Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

5

Static

static

1

URLScan

urlscan

http://datamsupd.com

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/06/2024, 09:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://datamsupd.com

Score
5/10

Malware Config

Signatures

  • Drops file in System32 directory 11 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 19 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://datamsupd.com
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4716
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff912ed46f8,0x7ff912ed4708,0x7ff912ed4718
      2⤵
        PID:4292
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        2⤵
          PID:1620
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:384
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
          2⤵
            PID:1984
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
            2⤵
              PID:2980
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
              2⤵
                PID:2076
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
                2⤵
                  PID:4852
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4788 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2856
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
                  2⤵
                    PID:3384
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
                    2⤵
                      PID:2032
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
                      2⤵
                        PID:3520
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                        2⤵
                          PID:1384
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
                          2⤵
                            PID:1204
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2136 /prefetch:1
                            2⤵
                              PID:1148
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
                              2⤵
                                PID:2176
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
                                2⤵
                                  PID:3696
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                                  2⤵
                                    PID:2260
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
                                    2⤵
                                      PID:2852
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
                                      2⤵
                                        PID:1912
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8464619175588993104,155533745066330853,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6100 /prefetch:2
                                        2⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3352
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:2052
                                      • C:\Windows\System32\CompPkgSrv.exe
                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                        1⤵
                                          PID:3720
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5516e06dh69bbh4e41h81c5h1b2ce464438f
                                          1⤵
                                            PID:5292
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff912ed46f8,0x7ff912ed4708,0x7ff912ed4718
                                              2⤵
                                                PID:5380
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,14416227262616071102,16530687686805759960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1448 /prefetch:2
                                                2⤵
                                                  PID:5612
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,14416227262616071102,16530687686805759960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
                                                  2⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5620
                                              • C:\Windows\System32\rundll32.exe
                                                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                1⤵
                                                  PID:5128
                                                • C:\Windows\system32\mspaint.exe
                                                  "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\ConvertToRename.jpeg" /ForceBootstrapPaint3D
                                                  1⤵
                                                  • Modifies registry class
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:5732
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
                                                  1⤵
                                                  • Drops file in System32 directory
                                                  PID:5792
                                                • C:\Windows\system32\OpenWith.exe
                                                  C:\Windows\system32\OpenWith.exe -Embedding
                                                  1⤵
                                                  • Suspicious behavior: GetForegroundWindowSpam
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:5612
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3620
                                                  • C:\Windows\system32\dashost.exe
                                                    dashost.exe {2b0fc870-a3c1-4ad5-99aeef4936ad7b77}
                                                    2⤵
                                                      PID:5880
                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Pictures\CompareUnlock.gif
                                                    1⤵
                                                    • Modifies Internet Explorer settings
                                                    • Suspicious use of FindShellTrayWindow
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4696
                                                    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                                                      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4696 CREDAT:17410 /prefetch:2
                                                      2⤵
                                                      • Modifies Internet Explorer settings
                                                      • Suspicious use of SetWindowsHookEx
                                                      PID:992
                                                  • C:\Windows\system32\mspaint.exe
                                                    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\ConvertToRename.jpeg" /ForceBootstrapPaint3D
                                                    1⤵
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4784
                                                  • C:\Windows\system32\OpenWith.exe
                                                    C:\Windows\system32\OpenWith.exe -Embedding
                                                    1⤵
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:4488
                                                  • C:\Windows\system32\mspaint.exe
                                                    "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\FormatExit.bmp"
                                                    1⤵
                                                    • Drops file in Windows directory
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:3160

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    56641592f6e69f5f5fb06f2319384490

                                                    SHA1

                                                    6a86be42e2c6d26b7830ad9f4e2627995fd91069

                                                    SHA256

                                                    02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

                                                    SHA512

                                                    c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                    Filesize

                                                    152B

                                                    MD5

                                                    612a6c4247ef652299b376221c984213

                                                    SHA1

                                                    d306f3b16bde39708aa862aee372345feb559750

                                                    SHA256

                                                    9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

                                                    SHA512

                                                    34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    e7eea582782036f220404bfff3ef04fa

                                                    SHA1

                                                    c6008312e41c07a65b7bdd1f322e7540dd931c5f

                                                    SHA256

                                                    57d2a7372cb292ea3c7ea81d77da1a40a7625d9aa46c440cbb16b8d34fb0dfdd

                                                    SHA512

                                                    47bad3ec7cc2120b60c17167bf885de9dc8877c6d366ff1c08384849c73a5f6bd44e12240c799acdd4a2b06039819e02524cf536eb49571d2642c877498d9182

