Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

7

updated_ex....0.dll

windows7-x64

1

updated_ex....0.dll

windows10-2004-x64

1

updated_ex...g4.exe

windows7-x64

9

updated_ex...g4.exe

windows10-2004-x64

9

Resubmissions

26/06/2024, 00:05

240626-adg5asvckn 7

26/06/2024, 00:03

240626-ab6d4svblr 9

Analysis

  • max time kernel
    500s
  • max time network
    592s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/06/2024, 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    updated_executor/updated executor/new8dh4h4g4.exe

  • Size

    3.2MB

  • MD5

    16c6223445656672a11d8caa3fe5b501

  • SHA1

    9f5f3a0c19f55eb9096849f8cc28a72c68384b4e

  • SHA256

    e788e5d436739b8e4250b049aac61baf7c37710683c59f1c9203bfc1ba6e9c54

  • SHA512

    657412ad28ae1e5256705a6ca6d40d5b3a28d91332521154b55d42c56e946a65e77ac8d7b4def2256718ff5b9ca71a111f47ec074a7bf7a6fb9fc0ee3b68c40a

  • SSDEEP

    49152:cKoECNaxzUgP6yZMcCSIxIGMCgbRahL45jMyhf7nhNkEf/TJs7Swhmz+ODytrogz:GEBxzfPhecyaG7gbBjlbkEa7Sw2nOtv

Score
9/10
evasionthemidatrojan

Malware Config

Signatures

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Themida packer 3 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 58 IoCs
  • Suspicious behavior: EnumeratesProcesses 13 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 32 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\updated_executor\updated executor\new8dh4h4g4.exe
    "C:\Users\Admin\AppData\Local\Temp\updated_executor\updated executor\new8dh4h4g4.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious behavior: RenamesItself
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4840
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c start https://www.youtube.com/watch?v=Lv6zuJCMiTY&ab_channel=CocainaFivem
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2792
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=Lv6zuJCMiTY
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:528
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d88f46f8,0x7ff9d88f4708,0x7ff9d88f4718
          4⤵
            PID:2256
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
            4⤵
              PID:864
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4944
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
              4⤵
                PID:760
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
                4⤵
                  PID:4384
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
                  4⤵
                    PID:4060
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
                    4⤵
                      PID:4000
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                      4⤵
                        PID:4004
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
                        4⤵
                          PID:2008
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4748 /prefetch:8
                          4⤵
                            PID:3648
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5504 /prefetch:8
                            4⤵
                            • Modifies registry class
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2356
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
                            4⤵
                              PID:1816
                            • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
                              4⤵
                                PID:3240
                              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6188 /prefetch:8
                                4⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1716
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                                4⤵
                                  PID:3452
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
                                  4⤵
                                    PID:3900
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
                                    4⤵
                                      PID:5716
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
                                      4⤵
                                        PID:5724
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17604262191228317316,5062979924574163163,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6380 /prefetch:2
                                        4⤵
                                        • Suspicious behavior: EnumeratesProcesses
                                        PID:3488
                                  • C:\Windows\system32\cmd.exe
                                    C:\Windows\system32\cmd.exe /c start https://discord.gg/8ySfCmk7G7
                                    2⤵
                                      PID:3020
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/8ySfCmk7G7
                                        3⤵
                                          PID:2108
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d88f46f8,0x7ff9d88f4708,0x7ff9d88f4718
                                            4⤵
                                              PID:1396
                                        • C:\Windows\system32\cmd.exe
                                          C:\Windows\system32\cmd.exe /c cls
                                          2⤵
                                            PID:3732
                                        • C:\Windows\System32\CompPkgSrv.exe
                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                          1⤵
                                            PID:2016
                                          • C:\Windows\System32\CompPkgSrv.exe
                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                            1⤵
                                              PID:3080
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:3092
                                              • C:\Windows\system32\AUDIODG.EXE
                                                C:\Windows\system32\AUDIODG.EXE 0x2ec 0x32c
                                                1⤵
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:3540

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                81e892ca5c5683efdf9135fe0f2adb15

                                                SHA1

                                                39159b30226d98a465ece1da28dc87088b20ecad

                                                SHA256

                                                830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                                                SHA512

                                                c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                56067634f68231081c4bd5bdbfcc202f

                                                SHA1

                                                5582776da6ffc75bb0973840fc3d15598bc09eb1

                                                SHA256

                                                8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                                                SHA512

