Overview

overview

10

Static

static

3

waveTool.exe

windows7-x64

10

waveTool.exe

windows11-21h2-x64

10

Resubmissions

05-08-2024 18:52

240805-xjempavemr 10

05-08-2024 18:51

240805-xhhyqayejf 10

Analysis

  • max time kernel
    50s
  • max time network
    52s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05-08-2024 18:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    waveTool.exe

  • Size

    544KB

  • MD5

    a1d84d4f688025921352cd3d9f100461

  • SHA1

    6d905fa87c926af0ba5ded4b6585417449fc5b1a

  • SHA256

    5e7118d4d85c86fe2f3b98541694f1fcecb4cfc3c5de57ba2e9fffed7335a41f

  • SHA512

    2a492172d3db0669eff0ac8c1f358638c38578c72d1311e3a80d3614d969728187c62643e0b53956f8cd86adf2d2383d91e74d51234f5c2f5cbde32a80a77ee6

  • SSDEEP

    12288:2QnZ4kCDyG3HvxPUHLoSOaKjCObx3DXHcvPX1KeE9YJ:9nZ4kCTPxhDEOFzHc3X0eZ

Score
10/10
nanocorediscoverykeyloggerspywarestealertrojan

Malware Config

Extracted

Family

nanocore

Version

1.2.2.0

C2

127.0.0.1:54984

Mutex

c2061050-265f-4002-913c-ea1f49d7f810

Attributes
  • activate_away_mode

    false

  • backup_connection_host

    127.0.0.1

  • backup_dns_server

    8.8.4.4

  • buffer_size

    65535

  • build_time

    2024-05-17T20:07:09.307958536Z

  • bypass_user_account_control

    false

  • bypass_user_account_control_data

    PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTE2Ij8+DQo8VGFzayB2ZXJzaW9uPSIxLjIiIHhtbG5zPSJodHRwOi8vc2NoZW1hcy5taWNyb3NvZnQuY29tL3dpbmRvd3MvMjAwNC8wMi9taXQvdGFzayI+DQogIDxSZWdpc3RyYXRpb25JbmZvIC8+DQogIDxUcmlnZ2VycyAvPg0KICA8UHJpbmNpcGFscz4NCiAgICA8UHJpbmNpcGFsIGlkPSJBdXRob3IiPg0KICAgICAgPExvZ29uVHlwZT5JbnRlcmFjdGl2ZVRva2VuPC9Mb2dvblR5cGU+DQogICAgICA8UnVuTGV2ZWw+SGlnaGVzdEF2YWlsYWJsZTwvUnVuTGV2ZWw+DQogICAgPC9QcmluY2lwYWw+DQogIDwvUHJpbmNpcGFscz4NCiAgPFNldHRpbmdzPg0KICAgIDxNdWx0aXBsZUluc3RhbmNlc1BvbGljeT5QYXJhbGxlbDwvTXVsdGlwbGVJbnN0YW5jZXNQb2xpY3k+DQogICAgPERpc2FsbG93U3RhcnRJZk9uQmF0dGVyaWVzPmZhbHNlPC9EaXNhbGxvd1N0YXJ0SWZPbkJhdHRlcmllcz4NCiAgICA8U3RvcElmR29pbmdPbkJhdHRlcmllcz5mYWxzZTwvU3RvcElmR29pbmdPbkJhdHRlcmllcz4NCiAgICA8QWxsb3dIYXJkVGVybWluYXRlPnRydWU8L0FsbG93SGFyZFRlcm1pbmF0ZT4NCiAgICA8U3RhcnRXaGVuQXZhaWxhYmxlPmZhbHNlPC9TdGFydFdoZW5BdmFpbGFibGU+DQogICAgPFJ1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+ZmFsc2U8L1J1bk9ubHlJZk5ldHdvcmtBdmFpbGFibGU+DQogICAgPElkbGVTZXR0aW5ncz4NCiAgICAgIDxTdG9wT25JZGxlRW5kPmZhbHNlPC9TdG9wT25JZGxlRW5kPg0KICAgICAgPFJlc3RhcnRPbklkbGU+ZmFsc2U8L1Jlc3RhcnRPbklkbGU+DQogICAgPC9JZGxlU2V0dGluZ3M+DQogICAgPEFsbG93U3RhcnRPbkRlbWFuZD50cnVlPC9BbGxvd1N0YXJ0T25EZW1hbmQ+DQogICAgPEVuYWJsZWQ+dHJ1ZTwvRW5hYmxlZD4NCiAgICA8SGlkZGVuPmZhbHNlPC9IaWRkZW4+DQogICAgPFJ1bk9ubHlJZklkbGU+ZmFsc2U8L1J1bk9ubHlJZklkbGU+DQogICAgPFdha2VUb1J1bj5mYWxzZTwvV2FrZVRvUnVuPg0KICAgIDxFeGVjdXRpb25UaW1lTGltaXQ+UFQwUzwvRXhlY3V0aW9uVGltZUxpbWl0Pg0KICAgIDxQcmlvcml0eT40PC9Qcmlvcml0eT4NCiAgPC9TZXR0aW5ncz4NCiAgPEFjdGlvbnMgQ29udGV4dD0iQXV0aG9yIj4NCiAgICA8RXhlYz4NCiAgICAgIDxDb21tYW5kPiIjRVhFQ1VUQUJMRVBBVEgiPC9Db21tYW5kPg0KICAgICAgPEFyZ3VtZW50cz4kKEFyZzApPC9Bcmd1bWVudHM+DQogICAgPC9FeGVjPg0KICA8L0FjdGlvbnM+DQo8L1Rhc2s+

