32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
50s
max time network
49s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08-08-2024 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tata.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

8^/10

defense_evasion discovery themida

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

tata.exetata.exetata.exe

pid process

2944 tata.exe
3536 tata.exe
2952 tata.exe

pid	process
2944	tata.exe
3536	tata.exe
2952	tata.exe

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Unconfirmed 614814.crdownload	themida
behavioral1/memory/2944-83-0x0000000000400000-0x0000000002E58000-memory.dmp	themida
behavioral1/memory/2944-116-0x0000000000400000-0x0000000002E58000-memory.dmp	themida

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\tata.exe:Zone.Identifier msedge.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\tata.exe:Zone.Identifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 2 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 614814.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\tata.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2916	msedge.exe
2916	msedge.exe
4748	msedge.exe
4748	msedge.exe
2320	identity_helper.exe
2320	identity_helper.exe
4404	msedge.exe
4404	msedge.exe
2824	msedge.exe
2824	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4748 msedge.exe
4748 msedge.exe
4748 msedge.exe
4748 msedge.exe
4748 msedge.exe
4748 msedge.exe
4748 msedge.exe
4748 msedge.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

msedge.exe

pid	process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4748 wrote to memory of 572	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 572	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 3564	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 2916	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 2916	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe
PID 4748 wrote to memory of 4152	4748	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\tata.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff8ea73cb8,0x7fff8ea73cc8,0x7fff8ea73cd8
2⤵
PID:572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:3564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1400 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
2⤵
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
2⤵
PID:676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
2⤵
PID:1220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
2⤵
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
2⤵
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
2⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
2⤵
PID:948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3012 /prefetch:8
2⤵
PID:1300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,12382884062022521772,11716416482432318634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5832 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2824

C:\Users\Admin\Downloads\tata.exe
"C:\Users\Admin\Downloads\tata.exe"
2⤵
- Executes dropped EXE
PID:2944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3056

C:\Users\Admin\Downloads\tata.exe
"C:\Users\Admin\Downloads\tata.exe"
1⤵
- Executes dropped EXE
PID:3536

C:\Users\Admin\Downloads\tata.exe
"C:\Users\Admin\Downloads\tata.exe"
1⤵
- Executes dropped EXE
PID:2952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1756

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3e2612636cf368bc811fdc8db09e037d

SHA1
d69e34379f97e35083f4c4ea1249e6f1a5f51d56

SHA256
2eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9

SHA512
b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e8115549491cca16e7bfdfec9db7f89a

SHA1
d1eb5c8263cbe146cd88953bb9886c3aeb262742

SHA256
dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e

SHA512
851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
317d5b7d7b496a02eab5467c362f2342

SHA1
6083d6b185847ffef7cc4672c6a2b880f129344c

SHA256
ccece92b1ed356be5499203d28035eb0032fff39f8d15692dd111c6f4c173923

SHA512
9ac40c97be1bac42b1c27060bede0a1d0dc1fa6f19937c8077e7278c7c9c11b69d6a9d2eabe7c8204b75f12d8f8f3ac3d3ae3751e6b380d194bd70080241aeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f32561a524bfa10b30d72b54773086b6

SHA1
439d1b284d3e0cd53c771a15344bf2d2b0d7be56

SHA256
7fef4f7d87a21fe3cd027f3ea368ae35db970a060414e3806d1a5ab7a858443c

SHA512
8a28a479529e9a5aa7e024d8908c6a903adbdca20a9ded747ee34d149a62f07d465b8d169206d68be82d3f1f842f040228d2ae4cfa93f096cec910805f5d094c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fa5b62bd7e74841c84f43f01d78f2765

SHA1
912abd234adc7aae6c09f0fddac3bd552f74b2c4

SHA256
1afb13c46e45d28f2777255b536e1f8c8fa56b96c4ba7fffc1ad27a74cb49772

SHA512
568f7f1af4a7c160005298cbe5e3efa0b42626f1c0e56384346fa984b3732f179a9c1371b7318721424b84ee1a3667a888e5eefea72c3bdf8e849e74fc0325c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
63ce047676dbe5162e3cd38c0db73b08

SHA1
a849c45bf0f1da4ef96328b4ec303ac028d20f13

SHA256
b0d8aa5e149d035d906d15a99b2325bc7e13c67efd8f7051cdac91e023bc1e9f

SHA512
27d6855f05e2f1f3ece090912c91cabf4d52bd4bd1f585ab15c5707727ca4ebe976845de689f93382e47bdda83cbedeb92b3c4395f47b2f47e2a3fa7c2fac166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cc4535e97e8b55e65f2384a2f1d70cc4

SHA1
cee50fb24c57698aff44dbb6723518ef7656b2f4

SHA256
c825964b9d4c043274e061852fafd34865cb32ca62ce11027e9f535f435c647c

SHA512
f8e5b1974b86e60016c1226cbb96b990bcd0226fee0c43495b16b086cbec4be2cb1ab97a9e3722979cef568c0523c9f4eafe0d43727e292124281770a0050650

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 614814.crdownload
Filesize
41.7MB

MD5
fa76d2870cc344b393b82d3717b3f791

SHA1
5993a9b0f0ef54c9e92076d15c9a1792c6e1ca5e

SHA256
630f04c4a48c8c58e99b74e546359a60fac425de6a1800b6da95bd98d5573753

SHA512
0fe1d8a572fbd470dfdc08a7f6538ab9e26a67abeb27caad4f86e9f69cb5bf9f4526309c14181fe7d0d7135ca6650e945b53be26ff94a8f70f9ef4a8c281709d

Download Submit
C:\Users\Admin\Downloads\tata.exe:Zone.Identifier
Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_4748_MCJHONEDVKRZGSMM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2944-83-0x0000000000400000-0x0000000002E58000-memory.dmp

Filesize
42.3MB

Download
memory/2944-116-0x0000000000400000-0x0000000002E58000-memory.dmp

Filesize
42.3MB

Download