                                                c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                Filesize

                                                1KB

                                                MD5

                                                c4d888db7fefa4a4216b648d6d7764f3

                                                SHA1

                                                afbff56e912c2655f7c0ccdfda9d2ebe38da58b7

                                                SHA256

                                                d9b74a28bedd2df599c8a2b83e1f45e2d8cde7c352613bc8209c0a8c0fa41d7c

                                                SHA512

                                                1c56dadeb8c71df0ee65aa2c4f223edad3dac99e9c206df8c3876b2c13c2b4fa981d7b403d81d35fd93073a5ce782ae0c97a985edf1fb75b0c17ed4e7e411cc3

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                Filesize

                                                3KB

                                                MD5

                                                4bf895ca2bed4261e8ec296183dd22f1

                                                SHA1

                                                5fc15ee04dc0c53ffcbbfafc265ba12de8227d4d

                                                SHA256

                                                404ee78593c494d0b4f4d8d97c377f05f45ed84bdf3458bcf9af63758433d67f

                                                SHA512

                                                da807f96d6194609521f3244e93d6acaa5ea8d25e5ee737c191e34112e7cded137e2543cf86409dcdc8f12ed1af2950b5a78d8d9fcc4d25b5564ab4cfded7dc9

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                Filesize

                                                3KB

                                                MD5

                                                4d5b2c889ec971c752b4d5be61f5f0fa

                                                SHA1

                                                e50b6362e5c8acf466a0d0dec60ef672301143c7

                                                SHA256

                                                cda3e9d7a4fac67ffe6d26419500d532c17919a71f58e0088d033b3a46fa9fcd

                                                SHA512

                                                69620b917bcab489fae00487bf4ccd9e3fd698bba2ba51e2efa0bb7bf054071fcdc40c9dae904f33ba227302bc34c059b20905756884f831cbd53998c0612c13

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                Filesize

                                                3KB

                                                MD5

                                                1cb2809c44544f4454a2f346ce2c8d44

                                                SHA1

                                                4e90fc9e93ed469532ddf722b1251fa413867ddc

                                                SHA256

                                                f682da084e1662bc11042d3976c4741165308f33c8affb79983f544ff9905fef

                                                SHA512

                                                c463a234d74d16f2f3c910a0da54023c576b0430bb6080680baeaf02de7eb3a155a881f4d3b478578f92d083e6f783a2b9d6218ed0463925b1ad86156cbd801b

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                5KB

                                                MD5

                                                f7971696d8b24733a82c98ec06e71c3a

                                                SHA1

                                                eff5a403e99fd38ba4c2824cbbbe2ceebe908348

                                                SHA256

                                                adfda69f2c260782315900404d014a0d561835d990963d0c442ca7dbb90e9d4b

                                                SHA512

                                                79cd9afd57b3ccf68ac5b1e1e45c253effcd9f6bfdf52a7dc7eee09974df1e4cbad5bb53f22d87eb78eafe55aa1bd6e4f3e351b7574b8bf9d1eee80a6a6885f7

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                6KB

                                                MD5

                                                55645fc04f7e298b8d79a224621bab3a

                                                SHA1

                                                4873b2569bd6336f25aaaed6ab55ebd365ee4335

                                                SHA256

                                                00c6f56cf4b76b696f37de099041a7794b2c1fe52ee548c7366a1dbf2d3fb770

                                                SHA512

                                                7deb4abcba972ee7d09fdac042ecb34788be1ded7a2037786cda2c4ab6cbb4d80e18208d5c36c452a3b6380177fa265cfdea7f83de0085089fa1ce3819f829af

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                6KB

                                                MD5

                                                852d4b30ebfa8858d183544cb89814c6

                                                SHA1

                                                cc5e0a5f91b61ce1c17593ea82d87518c96f21d8

                                                SHA256

                                                09ceca80817d6b85da0cb0c96c32da28592ade4cd3ed260536f961694a1b7329

                                                SHA512

                                                cd2eb89044461147526afee91ca8e590af7f730bf7a02acef14b26bc67e5ee256a9523b6379f5a4af50173a0af1fff1cfebb184fc2aa8f25eab94b7b6bf6466e

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7aa83990-a2fe-471d-a958-9e5c0eacf104\index-dir\the-real-index
                                                Filesize

                                                2KB

                                                MD5

                                                30131c415377e73472939e16db1d19d1

                                                SHA1

                                                559ffe3b984c74432a982c0b1912fcfc04f61cd2

                                                SHA256

                                                e4e0df6caf50fe08496294a1c68f62f9ba6d234a0c684f9533e4ef630d3fe1f4

                                                SHA512

                                                c1c8b3c7be27e63a3ec403220a2622e5ed14f19cb73d15f7abe36b85096e88b0b554b57aab8c2c8eb866db316e36ec39de52794c8dc791d251885e1352f7f53a

