Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

1

URLScan

urlscan

1

https://download2269...

windows10-2004-x64

3

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 22:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://download2269.mediafire.com/h4n4kgtuqtwgSH69ubmbR9vkon_3XLaWevcrqr-1njMJI72fqbvPSmWz7Kf9Uv3z4IwrHT5GZr3flfluVEVF7XWdsOmkVR83eMo19KJWjxBhRrFYtPqgwjAWKQ4xp888HucICF9E_6BxUvYrvVpjSJaiY7JacADp9LXNNph2/ryn8gfodhoef7bx/APK_Toolkit_v1.3_by_0xd00d.zip

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download2269.mediafire.com/h4n4kgtuqtwgSH69ubmbR9vkon_3XLaWevcrqr-1njMJI72fqbvPSmWz7Kf9Uv3z4IwrHT5GZr3flfluVEVF7XWdsOmkVR83eMo19KJWjxBhRrFYtPqgwjAWKQ4xp888HucICF9E_6BxUvYrvVpjSJaiY7JacADp9LXNNph2/ryn8gfodhoef7bx/APK_Toolkit_v1.3_by_0xd00d.zip
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4024
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe15b346f8,0x7ffe15b34708,0x7ffe15b34718
      2⤵
        PID:4464
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        2⤵
          PID:1576
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3748
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
          2⤵
            PID:4820
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
            2⤵
              PID:3076
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
              2⤵
                PID:2756
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
                2⤵
                  PID:4116
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
                  2⤵
                    PID:4536
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
                    2⤵
                      PID:4752
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:4052
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5652 /prefetch:8
                      2⤵
                        PID:1292
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
                        2⤵
                          PID:1032
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
                          2⤵
                            PID:4756
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
                            2⤵
                              PID:4072
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
                              2⤵
                                PID:1088
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
                                2⤵
                                  PID:3468
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:2628
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,964321728193412537,12113137764028289740,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5412 /prefetch:2
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1344
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1552
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4636
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:4964
                                    • C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe
                                      "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\ApkToolkit.exe"
                                      1⤵
                                      • System Location Discovery: System Language Discovery
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2564
                                      • C:\Windows\SysWOW64\cmd.exe
                                        cmd.exe /C java -version
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:400
                                        • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
                                          java -version
                                          3⤵
                                            PID:2896
                                        • C:\Windows\SysWOW64\cmd.exe
                                          cmd.exe /C ""C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject"
                                          2⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:5008
                                          • C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe
                                            "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\OpenSSL\openssl.exe" x509 -in "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\ApkToolkit_Certificate.pem" -inform pem -noout -subject
                                            3⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:4480
                                        • C:\Windows\SysWOW64\cmd.exe
                                          cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version
                                          2⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:3248
                                          • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
                                            java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apktool.jar" -version
                                            3⤵
                                              PID:4160
                                          • C:\Windows\SysWOW64\cmd.exe
                                            cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version
                                            2⤵
                                            • System Location Discovery: System Language Discovery
                                            PID:2832
                                            • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
                                              java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\apksigner.jar" version
                                              3⤵
                                                PID:4360
                                            • C:\Windows\SysWOW64\cmd.exe
                                              cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:2228
                                              • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
                                                java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\baksmali.jar" -v
                                                3⤵
                                                  PID:4780
                                              • C:\Windows\SysWOW64\cmd.exe
                                                cmd.exe /C java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v
                                                2⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:1456
                                                • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
                                                  java -jar -Duser.language=en -Dfile.encoding=UTF8 -Djdk.util.zip.disableZip64ExtraFieldValidation=true -Djdk.nio.zipfs.allowDotZipEntry=true "C:\Users\Admin\Downloads\APK_Toolkit_v1.3_by_0xd00d\APK_Toolkit_by_0xd00d\6 - Resources\smali.jar" -v
                                                  3⤵
                                                    PID:456

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
                                                Filesize

                                                46B

                                                MD5

                                                26f388a90babf548bf78477002b3cb74

                                                SHA1

                                                f7029975d7bf8b57bc30c3a7719b10441ca01474

                                                SHA256

                                                5c4840db3688a4182b10c5beba3459c1f7343fef73fdd831dc1fa659e7295420

                                                SHA512

                                                bbf0eedc56581240785cba70aa9b871429e2c95fdc6df2d9a768756a2cbeed3fc7482780a111f95c1bc0290f40ae9f8db7558e1be31f6ff601c788c1f03d8ae4

