83a9a67e1fca93d517977cd0b22e60fea7439eefe3b5a2f73b5109f0d6c10a4b

Analysis

max time kernel
48s
max time network
49s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
13/01/2025, 00:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
Size

1.4MB
MD5

a1af9b0374d7c8fe2d0657e8c7ae74ef
SHA1

c23d14ca18070151e65e31dd6ff5fd1e48793741
SHA256

83a9a67e1fca93d517977cd0b22e60fea7439eefe3b5a2f73b5109f0d6c10a4b
SHA512

8ffce915a2d7dd7336c63ed798ac995fbba1bdb0c2f7b3040edf3d46ebf68301e27e292feb7084e5a5ff97aeb0ea4139dcbae4be3a06d3bdec804aa1019439a1
SSDEEP

24576:YlIFWm3UdC7AVOnrl/6aucZnCDFrNTDSDx+ya:7k1VqB6yZnSf1

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2132	msedge.exe
2132	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 2132	2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe	88
PID 2992 wrote to memory of 2132	2992	Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe	88
PID 2132 wrote to memory of 632	2132	msedge.exe	89
PID 2132 wrote to memory of 632	2132	msedge.exe	89
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 4140	2132	msedge.exe	90
PID 2132 wrote to memory of 1056	2132	msedge.exe	91
PID 2132 wrote to memory of 1056	2132	msedge.exe	91
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92
PID 2132 wrote to memory of 2652	2132	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe
"C:\Users\Admin\AppData\Local\Temp\Dark Souls Remastered v1.01-v1.04 Plus 23 Trainer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flingtrainer.com/tag/dark-souls-remastered
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb1b9646f8,0x7ffb1b964708,0x7ffb1b964718
    3⤵
    PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7363621269723223384,15525929030563558856,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
    3⤵
    PID:4140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7363621269723223384,15525929030563558856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    PID:1056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7363621269723223384,15525929030563558856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
    3⤵
    PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7363621269723223384,15525929030563558856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7363621269723223384,15525929030563558856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
    3⤵
    PID:2336
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7363621269723223384,15525929030563558856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
    3⤵
    PID:1456
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    PID:4384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x1ec,0x254,0x7ff715b35460,0x7ff715b35470,0x7ff715b35480
      4⤵
      PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7363621269723223384,15525929030563558856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
    3⤵
    PID:2592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
1KB

MD5
c9be626e9715952e9b70f92f912b9787

SHA1
aa2e946d9ad9027172d0d321917942b7562d6abe

SHA256
c13e8d22800c200915f87f71c31185053e4e60ca25de2e41e160e09cd2d815d4

SHA512
7581b7c593785380e9db3ae760af85c1a889f607a3cd2aa5a2695a0e5a0fe8ee751578e88f7d8c997faeda804e2fc2655d859bee2832eace526ed4379edaa3f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B46811C17859FFB409CF0E904A4AA8F8

Filesize
436B

MD5
971c514f84bba0785f80aa1c23edfd79

SHA1
732acea710a87530c6b08ecdf32a110d254a54c8

SHA256
f157ed17fcaf8837fa82f8b69973848c9b10a02636848f995698212a08f31895

SHA512
43dc1425d80e170c645a3e3bb56da8c3acd31bd637329e9e37094ac346ac85434df4edcdbefc05ae00aea33a80a88e2af695997a495611217fe6706075a63c58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8B2B9A00839EED1DFDCCC3BFC2F5DF12

Filesize
174B

MD5
4b6fa6055a7337b99d8349ca860acceb

SHA1
cf20616aa274d334706983582dde70204f8a877d

SHA256
c2fd1cf63536a57efbf50b7f41592292c64bcd8f4ff31548ecbb040cfe6d503b

SHA512
46645426e4b382f83ec5f98c066fa160f8b2b5d51e4a68ef9cc1bfbf30df661990654664caba3f7df8bd490404e5f1f7c6e2491d7d1347c56dab3d7165a7f9b6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B46811C17859FFB409CF0E904A4AA8F8

Filesize
170B

MD5
0e8d308cc9c36c0ad50a5fbac04aaa23

SHA1
a92ec7d0d00ec97fffaadb3e19ac137633ca9cde

SHA256
958a9a8661a8f340841b7127faa34cac4558357d30c5b81357b9137a685199a1

SHA512
1153684fbf5e48fa55129a13fcb7cd1b0ec54b4667325efb8b7fdca8dd9ce3da0fc0bf7b8c3174e115fd868a7e01d24ebadcda29efc5278f9720264992ecd40e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0526f2b37744871ef85ad98e2a03cd78

