Overview

overview

10

Static

static

1

xeno.html

windows7-x64

3

xeno.html

windows10-2004-x64

10

Resubmissions

29/09/2024, 07:26

240929-h9xhvsxdqg 10

29/09/2024, 02:58

240929-dgeecsxdll 10

Analysis

  • max time kernel
    245s
  • max time network
    246s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/09/2024, 07:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xeno.html

  • Size

    2KB

  • MD5

    b760d4655d59be17228ff870af42fe6f

  • SHA1

    d37d5e2e9b5bf5a28c7e31f2dc5b889735ae6c35

  • SHA256

    7078ac5f2c491c8a4aec2a530272678dce8bf2f2c300ed351822212b15bf971f

  • SHA512

    7f2f5867f9b920eccf836614fff3b789f5335c66b3fc62566dcabe76f84411f4f8a2040009db442b65882bc7451910a171331564ef385e347d84b141b134fb22

Score
10/10
redlinediscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

C2

185.196.9.26:6302

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 40 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\xeno.html
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa928946f8,0x7ffa92894708,0x7ffa92894718
      2⤵
        PID:4864
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
        2⤵
          PID:4468
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1776 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:884
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
          2⤵
            PID:3044
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
            2⤵
              PID:2052
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
              2⤵
                PID:1016
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
                2⤵
                  PID:4948
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2348
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
                  2⤵
                    PID:3264
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
                    2⤵
                      PID:4744
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                      2⤵
                        PID:3348
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
                        2⤵
                          PID:4496
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
                          2⤵
                            PID:5032
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:1
                            2⤵
                              PID:4484
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5456 /prefetch:8
                              2⤵
                                PID:4728
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
                                2⤵
                                  PID:3356
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                                  2⤵
                                    PID:3484
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
                                    2⤵
                                      PID:1276
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5428 /prefetch:2
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:4328
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2200,3499592282064163206,17570056813036352687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
                                      2⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:2004
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:4692
                                    • C:\Windows\System32\CompPkgSrv.exe
                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                      1⤵
                                        PID:3620
                                      • C:\Windows\System32\rundll32.exe
                                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                        1⤵
                                          PID:60
                                        • C:\Windows\system32\NOTEPAD.EXE
                                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_devًexec (1).zip\ReadMe.txt
                                          1⤵
                                            PID:3972
                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_devexec.zip\Bootstrapper 1.07.exe
                                            "C:\Users\Admin\AppData\Local\Temp\Temp1_devexec.zip\Bootstrapper 1.07.exe"
                                            1⤵
                                            • Suspicious use of SetThreadContext
                                            • System Location Discovery: System Language Discovery
                                            PID:64
                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious behavior: EnumeratesProcesses
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:3880
                                          • C:\Users\Admin\AppData\Local\Temp\Temp1_devexec.zip\Bootstrapper 1.07.exe
                                            "C:\Users\Admin\AppData\Local\Temp\Temp1_devexec.zip\Bootstrapper 1.07.exe"
                                            1⤵
                                            • Suspicious use of SetThreadContext
                                            • System Location Discovery: System Language Discovery
                                            PID:4884
                                            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                              2⤵
                                                PID:4292
                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                2⤵
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:3624

                                            Network

                                            MITRE ATT&CK Enterprise v15

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads

                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Bootstrapper 1.07.exe.log
                                              Filesize

                                              425B

                                              MD5

                                              4eaca4566b22b01cd3bc115b9b0b2196

                                              SHA1

                                              e743e0792c19f71740416e7b3c061d9f1336bf94

                                              SHA256

                                              34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

                                              SHA512

                                              bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RegAsm.exe.log
                                              Filesize

                                              2KB

                                              MD5

                                              0afd29b928418e48de93ad4cd299d9e9

                                              SHA1

                                              464949aeb08839bbc5c9bba1e65bcaf18e1763ea

                                              SHA256

                                              29680de75e55d9b01e021bb387065d3085d0ee422d8ad2d53cd38074b98276c8

                                              SHA512

                                              a2b9683cc2450449874617fcc36af6779fe3e8bcdffa7c1f31be0189dbaeb1597330a5996dfd40a46e54dd6fe1ec162fe37160858941d41b518b7325e0ac212f

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              9e3fc58a8fb86c93d19e1500b873ef6f