  • clear_access_control

    false

  • clear_zone_identifier

    false

  • connect_delay

    3814

  • connection_port

    54984

  • default_group

    Default

  • enable_debug_mode

    false

  • gc_threshold

    1.048576e+07

  • keep_alive_timeout

    29991

  • keyboard_logging

    false

  • lan_timeout

    2500

  • max_packet_size

    1.048576e+07

  • mutex

    c2061050-265f-4002-913c-ea1f49d7f810

  • mutex_timeout

    5000

  • prevent_system_sleep

    false

  • primary_connection_host

    127.0.0.1

  • primary_dns_server

    8.8.8.8

  • request_elevation

    false

  • restart_delay

    4997

  • run_delay

    0

  • run_on_startup

    false

  • set_critical_process

    false

  • timeout_interval

    5000

  • use_custom_dns_server

    false

  • version

    1.2.2.0

  • wan_timeout

    8000

Signatures

  • NanoCore

    NanoCore is a remote access tool (RAT) with a variety of capabilities.

    keyloggertrojanstealerspywarenanocore
  • Suspicious use of SetThreadContext 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 26 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\waveTool.exe
    "C:\Users\Admin\AppData\Local\Temp\waveTool.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:656
    • C:\Users\Admin\AppData\Local\Temp\waveTool.exe
      "C:\Users\Admin\AppData\Local\Temp\waveTool.exe"
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2320
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=waveTool.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2880
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa8c73cb8,0x7ffaa8c73cc8,0x7ffaa8c73cd8
          4⤵
            PID:4824
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
            4⤵
              PID:1192
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
              4⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:1448
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2520 /prefetch:8
              4⤵
                PID:4036
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
                4⤵
                  PID:1056
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
                  4⤵
                    PID:4348
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
                    4⤵
                      PID:1256
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
                      4⤵
                        PID:5300
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
                        4⤵
                          PID:2344
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
                          4⤵
                            PID:5656
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
                            4⤵
                              PID:5312
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
                              4⤵
                                PID:4540
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
                                4⤵
                                  PID:2824
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
                                  4⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3500
                                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,6241552398550305699,5411898606094257014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6116 /prefetch:8
                                  4⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1996
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=waveTool.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
                                3⤵
                                  PID:5192
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaa8c73cb8,0x7ffaa8c73cc8,0x7ffaa8c73cd8
                                    4⤵
                                      PID:2032
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:5276
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:3376

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    2ee16858e751901224340cabb25e5704