SHA1
7e8475de7f5614e30b67793a41d35ff492aff7cc

SHA256
68ce145d21b89f38464ed7486c74dd55a7e28e5ba25bb640cf4059b1bafdafd9

SHA512
12ae36f493802621601887cdc25e3d7191bfa94f0e784f11f18bff4bdf407efee195aceca19fe151718e9e7498a4faf0ff885e38cbc8e1e7a5d5d81f400b1ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6547c6e6bdac94ad11ab8e5311c7e265

SHA1
cc3401985b79ed678f8b94b0500766691044ee7f

SHA256
685aee2efe60adca559de33807715ef5306c5ccb8857070155eae3d7ab397e3a

SHA512
d685ddcb513af37ea57e0255d9f5387266f882015b9cfca8f100931dc1629e54d1150679e4562717180447887ef7094539df668707dfbdbd3ef9b4920de7dcb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
b90e71877ca8f0e2d93afaea57ba87ec

SHA1
293d10079f8086fa125cde65fc3ebcc1698f3194

SHA256
d6f69eeb4480c545bc107aaa5e92527275eacf72ce2cd951d524a47dea4f6412

SHA512
caf026daab83b4cc3fd32ac4b53ea1b253078c2aa6bb8aaf959b78da2eac8f423fdee2dddf21f8d254dea0032f505b8eb09a09c8a8f78f134b5b88c69361e420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
54d8d5d412f3513b3c0f5d4f86a4874c

SHA1
bd77a00fb917760fc161fe3a4d87d67182225c77

SHA256
ed80fc26e71dc195ccf0e92873cd3f2d559c83a0acf763829e39d0b2921028a0

SHA512
8bff2beee1faaa562c6b332a0cbbd633ac52c6d60fda2e6ea81a888d3c6a85cb7e6f8ca5a111e61a6abbe20e5673ced2eb0295166bbc222b7cc29458515dbeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Temp\FLiNGTrainer.tmp

Filesize
177KB

MD5
edba72247c3a3d7a67c0e79a00963c5b

SHA1
2e96c6cabd29d59c2e24129c6e2d689546a97813

SHA256
a5d93699b741dcd8510817ea81aa9a075298047932bd6560e8b5bb3970d29370

SHA512
3e8ad7532d0067479176cf6a8a551344a3fe002ae23d4d6b3836ea1f233ad3ecad0eca5875dce773b22e8f20a325d4a44a5846847cfdfda00db5a648126505f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f10f4f40229c9a1eb08f5be51f308065

SHA1
2da3aa6238026f7838b0b5215a6a43eea18ed303

SHA256
e4b4dacaa1c6509810adf3f79615cef01f817533224bed3f3ff70a979322e2f4

SHA512
d258d00130df212e5356e3d5813cc65e09f03a6c32e7eef369c00abfde82ec67e4b93c9c27b1f337930da5a6fd5cd15605575da091c474e820934a159d78a515

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
5733547904d798b1df8a2658396d32a7

SHA1
a037fa865ef6d79e2f4b6228d1b4ef4d5ea4cec5

SHA256
4968c3c2f939e9d13636a270804bc556e73698e5c75f4feae99f8cb400077257

SHA512
ebc5c013e4ea5b239ebe93e54782d1159dfc3e6ac1b632b27498cad421a6e22f8ca726975181aae1cb0ea5011cbc8ea3c12951b6a5deb811d60d0f0917bccc64

Download Submit
memory/2992-14-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-34-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-33-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-32-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-31-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-30-0x00007FFB242F3000-0x00007FFB242F5000-memory.dmp

Filesize
8KB

Download
memory/2992-29-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-15-0x00000274FF370000-0x00000274FF3A8000-memory.dmp

Filesize
224KB

Download
memory/2992-16-0x00000274FF330000-0x00000274FF33E000-memory.dmp

Filesize
56KB

Download
memory/2992-1-0x00007FFB242F3000-0x00007FFB242F5000-memory.dmp

Filesize
8KB

Download
memory/2992-13-0x00000274FF320000-0x00000274FF328000-memory.dmp

Filesize
32KB

Download
memory/2992-12-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-11-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-10-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-9-0x00007FFB242F0000-0x00007FFB24DB2000-memory.dmp

Filesize
10.8MB

Download
memory/2992-3-0x00000274E2F40000-0x00000274E2F72000-memory.dmp

Filesize
200KB

Download