                                              SHA1

                                              c6aae5f4e26f5570db5e14bba8d5061867a33b56

                                              SHA256

                                              828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

                                              SHA512

                                              e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                              Filesize

                                              152B

                                              MD5

                                              27304926d60324abe74d7a4b571c35ea

                                              SHA1

                                              78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

                                              SHA256

                                              7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

                                              SHA512

                                              f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
                                              Filesize

                                              20KB

                                              MD5

                                              a652c1f6926fbd2f0880bed6e9895ba2

                                              SHA1

                                              c41ab44b718d9da7ce889a5432a9b88a3a56dc08

                                              SHA256

                                              d0d80d5666003cbb2f2be48892cf8466942f8a1d2a81c04c1cdf3a00582e7c12

                                              SHA512

                                              ad26e570e252ac9debe599bac54a33515ad7ec3ef9f07d9be7c651f967edc9b96fec61141753c73e42a61565010a2ee25cadffc6a3d63be05544ad04ef87c1b6

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              457B

                                              MD5

                                              b0f89407b3170caafb6314b7c6485a87

                                              SHA1

                                              a237dba60832cc2f07ec9844b34689e55ce24f7d

                                              SHA256

                                              904f445a652bfcca5500f3369148ce05614cb92089e7eff82092f1cbd20db893

                                              SHA512

                                              f093774d256bfef85200aed1aee71870b3876c821b1d805190396079be8ccbec8616ce1abc046cfbfdff3ebc45271b63c7c007d3e081521348c5ace1da1cde5e

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                              Filesize

                                              382B

                                              MD5

                                              a3ecb690e2cf3d46b872f8b4f275a309

                                              SHA1

                                              a90b5912d990cec2bf99447e562088c2483d32d7

                                              SHA256

                                              472f15c1e4d3f8bd8247c43cf126816f9d15f2ef6753c2cba98d4e7791cd8efb

                                              SHA512

                                              cff159e8ce0be3f1c4edd285af305a5c48fae4e676c2b7c78a463b7d5d45cf1bfa9ad6b208376f2e3a3b9c068c0ee92045170559ee989b642e77b1d1be1929f8

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              69c2e19f61ba82268a2429a56ea94c4f

                                              SHA1

                                              455cd6db80e270f064d40602c1b0ffd57bad817c

                                              SHA256

                                              4d214b2f05bee8bda7b5da5778e80bc209c2d1f247bdc8c815c8efea7837e38a

                                              SHA512

                                              a7c039ce8af408023768daecf943233d35e33c15acf35c2877f65990d4a532301715406bc03369447d694ac90b470425f9474301400ed52bbc18e3eaefca6b5a

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              5KB

                                              MD5

                                              91fe3346266db3d1b1a2ee24f8bfbe02

                                              SHA1

                                              a9d127a494612be99652c7d0b123a2465441dc2c

                                              SHA256

                                              cbb2f2e26715fb7391db9a21a2b7f2d6a95f308ad4f185e2a674b08145814f1e

                                              SHA512

                                              11729125d9a16516054c22de79943988508daaa2749e4e31af5e1e1e09a04aa8f2bdd42772bb87d7061b866d077b03db54f56bf93988653b96a855dc758bfb81

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                              Filesize

                                              6KB

                                              MD5

                                              533f9e51e8e3d2177c8a55acb0bd82c3

                                              SHA1

                                              5203d42c74fe89db4eb6d73868687906945643a1

                                              SHA256

                                              58e8310819e4c7ea0b75ee2bcac5071d4863246219342fed02f16d52104852bd

                                              SHA512

                                              24e275f5657d903c89adf333921458c41f390bf8aefc5e224f02cd5a0ffbe3e17a5f1aa75d6b1f2e25dcb6abc8d0b10e3a31ca5a9880238fc6cab69add83b5ab

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                              Filesize

                                              16B

                                              MD5

                                              6752a1d65b201c13b62ea44016eb221f

                                              SHA1

                                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                              SHA256

                                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                              SHA512

                                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e513cd69-0737-4f73-b872-ca556691ea88.tmp
                                              Filesize