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                53bc70ecb115bdbabe67620c416fe9b3

                                                SHA1

                                                af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

                                                SHA256

                                                b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

                                                SHA512

                                                cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                Filesize

                                                152B

                                                MD5

                                                e765f3d75e6b0e4a7119c8b14d47d8da

                                                SHA1

                                                cc9f7c7826c2e1a129e7d98884926076c3714fc0

                                                SHA256

                                                986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

                                                SHA512

                                                a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                6KB

                                                MD5

                                                458376876dde62a757b4b7fd41e79da0

                                                SHA1

                                                aab176bc92e0ce63485782027bcfe9aaf8903dd6

                                                SHA256

                                                d602cec61c6ac5447b05f749b5b424e753e314d7e34654d5c3caf53ca35a6f98

                                                SHA512

                                                a72efe99a8e603960cc121f29b0bda913643e0584b3639b0d48f2683ae5c6843e2b6d39cf2f73964b3984afc4777315495f7e63ef557c37071cc33dd3592c82a

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                6KB

                                                MD5

                                                be14ea761a54bca0bcdb8ed3bff94fcd

                                                SHA1

                                                a2497f2a104396510762751b3ef33cd77413228c

                                                SHA256

                                                5f33a8954a48e8c58b2bef2dac6c1ddfda25818154e6ba4013e78bd2ed153cfb

                                                SHA512

                                                c017e0380c7945eeb9ab8bfe5b340039b4600de31cd7329753816d5f4bcce531d54ed1f36bfc844ceb7f999aa1a42db35b9ebde3fbdfb14b171bfdea1e4f8042

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                5KB

                                                MD5

                                                0cd3011c6e275893c9f0df1d253a1bf4

                                                SHA1

                                                425ab4f44b1968fefb478c6a222388919970103d

                                                SHA256

                                                8dfcc885cf860419c15be852afe113f0b55f5e348c673199a6eef644f98d7997

                                                SHA512

                                                a5d0f1807221295a7bebcec552e861f03dca683f272780906139add561767d4ed341e9a374ee94275226f3e1260a48a85f0a564f43b984623ea95cbfb11c49cf

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                Filesize

                                                6KB

                                                MD5

                                                7523865209bff42a990d70d3f683a257

                                                SHA1

                                                64f02babd77980f6bd04269e610059d0b21d7da5

                                                SHA256

                                                3d2e813eaf212e10f362193b440b35977efc7e33d15faaab3b74a39efd29eb80

                                                SHA512

                                                5e8d663f648ed7450d08c2f3b073331b9add2e691817706af6e60a30864168e134e8f5a4d75567b04d6c42fad0cbb4f69051b1424442506928c95be0a270a376

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                Filesize

                                                16B

                                                MD5

                                                6752a1d65b201c13b62ea44016eb221f

                                                SHA1

                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                SHA256

                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                SHA512

                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                11KB

                                                MD5

                                                e646c31f211c26a27349674340f19f9b

                                                SHA1

                                                f221ca85ffa370d25d1d3ca3f9ccce99075a5542

                                                SHA256

                                                424bedf320df0b8d4eeae3c7eb239912e8c9a9037b1fb7b4417b93d481cb8ba2

                                                SHA512

                                                cca465d313bed814460853177f03cbe0d2f11f992bf38b3ef96c005437433306a006ecd3a33448a89f25d892238712e6a02bbd72fdbd5fa22ba2757fcfb3d77c

                                                Download Submit

                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                Filesize

                                                10KB

                                                MD5

                                                fe49700ca4dd1feaebd67671255fafb6

                                                SHA1

                                                cbd44a104e61d9696bef542107dff6aeb20ecc43

                                                SHA256

                                                2c89ed416142b677fa536b69a5b614abd4e9c87a8c568b28941ddd7253a36ad6

                                                SHA512

                                                add4cf82096f75a760a4ce8f4db8c9ade25eb85c80af1dd2ae1aef3c52b9061b55ec363f3b5cb04b2d528ddb9ad32df69e99e48b561bee678b4cdcea14bfb6ac

                                                Download Submit

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
                                                Filesize

