hxxps://cdn[.]discordapp[.]com/attachments/1006326289898156052/1215125387194015805/ian[.]rar?ex=66b6d1b4&is=66b58034&hm=6d1c6cff11cbbcd0fb9769f3c35dfe4f082c29486091181a49aed70aaf0eb10e&

Analysis

max time kernel
115s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 04:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1006326289898156052/1215125387194015805/ian.rar?ex=66b6d1b4&is=66b58034&hm=6d1c6cff11cbbcd0fb9769f3c35dfe4f082c29486091181a49aed70aaf0eb10e&

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3500	vlc.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
876	msedge.exe
876	msedge.exe
2700	msedge.exe
2700	msedge.exe
1764	identity_helper.exe
1764	identity_helper.exe
2604	msedge.exe
2604	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
3860	OpenWith.exe
3500	vlc.exe
3420	OpenWith.exe
452	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeRestorePrivilege	452	7zFM.exe
Token: 35	452	7zFM.exe
Token: SeSecurityPrivilege	452	7zFM.exe
Token: SeSecurityPrivilege	452	7zFM.exe

Suspicious use of FindShellTrayWindow 61 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
452	7zFM.exe
452	7zFM.exe
2700	msedge.exe
452	7zFM.exe

Suspicious use of SendNotifyMessage 33 IoCs

pid	Process
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
2700	msedge.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe
3500	vlc.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3860	OpenWith.exe
3500	vlc.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe
3420	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 3340	2700	msedge.exe	83
PID 2700 wrote to memory of 3340	2700	msedge.exe	83
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 4056	2700	msedge.exe	84
PID 2700 wrote to memory of 876	2700	msedge.exe	85
PID 2700 wrote to memory of 876	2700	msedge.exe	85
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86
PID 2700 wrote to memory of 116	2700	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1006326289898156052/1215125387194015805/ian.rar?ex=66b6d1b4&is=66b58034&hm=6d1c6cff11cbbcd0fb9769f3c35dfe4f082c29486091181a49aed70aaf0eb10e&
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9c68946f8,0x7ff9c6894708,0x7ff9c6894718
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,6830747789791162065,18386447596220318884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3860
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ian.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3500

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4176

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3420

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\ian.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
094ab275342c45551894b7940ae9ad0d

SHA1
2e7ce26fe2eb9be641ae929d0c9cc0dfa26c018e

SHA256
ef1739b833a1048ee1bd55dcbac5b1397396faca1ad771f4d6c2fe58899495a3

SHA512
19d0c688dc1121569247111e45de732b2ab86c71aecdde34b157cfd1b25c53473ed3ade49a97f8cb2ddc4711be78fa26c9330887094e031e9a71bb5c29080b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ac2636c2e5b37c006b6807b1ee83c95

SHA1
e349891cae26651519d22c414d1207750df2ee56

SHA256
17be244deee49bb42bf13226e1b492ded9dfbcb51a91d97e3789efa26123b1ec

SHA512
949bed58670192614851c693d0b3b7308beb3064673e687006bccef5bf252c602e5c6295ce222a99f8f3d6f54c594deed66ab1fa9316bf380e2ba3bcb3443b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2816d4e4e4c62b3040006cd3e1d99e1

SHA1
36b3d92a1d183155cd9f825663c0ac661cea5546

SHA256
78f0f57bef74600b46b1c5c65d4153c313c72d27c2fca275a3b34f88ded46b45

SHA512
2a24b2f10b6e65a066cc1e09562ba9bf6d501a7c3983834550a9fdf373b2e34de1196ba967e1b5e999fd761a54ad2a1926f34500a4831134586a9128d7171b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f829a739b048c9820200921574f6df6

SHA1
909383fd87d64980dab975eef2512927d0ea3129

SHA256
8604f73bbcc00d117a8f03073ef994f18cc62b3251ba6b6a792031e0d850b5cd

SHA512
02a03f3546481f68c37f2a02c122937b1b93ac9c6b91e57822fa807f1d6caacd2251aeb1a802c78660c84ce3702f48d5ff7d8868314a882bdbaf55bb8ca4a0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6a026dcf4191b4ee77f47f8f400b7b97

SHA1
0c012c3e4032aa89e4ff13f1e701a8d966908cd5

SHA256
630af38144bfc5ea15c549ef453cf3a6bbc7fd206299a23882d001b2cfd5ddc7

SHA512
9c06697c6d96c9ee0a8af4ad0216d318e3cdc238a3dd7adc6e657dc0c48264a3596d42198f7e06611e91f1ec1ed22a40253e04e7877282f0bb21508ff5919b0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d7545a58cc2d5902e18266b9b20ef20

SHA1
9f711d14ed147cd34c44549fbdabf20f58836584

SHA256
a60cbb85ea4ab2c268d81b3806d0636757f820fd5a45eee7bf62cad3b35ed5d8

SHA512
93696cdee596c22e5cd08874b2a2181e5faafbec86da529a22c3d36278e2182f566990f15a87418d6bfc8ca310ed7b96d3cc827a64e50ed13228e67f903cc8f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c043e7d5068fb672b7102a84c9998101

SHA1
589b3f7614ecd5c395afca6419cf1eb83a7354ef

SHA256
eb8b3c0bd990ec500ecf9c24b0083063ae630334c39f6432306a57de9eb09966

SHA512
a370c16de15a6184669a4aee5efe6f69f192cd2bdbf776672a1198aa60296df22ec371b941da8a64e527ae10b049502623ca9187f253b768c1bce2653b4aee81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
bb81507c3b1b7d4531395d67c7824d43

SHA1
10187f5c7545cf56aa7c80f4f53f4469253080c3

SHA256
b47cae6c18f5cffb19455cc694d8b1441689b4711d505fa910e8bed28784f21d

SHA512
4278e37acc15ec6ea37d5c170cdfc3830a1a3a035209c654f8eee1ca562cde31fb6c64875caff390600324e8b1d6fc189db301b8bbfbbd3a931bea123b502370

Download Submit
memory/3500-99-0x00007FF9C1B90000-0x00007FF9C1BC4000-memory.dmp

Filesize
208KB

Download
memory/3500-98-0x00007FF68B1C0000-0x00007FF68B2B8000-memory.dmp

Filesize
992KB

Download
memory/3500-100-0x00007FF9B0210000-0x00007FF9B04C6000-memory.dmp

Filesize
2.7MB

Download
memory/3500-101-0x00007FF9AEA00000-0x00007FF9AFAB0000-memory.dmp

Filesize
16.7MB

Download