                                              371B

                                              MD5

                                              6c0daf107a65459cb75cbe0b22c1ad9c

                                              SHA1

                                              3e38c7f2379ef7fd96a191857293fff2646258f7

                                              SHA256

                                              7f255ecd49e7e23408500b153705f239a5120de53efb251f8bb33502c43bdd80

                                              SHA512

                                              244ed38e98c0b8b7b8b259d1e51cd098153571a29cbb3354d7e917ade5e9fe1a3ad05e9a6c3443059fe6a3799076e4acbd38561feddd989cb98172e50095901b

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              11KB

                                              MD5

                                              2a6a68fc3be0eb2b94fde8c403bfaa73

                                              SHA1

                                              dfe325b6d97f266d7350d1073ff63abd3e5500e8

                                              SHA256

                                              86d32f8f3189d258c20087fe81c45ab9fcc1573bfe17739793e32c075b7bbeed

                                              SHA512

                                              30c2285aa10ad30edab3d39a74c1a6e92526774600b77efd2eeb3b835548abb3038133fc8ca8670d3b5a4d47f634885f1e2ff12b92f7564ff9cf4f9a326fd3ec

                                              Download Submit

                                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                              Filesize

                                              10KB

                                              MD5

                                              46408487bba23bca9ab86a9dcbad7d30

                                              SHA1

                                              d1fcb0ecf0f658d446111a6062a18b32e7199604

                                              SHA256

                                              45ea27317184b1605ac9f014edb49fdf3f4467acc3769ec0890815d618a99b93

                                              SHA512

                                              005f52165feec78974d73098c00be718fcaf20ad42788d0ac4a4d3d1860e9d63005a9eaa539b97dffa7a70a144acd5af8c90cdcdc36d3f0e6d03882a55fefa7b

                                              Download Submit

                                            • C:\Users\Admin\Downloads\Unconfirmed 22714.crdownload
                                              Filesize

                                              24.6MB

                                              MD5

                                              a549447c5472c8f96a435baef5a62630

                                              SHA1

                                              c524acf430141074cc9c7b774ef242e4327acfa7

                                              SHA256

                                              a9bedbc31f1c800346a40460665d77e696b2d0bc9428db42f8412f8da7a09129

                                              SHA512

                                              4f92a94c91c2efdc970459a60579e8e2bbfc77297d70e8f30995f28a2937149476f1cd6097cb0ce62a577b524e621b5156bac87a1587f232415a5e57626b7b46

                                              Download Submit

                                            • memory/64-206-0x0000000000DB0000-0x0000000000E04000-memory.dmp

                                              Filesize

                                              336KB

                                              Download

                                            • memory/3880-208-0x0000000000400000-0x0000000000452000-memory.dmp

                                              Filesize

                                              328KB

                                              Download

                                            • memory/3880-213-0x0000000006280000-0x0000000006898000-memory.dmp

                                              Filesize

                                              6.1MB

                                              Download

                                            • memory/3880-214-0x0000000005550000-0x000000000565A000-memory.dmp

                                              Filesize

                                              1.0MB

                                              Download

                                            • memory/3880-215-0x0000000005480000-0x0000000005492000-memory.dmp

                                              Filesize

                                              72KB

                                              Download

                                            • memory/3880-216-0x00000000054E0000-0x000000000551C000-memory.dmp

                                              Filesize

                                              240KB

                                              Download

                                            • memory/3880-217-0x0000000005660000-0x00000000056AC000-memory.dmp

                                              Filesize

                                              304KB

                                              Download

                                            • memory/3880-218-0x0000000005D90000-0x0000000005DF6000-memory.dmp

                                              Filesize

                                              408KB

                                              Download

                                            • memory/3880-219-0x0000000006E70000-0x0000000007032000-memory.dmp

                                              Filesize

                                              1.8MB

                                              Download

                                            • memory/3880-220-0x0000000007570000-0x0000000007A9C000-memory.dmp

                                              Filesize

                                              5.2MB

                                              Download

                                            • memory/3880-212-0x00000000050B0000-0x00000000050BA000-memory.dmp

                                              Filesize

                                              40KB

                                              Download

                                            • memory/3880-223-0x0000000006E20000-0x0000000006E70000-memory.dmp

                                              Filesize

                                              320KB

                                              Download

                                            • memory/3880-211-0x0000000005100000-0x0000000005192000-memory.dmp

                                              Filesize

                                              584KB

                                              Download

                                            • memory/3880-210-0x00000000056B0000-0x0000000005C54000-memory.dmp

                                              Filesize

                                              5.6MB

                                              Download