                                                9KB

                                                MD5

                                                a8c0a7f9cc52019bc139aa5192ac766b

                                                SHA1

                                                7ae80e4f2d86d0a043677dfd48799a7c0445afd7

                                                SHA256

                                                6f1e2489127a181f13b4e1d378e6d1cf12e7d0a5f75833bf077111b9b6da31d9

                                                SHA512

                                                b9e6b1ea35b39eede35644d0faa80ec534ad5e42ebf25f3e80af6b6d3794a30935efdaac0881aa7f3c4e109e8e272d689218db31d4a4c9404de691ba62fa5e04

                                                Download Submit

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
                                                Filesize

                                                9KB

                                                MD5

                                                4043a824d6b73dffc2e6a0d7818a04ac

                                                SHA1

                                                b2397ded92f273d63199cefb0974f09ae1683264

                                                SHA256

                                                b8902392a7cca5821d5c55e5f0aa6868a46b5ce83c9baafdbbb55ffcd8a84308

                                                SHA512

                                                dd2709cdd2d665a31791695287bb01a9e2bb93f24de39c55f165ec95feab7438789f5adc00bc7fc43e68d188dcb7836c4d58ead7065b0fa4ad67a042ebfa8fda

                                                Download Submit

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
                                                Filesize

                                                9KB

                                                MD5

                                                905194947da8423b541156d610194a2d

                                                SHA1

                                                9dfc385906ba5b9275a93819dd0e5490b0519040

                                                SHA256

                                                e7b9cbb0cc8b7061004bc91983c7104dfa84d9612f4e73461967fa686616162d

                                                SHA512

                                                2d9a113474cb10ef4df25ad417c924c2e691df981e6d312357a41a9aa9b008787a8e89b9f2dfaa98af307209c614e7865ac998ce14314986a12742afc2d536ec

                                                Download Submit

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
                                                Filesize

                                                9KB

                                                MD5

                                                c74339e3b7a09dc9854d0f93e2d9c037

                                                SHA1

                                                9293c5ff89dd80023bcb046c53a4256f5eaabc2d

                                                SHA256

                                                ea4e37c62e0ca6fe0416db32b135d541c3882400b05852e08510ce6b271636d3

                                                SHA512

                                                05832aab8b42331955d4902b4298edf162685ed0c0385dd224cc58e37386a4845c2527ce88ceb4f9fb7e7e9324b895ce42471aee93da9eae4e90e51b05572f2a

                                                Download Submit

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
                                                Filesize

                                                9KB

                                                MD5

                                                dad80d5c6cd67a2c7b27c8a4d53f48a9

                                                SHA1

                                                f38ec758d931d5a7a7192f85812e85743378e601

                                                SHA256

                                                c4a0a106a0d09f186665a610458dc7a28e6bf7c163058fdcb19b2342883836b1

                                                SHA512

                                                53edd27f53f4d25c1a8484d22ac9befa6aef5e98118c5742f81412e20aca523e864a79486c20cf3e70e0f70c3d340dead1bcb7f3f065847262f646929cc2385c

                                                Download Submit

                                              • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fa5183f488243844.customDestinations-ms
                                                Filesize

                                                9KB

                                                MD5

                                                8675440a04ab553237cbf4cc5c4eba00

                                                SHA1

                                                3df930d4cab4a1c4735c954013d1c54e68f812bf

                                                SHA256

                                                486923994c6a6c0865ea35d9b23f95f0fdb385cfa3cee54252711e362b9e221c

                                                SHA512

                                                1522598fbcfda666234c1cae8a4f4f47c6c75bb55395ead48e9b35e56c412f1bdd92ff278344ca2bf7c706f52bc8c744d68eb7cef0e832cf7f42dc7edae1d4b7

                                                Download Submit

                                              • memory/2564-154-0x0000000000400000-0x00000000009C2000-memory.dmp

                                                Filesize

                                                5.8MB

                                                Download

                                              • memory/2896-268-0x00000278834F0000-0x00000278834F1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4160-280-0x000001CCF84F0000-0x000001CCF84F1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4160-282-0x000001CCF84F0000-0x000001CCF84F1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4360-294-0x000001E37A270000-0x000001E37A271000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4360-297-0x000001E37A270000-0x000001E37A271000-memory.dmp

                                                Filesize

                                                4KB

                                                Download

                                              • memory/4780-309-0x000001E09F3D0000-0x000001E09F3D1000-memory.dmp

                                                Filesize

                                                4KB

                                                Download