69e8298ed175a6c67cdf08c943fdfefe429d91d3399399fadf0add9dd7bdc04f

Analysis

max time kernel
30s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2023 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Neptn Spoofer V 5.5.exe
Size

3.5MB
MD5

e9d6ab5ce39952ea7f967e486b20d6a7
SHA1

84a371042bb4a856991ea785f4937c8ccdce3237
SHA256

69e8298ed175a6c67cdf08c943fdfefe429d91d3399399fadf0add9dd7bdc04f
SHA512

3b01562bc55224076b293182189f1399fac70b2a108a971b40e08fec8d9ad37f582d8488c1a6417914e3da402426235e363f62b411b52e17f32eb9711ef25e77
SSDEEP

98304:YZxzcaGB9YyrCub0J79EWZ6E3KVlSz45bOWunhOXGV:Y/7GBLZb0J7Gb0Hz45bynhT

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
evasion

Query Registry
T1012

Virtualization/Sandbox Evasion
T1497

Processes:

Neptn Spoofer V 5.5.exe

description ioc process

Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Neptn Spoofer V 5.5.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Neptn Spoofer V 5.5.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Neptn Spoofer V 5.5.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Neptn Spoofer V 5.5.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Neptn Spoofer V 5.5.exe

Themida packer 6 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral2/memory/1736-133-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp	themida
behavioral2/memory/1736-134-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp	themida
behavioral2/memory/1736-135-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp	themida
behavioral2/memory/1736-136-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp	themida
behavioral2/memory/1736-137-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp	themida
behavioral2/memory/1736-235-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

Neptn Spoofer V 5.5.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA Neptn Spoofer V 5.5.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

Neptn Spoofer V 5.5.exe

pid process

1736 Neptn Spoofer V 5.5.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Neptn Spoofer V 5.5.exe

pid	process
1736	Neptn Spoofer V 5.5.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe
Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

msedge.exemsedge.exe

pid process

4432 msedge.exe
4432 msedge.exe
4392 msedge.exe
4392 msedge.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

Neptn Spoofer V 5.5.exe

pid process

1736 Neptn Spoofer V 5.5.exe
Suspicious behavior: LoadsDriver 1 IoCs

Processes:

pid process

652
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

4392 msedge.exe
4392 msedge.exe
4392 msedge.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

msedge.exe

pid process

4392 msedge.exe
4392 msedge.exe
4392 msedge.exe
4392 msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

pid	process
4432	msedge.exe
4432	msedge.exe
4392	msedge.exe
4392	msedge.exe

pid	process
1736	Neptn Spoofer V 5.5.exe

pid	process
652

pid	process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

pid	process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Neptn Spoofer V 5.5.execmd.exemsedge.exe

description	pid	process	target process
PID 1736 wrote to memory of 4924	1736	Neptn Spoofer V 5.5.exe	cmd.exe
PID 1736 wrote to memory of 4924	1736	Neptn Spoofer V 5.5.exe	cmd.exe
PID 4924 wrote to memory of 4392	4924	cmd.exe	msedge.exe
PID 4924 wrote to memory of 4392	4924	cmd.exe	msedge.exe
PID 4392 wrote to memory of 4376	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4376	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 1700	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4432	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4432	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe
PID 4392 wrote to memory of 4980	4392	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Neptn Spoofer V 5.5.exe
"C:\Users\Admin\AppData\Local\Temp\Neptn Spoofer V 5.5.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1736

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c start https://discord.gg/xCRS6yyPF6
2⤵
- Suspicious use of WriteProcessMemory
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/xCRS6yyPF6
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd483046f8,0x7ffd48304708,0x7ffd48304718
4⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4789920480044552400,2819938791376451663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
4⤵
PID:1700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4789920480044552400,2819938791376451663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4789920480044552400,2819938791376451663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
4⤵
PID:4980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4789920480044552400,2819938791376451663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
4⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4789920480044552400,2819938791376451663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
4⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4789920480044552400,2819938791376451663,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
4⤵
PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9925cb83-4fe7-4cec-84f0-d91d990bda2d.tmp
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
63225ff3609f93878e34e3973819e312