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    5KB

                                                    MD5

                                                    de01309ec9bc68547bdf0073fd022e51

                                                    SHA1

                                                    9c2fa6126cee24d316d02091701088d74c545f2d

                                                    SHA256

                                                    778268af1762dd71805ccbf199a670e54bc7d793039f35854a491bf33d584a6a

                                                    SHA512

                                                    1de717082c87edaca18e2747650590bc9d97c7585e1eb38dc6f63d0535043001505132f712adf5798bcd49e59f598aa390806b85a0b7662d199084aba32c9bdb

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    eed4a9eed65d82419d56f3798684d0fc

                                                    SHA1

                                                    9f7ba1183cdc944ff4d97ba7a46014d80352d531

                                                    SHA256

                                                    44e3ac3c869d8c8aab55442ec467549ee11922f5654a6a4e9c62f0bc6983a318

                                                    SHA512

                                                    f38012c366a3a50e3aec6afc0bd247e4f175b4d9511a5a7921172b0b8be6247071c9451db739b5e0eae70f200b2699789fc686cb4123444038bdd83a09072d6a

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                    Filesize

                                                    6KB

                                                    MD5

                                                    8a105954f695f5db0507eec39e7834fd

                                                    SHA1

                                                    b533a10d109a9cfd511a6ca3bccd529be4310f3a

                                                    SHA256

                                                    f65f997907765874b9385886d8a0e7165ec384577115f955c876b6d12ffe8710

                                                    SHA512

                                                    8a486465a3d7f5f380186b0840ab7a4641c30e698157dc9c38edf67121ca53e3f1f825ae707f3e407a9f9d19b08c2b526c6f99cc0df9e1a6263d37b7d33c9a48

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                    Filesize

                                                    16B

                                                    MD5

                                                    6752a1d65b201c13b62ea44016eb221f

                                                    SHA1

                                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                    SHA256

                                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                    SHA512

                                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    6c73901b534970b0c38fb4dff002c2df

                                                    SHA1

                                                    c5472a2802deded3ee080e5a85780ce8c88ad3be

                                                    SHA256

                                                    0df349300bf8c3ee4dd22a5eb0cd3c3e2226c44090e75ba739f1f6d91c0854e8

                                                    SHA512

                                                    913650a5b44a3e95d0691c1f10a40a7107d6803ef6cc8878a79a35c1ab81b6a1cb9ace9a84d0925a5c00345984efd9e92789592d0133371b2b6550e404994068

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    8KB

                                                    MD5

                                                    3f02a9cfb222f3c36cdd49f3b9b6c3e7

                                                    SHA1

                                                    239852e94f559fa527657b4f8eae99142d4ebbbe

                                                    SHA256

                                                    340ea96345fe8d6f2415e3f97016957c30bf765c5ffe404354334da4af81b07d

                                                    SHA512

                                                    f5874e0602844caff1bf6e2e81005ef19fb7b72fc248a6a73b1dec361ec241113ae3d022767be26004c5c613fdd7c3840dc55f19cf486a01dcbdfb65fc6bbf4b

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    353d6a76ada708d01c65cf3804d71b9b

                                                    SHA1

                                                    308df033e0ebf962949f6bee50aa986b0fd72745

                                                    SHA256

                                                    14db39497777b40b28ce35577c5d56e9291fee119409ec9094331c300e2c2366

                                                    SHA512

                                                    436c0b0cf137f51bb3e1ada416528423fd8d34589d0081feaf337a26e3be11bb6eefdccde4013f4e475c85b7826c2f19ea21d8a30984fe41130bfea4a6658199

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\eb9e4d5f-f64e-438a-b808-e790f65ac627.tmp
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    068019ed2cdda36bf5204f5df2874dcf

                                                    SHA1

                                                    f22eb04d61f3ecf0497fed785f7d0f6609d6d5b5

                                                    SHA256

                                                    8e45a06d6141a133ea282944602f29efff109f2f9aed07d37ba2c92b9aec40e5

                                                    SHA512

                                                    6b92c39cffdce687f0d17bf98b389ed89cfdfb32f49544d38cb2f0a70a752980796c07afafe39cd0692882766a2060d22d5a801ffdb3ac982278a6b7930cfd7b

                                                    Download Submit

                                                  • memory/5792-203-0x0000023465DA0000-0x0000023465DB0000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download

                                                  • memory/5792-199-0x0000023465D60000-0x0000023465D70000-memory.dmp

                                                    Filesize

                                                    64KB

                                                    Download

                                                  • memory/5792-210-0x000002346E060000-0x000002346E061000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/5792-212-0x000002346E0E0000-0x000002346E0E1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/5792-214-0x000002346E0E0000-0x000002346E0E1000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/5792-215-0x000002346E170000-0x000002346E171000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/5792-216-0x000002346E170000-0x000002346E171000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/5792-217-0x000002346E180000-0x000002346E181000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/5792-218-0x000002346E180000-0x000002346E181000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download