                                    SHA1

                                    24e0d2d301f282fb8e492e9df0b36603b28477b2

                                    SHA256

                                    e9784fcff01f83f4925f23e3a24bce63314ea503c2091f7309c014895fead33c

                                    SHA512

                                    bd9994c2fb4bf097ce7ffea412a2bed97e3af386108ab6aab0df9472a92d4bd94489bb9c36750a92f9818fa3ea6d1756497f5364611e6ebd36de4cd14e9a0fba

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    ea667b2dedf919487c556b97119cf88a

                                    SHA1

                                    0ee7b1da90be47cc31406f4dba755fd083a29762

                                    SHA256

                                    9e7e47ebf490ba409eab3be0314fa695bf28f4764f4875c7568a54337f2df70f

                                    SHA512

                                    832391afcac34fc6c949dee8120f2a5f83ca68c159ff707751d844b085c7496930f0c8fd8313fd8f10a5f5725138be651953934aa79b087ba3c6dd22eaa49c72

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                    Filesize

                                    264B

                                    MD5

                                    441f9ba0827fb5e830a415e42989b249

                                    SHA1

                                    0e7dc3a9e719a30e90b2a1c76aa6ad25ce2df179

                                    SHA256

                                    b636958fb3cdf05189da8e1e17c66c7b5f3cb9e26ab3df5be31ba3f243644a2a

                                    SHA512

                                    93bf18382e34a6724a16d03429e25ca99f3157ab2e4d73a928a8e2ff80f50caa2bfaaec81732326a880246ff324ecaaeb029b117a9e3f925abb1c0da175d3c6a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                    Filesize

                                    437B

                                    MD5

                                    05592d6b429a6209d372dba7629ce97c

                                    SHA1

                                    b4d45e956e3ec9651d4e1e045b887c7ccbdde326

                                    SHA256

                                    3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

                                    SHA512

                                    caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    5KB

                                    MD5

                                    3bc53a2f9a7357659d0c7cc0e19ea601

                                    SHA1

                                    413e515532869c4f07e71a5ce4974c2c0afb1f22

                                    SHA256

                                    e3f026bbc2c29284014dde89850d4ea5bab3a467c08becd228a9f2a6adb35bef

                                    SHA512

                                    598f6c2240b926998c345e70dd15c0be7d10d859a8da21baf8125548e36efe0448ecd43569fb639b395f74999b8f7a589eeeaac840621c26e264c864f221962c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    e160bf72e77e071b34b48589e64e73cf

                                    SHA1

                                    084a65258c8d8146d9083fa70bfab9dd2d397716

                                    SHA256

                                    62d08b8a484c3c329dccda73f9e8fd42f2f1ec25cb5723bc458520f70758e363

                                    SHA512

                                    967ab8309bfc88fe010867a0babdb3c3d65be83435bdf8cc0646f36591e14cb6e3d6c202ccf06126caa7618b0444b0a529b32d85380f1e4287941d494bd08462

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    47df43239283b8dfa4a2baaa12377365

                                    SHA1

                                    f2a3529dd25bdf6843aeeb45871892cba8a51fa0

                                    SHA256

                                    3bef3713d941ad5c46a5f0d62bd93659bb8409059057a718111435af2e1f79ac

                                    SHA512

                                    e0db5026f0ad061af46cac0f7b5e0127ba4e6aea12d84267ef3903495869f416f719373f4992e04be08f323409489ac93af424833534ae49911cd47beea7967e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    68ac216c0d363a7b251009b1003e31d9

                                    SHA1

                                    6f249d2161b420de8c7726438a9f7c997911ca2b

                                    SHA256

                                    824f1c4beadde2fb8aa7249b87ee34f7fda98bd790654e4ce3e61e40e25717e0

                                    SHA512

                                    34069f24d5d90a1539bcfb204646a9ab84b56b846263f8f2ebcda90adda0c4ec2d159082e5705d239492675d3062187cb9b131ddda242a8193bcda9160cc7133

