hxxps://pub-5e34bcda437b499399d6abc116886480[.]r2[.]dev/indexR[.]html

Resubmissions

25-08-2023 14:05

230825-reav2seb7x 10

25-08-2023 14:00

230825-ra8araeb4z 10

25-08-2023 13:55

230825-q75qfsea9s 10

Analysis

max time kernel
263s
max time network
281s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
25-08-2023 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pub-5e34bcda437b499399d6abc116886480.r2.dev/indexR.html

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2236	msedge.exe
2236	msedge.exe
1012	msedge.exe
1012	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1012 msedge.exe
1012 msedge.exe
1012 msedge.exe
1012 msedge.exe
1012 msedge.exe
1012 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1012 wrote to memory of 4940	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 4940	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 5056	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 2236	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 2236	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe
PID 1012 wrote to memory of 3724	1012	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pub-5e34bcda437b499399d6abc116886480.r2.dev/indexR.html
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9cdeb46f8,0x7ff9cdeb4708,0x7ff9cdeb4718
2⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
2⤵
PID:5056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
2⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
2⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
2⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
2⤵
PID:3668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5852 /prefetch:8
2⤵
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,18191554004264386184,6456729471159456659,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3104 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x360 0x2d4
1⤵
PID:4972

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
d3caf546cc9123da9c93213af300d032

SHA1
d382428654cbbf6e2efdc1d5612d787d404aa1ea

SHA256
a4a7f943771a41728cca7c46a6ee09cbbacdc13edeafdff5f6a8ce55d9e121f8

SHA512
466de6a90dfeee164fb71c0f474206a9eb19a6a275a20c64ca5d1ff473a1c11a07961035d7b365bad3ca5961ad93caafc29b7719a54acc1f601026f4d4b3ab72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
01492c32e57517d31f2a7c703185104c

SHA1
dc97eaa4f106bc483fc9261c2d3a4f714db2f21e

SHA256
0243381bf6c6c1ca120cecedede6c6b916e73321dc0f57479e03cff681707167

SHA512
45bc2a6a80bb14066baff9048b378d95ced86295ccfc0002e86668f0e3c831f8cafb24164dbe3fd08ebd19feb970d2c6f3dcb1076553aeee6eec8ca4b6d8d29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
691B

MD5
3fcc2e1d33cff2157c6b9fdaa196caef

SHA1
3644ba4d74e68d2c0258fa5156bcc1bb184f8acb

SHA256
4de490549ecbae35cabb88d0b307783f050d2b2ffc40c3cb783cd2fe2c80d0de

SHA512
c574adc869473af2467c6299ae5d30fec489110f7844b5e2861e6c2cb440ad34b538efd207d8c159a881f7b2220fdb76662619dd9ddb703c51a5ffaafd396d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
10dcdf401ef611fd8d226e6d81302b93

SHA1
314057e9595aa8b31d661eb18d2b390216f10a17

SHA256
db5570925a70b93103342b8f7112e4e01b802ab038fadcc9deb551552d51dd8d

SHA512
05982bc33612757834e316911379a36c2e6c6fa92c8610f838100b1f90bff0add593c899ca097a85dcf4e885f15e157679d9abc085f00888c1e09cd2055d8bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
56c217595b339a2ee727b5f5bfcc8797

SHA1
7d2a10979285a0485b872d7fd9341306a0d7b338

SHA256
9b4129a3cd0480a5806c1dae02d91aef841ba17df074c9173ce7ff0b614389c2

SHA512
52c3047c1294c544adc3e147f4f94846a37cd10d27b7f82aedf14a9fcce54ac8f92cd9e4cd6f2f97bfae341d41b2ec4c4191b4c7a910ce4e0f4bb73652796f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
48ae08bb34a99333d3e089e774bd9489

SHA1
525169419e5fb0f7a497c8ae20c2bcc8b849c0be

SHA256
24e1332a65626ef8fe7e94532ef25c28b3f94c4112519640cfb7ad1470d9889c

SHA512
15d743e052bf8ea856f70cefb6293741d5efb76a3a151487ba2ca4f3b8a9f932005eea931bf6806bd545a9ba4a50322aba76d3cd8d5f51d6881f5451bf57adaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
dcb63ecdc64d3ccc00672a573d001be4

SHA1
4efdf2c7805d354f4b7c95cd4ba937aef06e99d2

SHA256
1a4a3dc845da47eac3cc0b8072a49e27d37d19545554915a254f76e594c92f64

SHA512
796920d23357a7e4d83b74afd367d43060a5274fcd112b4ef979c2282c59cb1503598fc25d4b6c9249ff0ef0c294ae5c9a7ee11774e8b80a6f4e67ca3aa2c12e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
55e60e738ca582fe1d912c6b2f7c263e

SHA1
12a9981db3a9c9fc81cd337317e3f166bc735f4d

SHA256
0d72d409d05cb31aabf3cb63c81be0df99150e2bfa632c2264a173871c45bd23

SHA512
44516fc5cd1ba78ef44c868fdb99a1d8ff70fb70c1739bd0d454afec00bc076b07ecd8fafc137c18578b6cedb8c7199d5f9ed921ca87dcee6e95310f1309832c

Download Submit
\??\pipe\LOCAL\crashpad_1012_DRZPKDNMGYRITBUN
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit