hxxps://mega[.]nz/folder/EHdj2KaR#Oq5xXSV6-r-21mPKJxPpGw/folder/cLtzABKR

Analysis

max time kernel
1032s
max time network
1042s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/EHdj2KaR#Oq5xXSV6-r-21mPKJxPpGw/folder/cLtzABKR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{48E911C8-8804-46E7-94D8-A94D93CAC70C}	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5048	Demo.exe
5048	Demo.exe
3516	msedge.exe
3516	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5048	Demo.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 5784	3516	msedge.exe	116
PID 3516 wrote to memory of 5784	3516	msedge.exe	116
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 404	3516	msedge.exe	117
PID 3516 wrote to memory of 4072	3516	msedge.exe	118
PID 3516 wrote to memory of 4072	3516	msedge.exe	118
PID 3516 wrote to memory of 3540	3516	msedge.exe	119
PID 3516 wrote to memory of 3540	3516	msedge.exe	119
PID 3516 wrote to memory of 3540	3516	msedge.exe	119
PID 3516 wrote to memory of 3540	3516	msedge.exe	119
PID 3516 wrote to memory of 3540	3516	msedge.exe	119
PID 3516 wrote to memory of 3540	3516	msedge.exe	119
PID 3516 wrote to memory of 3540	3516	msedge.exe	119
PID 3516 wrote to memory of 3540	3516	msedge.exe	119
PID 3516 wrote to memory of 3540	3516	msedge.exe	119

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/EHdj2KaR#Oq5xXSV6-r-21mPKJxPpGw/folder/cLtzABKR
1⤵
PID:4620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3684 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
1⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4752 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
1⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4976 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4740 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
1⤵
PID:5612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5504 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5144 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5824 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=5480 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:6032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x38c
1⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6248 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:2052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6084 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6632 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6588 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:1
1⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6884 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:5796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=7280 --field-trial-handle=2280,i,1836084024518340990,18250262151825427757,262144 --variations-seed-version /prefetch:8
1⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ffd7c282e98,0x7ffd7c282ea4,0x7ffd7c282eb0
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2280 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2508 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2624 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4428 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4428 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4496 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4676 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4752 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1316 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1048 --field-trial-handle=2284,i,12240578422289560464,18266623671089266310,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3100

C:\Users\Admin\Downloads\Demo Software\Demo Software\Demo.exe
"C:\Users\Admin\Downloads\Demo Software\Demo Software\Demo.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01e3c94dab2f754c992625fba4d112c0

SHA1
a45a4e9fc50667dab0ef3ba62225f5f4b643892c

SHA256
a75c4911aabb81ac09c2d4a2e2e5f7804f95b6a14f229e023e9f3ff0f8d380ba

SHA512
d1196994b53c4da5223a3e688937ab4f49b0d750b1f20bd37ad8a96f626ab42c36a17300e10e1c840f1f69eff66ddfaf56f25c81d22d6396286c3e20ef4293bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e8dba26dbac11592611f94dbe115dced

SHA1
8029ed4ddd6c63d4e95a8e65f53c33ee330bb2e1

SHA256
7884c470a56bad7d3b01638d5ea3f49939d7e8a84d890eed548a7d57a9a20316

SHA512
8725eb5345ad890b7350086f6b69ed34195ab8599e91238881ca6c42f5e7ab17fbaa2e8bb1e41dcafc3e0b5f5ff4327fc7f017b7d29ed20c4a0489365f2af93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
dc6026dcf0af6731810b8126b9cf357d

SHA1
7a6012d3736664300ef7e2ec2417b31df3dbe4a2

SHA256
49012b3223edbe962a9086e254eb79ccbf049fae36ba694f6e0d7bbbf7653834

SHA512
7cd0db7d5e96c8b70175fe1cc8b5c09c816a694d5fdf5c50b4a119a1cd459f6e34c7837f69ddce4add844a86e417ecf95d2a2aff9bf6dab1ee827cc7432648ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
41edd7f41474f0f976a54c43e0dac1cf

SHA1
65c196636be7445f97f19bd03ad0fc1feb7f1eb3

SHA256
46c1b1ab07ff5801c4edf6253802bc0ecd1816b39ac05aca1f76ba583844b65f

SHA512
fd7beb0c9709821ae5e51f7204e89334fb563bd8fc82bfa2b884d623aedbf2260c73f3322998e7b4715ff7d15e5d8beb0eea6b49da8840480831752f024250dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7c1d31e8df56b19dce14018313d38a25

SHA1
2b18b5e021fab4b7b84c5df0d3489df53f44c882

SHA256
e4086489bae38c624776a223820cf4f5ac48822e2c9b48617f6760210824c6df

SHA512
cc8611b29ee550972d5d9ac8759d50595dc766ff650252ade9191ed390c2ec9b65195623507e3d14112e5339bc6221cd2f8a268af349a4a90232b41a4fc6ef9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
6c0e3abcc6c2a56810739f94ee5ba144

SHA1
63935767ba335b30b2f2c1a26a7ecd0ebf5e6dc6

SHA256
8a2c600dc3ed025a93c9d5fdde298b44efa7e96fd701dcfd00c6649db2b5201b

SHA512
e781567f60b4844bd0f33048286aba94084eaccb439ed29ea612e1c2eb322472745e336176468f2c06c6c1e346a9ea73f75e589a44567144ae1fb97955bdb5c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
81KB

MD5
968bd19f38f80964b2a570377405b4c0

SHA1
0e60781f1949cc097d4af079eebc4c5fad21ad5a

SHA256
fdf28e8000079472f0101e910cefedcad09e852884cf590ce9d11c1a9fcb08d0

SHA512
29cf234aea0910083d07fdd4736fa5b24d487af2d494df28cad674b7a5abb0fa9684e0666ece3e2c5964b005370eff7e8bde3d9bcc54c7ff7129722d8e3c75ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
71KB

MD5
bd846bc225b94ec89aafc5102b66ef19

SHA1
90ccdecc7df18149764508dfa1bbf71d36872272

SHA256
6232ff72e0f819a5d3103fbfcb0ba0f140b2437eba946a4c7adde5cfdd47f889

SHA512
ce1547b28ac5cc206f25915399d081f8c19fc488160c315d77de17801574b64b2c2a1f32579786be921644e6ffef159d80d6de8de6fc8dab16495d39107aef76

Download Submit
memory/5048-102-0x0000000000920000-0x0000000000966000-memory.dmp

Filesize
280KB

Download
memory/5048-103-0x00000000059C0000-0x0000000005F64000-memory.dmp

Filesize
5.6MB

Download
memory/5048-104-0x0000000005360000-0x00000000053F2000-memory.dmp

Filesize
584KB

Download
memory/5048-105-0x0000000006730000-0x000000000673A000-memory.dmp

Filesize
40KB

Download