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7aa83990-a2fe-471d-a958-9e5c0eacf104\index-dir\the-real-index~RFe582362.TMP
                                                Filesize

                                                48B

                                                MD5

                                                80bf053ea343c33036d7637e5ad91c7c

                                                SHA1

                                                70a2e29c111278892ce189e972033e2828b91797

                                                SHA256

                                                d2357131c4815d9afa6e7cb40178863419269d592a77a219588da480933c9b3b

                                                SHA512

                                                a08e45d9118ce69bf2d598cff207a40c3f2a57024ed85ea17ad4a600e251effe4e066692b893ba322048adf4b82da004f969a9f89af774d7e10598a6315a3ec7

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                Filesize

                                                84B

                                                MD5

                                                45ece3aaf5f11dd6c37f6b65a540c3aa

                                                SHA1

                                                8737563bc2beb6dd7059b42eb1bb03b9b7f86adb

                                                SHA256

                                                5769aa3fea92ea30e2fa7b9e3a049b8134b3c62c4bafb44e87203b7d19df9122

                                                SHA512

                                                06c06e164072697bf558024bf754c9ca4993134d0b82c8b08c3634c118b643d722b67736393ef9a0ae5098df98738fe9a490979fcd2ea7f88402759dd51d578b

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                Filesize

                                                82B

                                                MD5

                                                b9cc0503f326dbef4929f784e2b49c7a

                                                SHA1

                                                31ba94a1691519eaa9d1dad18c9383d4a2334933

                                                SHA256

                                                7f75c4cbab4fb49e246580383ffb23e8a9dec09cf2bb9a9d3775db7c72fd1b1f

                                                SHA512

                                                9ff075dba9fca085beebbe473f76355c33f5b8fa6a47d10cbf562806ad9121871b530477d0202e0cca1ae8f818c6e369a4c65373f8578565891c861730d5aaa5

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
                                                Filesize

                                                146B

                                                MD5

                                                23d2065c9da1d2986301c49c78654b1f

                                                SHA1

                                                dd96d8bf0e1b46b76682caab828cd70a6ced7b57

                                                SHA256

                                                ea17ffb87b5bde0cad3f86e0debd59ff4634049829e1af79bffd5b9adb510678

                                                SHA512

                                                c9c476715b588b60e5bf45ff6009b41c2b54f54290705e4f4a56c0395bac88cd27103cfabaf3b6c6946849258f501e83bac953c0e53baa09db0907a657cc8cd4

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575757.TMP
                                                Filesize

                                                89B

                                                MD5

                                                d9bcc08f8cff5d751f721ee5fa2c5e36

                                                SHA1

                                                32a24ba61717789be9c99cb977ffbbd0aff654ea

                                                SHA256

                                                c1e84cfffc6430bf680eda8903dd59ea6d5c0fc30cd71d2988981735ec12ad84

                                                SHA512

                                                0a20d6dda6210d7c1eb095334dbda3c94b5b807603b0cf827addf1abadf019e2ed6d6ee7158c1f54ccab79036f01d895b187fc9348ee8e51cd8d0617b22b54ba

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
                                                Filesize

                                                16B

                                                MD5

                                                46295cac801e5d4857d09837238a6394

                                                SHA1

                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                SHA256

                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                SHA512

                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                                Filesize

                                                72B

                                                MD5

                                                190d77e451300d7d1f740efc92c6097d

                                                SHA1

                                                13e4daef057ecb3496699a8eb76db2afb3646ea6

                                                SHA256

                                                aa25d4815e1719bfc408584533d7dc663d4ad28c33b2777b5bf80d81037f0df3

                                                SHA512

                                                2ae639884225ee767b0360a8304cde0af4a5ff8113eb6dd32e79d3344186c01004aa6e9548b1d3d5670af8e63bb229b77f4300a17cc231d77de0a85a8dc998e6

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a5f4.TMP
                                                Filesize

                                                48B

                                                MD5

                                                900245db7908f4210c514da0827bf161

                                                SHA1

                                                552c1318c7253fd46399a40efef9323945378749

                                                SHA256

                                                6e53b0ed875fb00a73115b58fe0a0387128f2a4848534874e2c35780b6460f76

                                                SHA512

                                                a77ecca876a1b95bcbed243ec5c38e4b4c7cbe9e2c4300c98e965584782b11da9b95efae861d5330bd3f5938cf4436c8f9bcdd3d03db35ad9595aa313f484c14