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    367B

                                    MD5

                                    63a526218190fb81c204f1da193890e2

                                    SHA1

                                    c55d9274dd1dc1bf1e859ff9c29532d255b3c05e

                                    SHA256

                                    1b117cfae4fae1b2044af5e783838c09f52b5b2519c2790beafc2d935fb990f5

                                    SHA512

                                    b1cad5673bcf82545351e2014830815d23cf63ddd353e9e24724c845ec7aae0c98be3d70e3a3b72c26e771296fcfe1ef7e148c1c27898d8c42ddb70599b28308

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                    Filesize

                                    367B

                                    MD5

                                    83b5205d0e41976f5a0dd258d02164b9

                                    SHA1

                                    69ff236b620102616c7c5b0375e68e63443a52e4

                                    SHA256

                                    f358c2886d8d112db8e3ec1189ee46f3dfef12675e321d45e710f3c5c98bdd33

                                    SHA512

                                    7bcf93b5f8263479aff3109c60dd7f792cb144ebb449a75720c7ea78178e6e5b027b7ee68ce5433db0a6880cca3ff2ea1c1ab45d8597ada2e1b2b0d78dbbb214

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5810d4.TMP
                                    Filesize

                                    367B

                                    MD5

                                    786176791f47d673611e114fb146e19d

                                    SHA1

                                    e5daabfe139a4241ca66b5ba0a302abd8fdcdc3b

                                    SHA256

                                    a8e9ccb1e03c6cb5f4fd7d9e434074a16744dc5cac65d0fe9c0c047e6eb04ddb

                                    SHA512

                                    f830f53b51d7a68fd147712b96664e56bce430c573bd544787cb2abb8eda6fccfb1a8b5971b5fb91b18bff6d385f74662ffa29b249beef97e65c8f3cebef6494

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    68e80fc24c31815e3e6ea5b9236b2353

                                    SHA1

                                    cd7844b3a1262bf9f411c2f65a7b8a0736fde6a7

                                    SHA256

                                    f9065e4658b9c93618e4311aad2dbc65dfff925db2ea35bf41639526a507fc2f

                                    SHA512

                                    fee7b7848ee5b52da824c1bf5a9568484baa0741a83666b55cacadba3e5948ce91ebe43d94a3803ee2b1ad5ebb9b81b64bbe3187e914e7e6a98eb9db523b7172

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    12f1d8cd62944fb93b8097a3b0f18586

                                    SHA1

                                    4f080c8b5bffb659f32d4c4e0319042b7abadf05

                                    SHA256

                                    2b25ba2d4781f63a12568656ee6f7279bddabd5ccb29f95bf656463b70a4aaf1

                                    SHA512

                                    521a674dc1e0aa0b4f445f3346d84ec3873b31612f3d3528700fb189bee6c5d8fbf71e8b12256e3c77adf83eda995597d25c0477720e9e04226b5745fde86c4a

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    4781401e84933236d0fad7881251ada6

                                    SHA1

                                    a72778dbb8cc86e1ad0b52508651573a28bd62b5

                                    SHA256

                                    984392432d3f79afcde7ab17523c202f55b533536cc6bb1c81c887daeeeee64f

                                    SHA512

                                    bae3f7ed4e0c0ecf9d264ff2ffd38793f7628b4c7fd7a7a0f61ff8e1898595bd26c3e8e4b98b84b407b2b58239b990c59fca65590c75e6877b089dd226bd5f1d

                                    Download Submit

                                  • \??\pipe\LOCAL\crashpad_2880_POYNFQZGROFDEKVP
                                    MD5

                                    d41d8cd98f00b204e9800998ecf8427e

                                    SHA1

                                    da39a3ee5e6b4b0d3255bfef95601890afd80709

                                    SHA256

                                    e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                    SHA512

                                    cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                    Download Submit

                                  • memory/656-1-0x0000000000400000-0x0000000000410000-memory.dmp

                                    Filesize

                                    64KB

                                    Download

                                  • memory/2320-0-0x0000000000400000-0x0000000000490000-memory.dmp

                                    Filesize

                                    576KB

                                    Download