SHA1
f163313a1e61ad1f8a9d299240b9069ea2d4b56b

SHA256
d866c4a9fce93a23e820e4b2765a625977fca8394a789e8319488441c61867c2

SHA512
3988d64b3e8f8077edd3d352b14672c55e23045b84b34483ea5bb2fd06a83dd053d8ae610fafa1aca2d1ece930daea5a7746e5cef049cd3ae2421ea61d1b1cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56b51c.TMP
Filesize
48B

MD5
5e9d1b0700c54573ad25a6ecf9b0d93c

SHA1
95525b04f57a668f828cb86e42627c1251b72e70

SHA256
01ff92157623a6f6c6d80e66e4cf68644e20c6042e5625d177dd35f1531ad04f

SHA512
63a01e25281b4e866e2f9e0a641baf7bd3307728f1cf37b050dd7607bdad8805b8db9c2e743fa6266d4713d644dab746f6c5c7128720accd966782e5e860d104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
e348dc0ef4c0f46717eb7e2e7a9d1511

SHA1
94507661e56937d0b99218a0ab2fbbe749cfef37

SHA256
39fb61cb84eb8885544f7310ae7b3f9c1c276ea27aa5c2c5e0ea9330837f153c

SHA512
86fb0c42960c0efb4049c6f9fbbbe8e77ee26d3ff5e482bfe456bf5aeb6f52a939c6a73b2c39c1317b60eb8d8fc9d6c6861e10788dac52254b43aa60ea3b958d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
459B

MD5
4562ba54f828818675b1da782c30ad8a

SHA1
c603a8ce269494b686fb1ce29b811a68b61d8bd2

SHA256
040fc3e4eefee7d9c43a03fbdc73b89a9c9c291352c2d18fa3b6e224987b5272

SHA512
95451d95a0ca4ebc882995cebcd5ae619760aaad482cde35fc470db605801f5b0344ea23b45c033743814960fa77fe534e2731aed71f95f46adb40e95a24425b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
6ef49b22711b938239e96bf3f664969e

SHA1
8d661beb663855044ef75d4e829fa40313ccb0c8

SHA256
43fbb95e314f930535eb1f2642c9120490230e76865080423d7c309ea79bba54

SHA512
d2ad39bb3ecab1b323d98d143fc8dfb3a59e5ad0e9b403c8b55689baf9da2bc8d84406e5f8c0343f62c2b8a5aa104ce2827dc86533a5b5dc5af8ef68fb4f8e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f54bbcc1a00264368aea4c7bb6b8e4a8

SHA1
a59a14fe9a1c421b782edf25655b0f39b03349fd

SHA256
eea3d4916e0febb15b66f4794f7d41aba21627e6406c89d0e8a0f23ee88dd4d6

SHA512
46cacc975755a591c10aa2cee7e55e595e36f205cccba5bd83a54e3aac880e77c035d1ace964ca030abafa76181e4e3929e1f9df6f64fc4e2c71bd08485d059e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
a24c730bb55473cbc7e7f31b01b161e7

SHA1
bfa2cf8cd367ab473a678522c890037ff84ebea9

SHA256
406082507f5ac4e298d468591d17e8d37ee656943ac674ad94e34d0c9359a6b1

SHA512
25f4a66fcf93bebd4fa45cd622aae374e3abf748a031630fe56d175ff153d1cfc5693483300acb3c488c6bac52ea932f8fdb9ec83e9e2fa4706f9958a90ebade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
\??\pipe\LOCAL\crashpad_4392_AQAZULLOOLZWCVGZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1736-133-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp

Filesize
9.5MB

Download
memory/1736-235-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp

Filesize
9.5MB

Download
memory/1736-137-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp

Filesize
9.5MB

Download
memory/1736-136-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp

Filesize
9.5MB

Download
memory/1736-135-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp

Filesize
9.5MB

Download
memory/1736-134-0x00007FF7281D0000-0x00007FF728B5C000-memory.dmp

Filesize
9.5MB

Download