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                Filesize

                                                1KB

                                                MD5

                                                a4247c6255daf724077f9cc713bc98b8

                                                SHA1

                                                ea6b83380a021a188689a5946f9714fd5826562f

                                                SHA256

                                                10d9471b6dd1a7e940392d8b86ed9fe5b82d80e4d819d65c5e4025fb37e7b229

                                                SHA512

                                                563688937149017ffe0a679d0e4d48d27e2384b7735857343cc550d347e96f6238c29a4d45167e7e67e58d42a9000ac07210a5c80aaab8e2eb61ad054d87a9f9

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                Filesize

                                                1KB

                                                MD5

                                                aafcd45cd6b87c1ce0e4df2a451ac562

                                                SHA1

                                                3087a7ec1a544487746a85d38c1dee473f84b1cd

                                                SHA256

                                                72112c9784fec2dcdbd7894ffe1e2dedb488f84fbf5ad1ed0e1c18335749acdc

                                                SHA512

                                                a4103769deb9cae3e1f7b1b3ef378ddd101eb3466497697eb596fce9fd56744b8f3212029a701fda5be0af95cfbb0e73142cb8fc52436e13d3f1b97b85a30f9c

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579a4c.TMP
                                                Filesize

                                                865B

                                                MD5

                                                4ec4235a4b2cd7550dbfc291025586a6

                                                SHA1

                                                1bdf85bbac0614c25f5285bd77f8fd0ce4f92388

                                                SHA256

                                                0c5e24b3f9081999dfa87bcd3761184fc0c97579386ed2fec0d9ff01152c8768

                                                SHA512

                                                718723c8753878b56f089195c42e098ce719cdbe43f347d50404d8f027c41bb73b85d7045b47e1a63f9e23d0712219ff95708ad7619e90c925c34ced63fbf76b

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1a6128d-bc5e-4640-b696-38801692dbae.tmp
                                                Filesize

                                                3KB

                                                MD5

                                                813535df1ed5334d6472592f504bcc1f

                                                SHA1

                                                f91e057fe1397b1502db197e01235da97b9adc0c

                                                SHA256

                                                eb89c77db30fdba842864ab57bd89a73df114a403c7de9a989fb70ab41cb3957

                                                SHA512

                                                288f640d48252249dabc385be702c18914af396d7eb6eb735f1c28c2715a9be9fb96f0c40c0c63ff4da7f558d8f3683010d350540ee8073cd2f2e78ba364aa66

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                Filesize

                                                16B

                                                MD5

                                                6752a1d65b201c13b62ea44016eb221f

                                                SHA1

                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                SHA256

                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                SHA512

                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                11KB

                                                MD5

                                                13356878022e0ddadf182edd4e9b8abc

                                                SHA1

                                                c7ca96073034a2a0419d1642193b3f9fbb85e2b2

                                                SHA256

                                                e11f4d5453b2f9f91009907ccb3fc41c7afa50078c81100fd2fd965665e772c0

                                                SHA512

                                                62bff41eec3c51d42b9e2034b15bada464748ce475ba6f034d364121af4b7751f512654555a913f0468f3ccbe4ef7f9f88b841ce0dbed6af77a0e8ed6efa7157

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                11KB

                                                MD5

                                                b218388e77bb0dbb48ae36338d1c80d1

                                                SHA1

                                                c43af54c8fa669daf848f518cd518de707e6c6e8

                                                SHA256

                                                e78a223277b084817140cb164b40f5d5a8da3b3aaff739945f7f4c963e0e2152

                                                SHA512

                                                a1b6fc30e125753cc536f03b5ce4d0a1ad1315a0540c081e25e7a334de224c34a858a031c140d8bd3338a12ab4b18d3d5cec61aab8879a678c7bf619941ce212

                                                Download Submit

                                              • memory/4840-0-0x00007FF7F6280000-0x00007FF7F6B32000-memory.dmp

                                                Filesize

                                                8.7MB

                                                Download

                                              • memory/4840-250-0x00007FF7F6280000-0x00007FF7F6B32000-memory.dmp

                                                Filesize

                                                8.7MB

                                                Download

                                              • memory/4840-2-0x00007FF7F6280000-0x00007FF7F6B32000-memory.dmp

                                                Filesize

                                                8.7MB

                                                Download

                                              • memory/4840-1-0x00007FF9F6730000-0x00007FF9F6732000-memory.dmp

                                                Filesize

                                                8KB

                                                Download