4DDD1000-memory.dmp

Filesize
4KB

Download