58fb993ff17bb718f773fdd43510d77e833c696da2d19cfd2373ce8c0e5e4fcd

Analysis

max time kernel
135s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2023, 08:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Soft.exe
Size

230.2MB
MD5

3bbde71346cb6e910ca30525dc1e1f60
SHA1

1151603635ad94e7651277d92c9f721de05f875b
SHA256

58fb993ff17bb718f773fdd43510d77e833c696da2d19cfd2373ce8c0e5e4fcd
SHA512

f80e907972099e88c3a1892058bb6fdcfe4ff4e907f48534ad10bd4452ffa399984ba6971221c91075604d450984c5eb57b296f44083481b50cf6d4e8eaa1910
SSDEEP

3072:jJdxYVsvlrk2ycpm1fC/zFJrkWilZ2fkWc6/T+jfOWe2brfnRRQfEfxX6deP:ssvlrxqkpMZwkWc7jf33uEfxqeP

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{2C6830F4-01FA-4D16-9DCB-E82310E015FC}.catalogItem	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
1736	msedge.exe
1736	msedge.exe
4136	identity_helper.exe
4136	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2720	Soft.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe
3348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 3348	2720	Soft.exe	92
PID 2720 wrote to memory of 3348	2720	Soft.exe	92
PID 3348 wrote to memory of 4852	3348	msedge.exe	93
PID 3348 wrote to memory of 4852	3348	msedge.exe	93
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 2104	3348	msedge.exe	95
PID 3348 wrote to memory of 1736	3348	msedge.exe	94
PID 3348 wrote to memory of 1736	3348	msedge.exe	94
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96
PID 3348 wrote to memory of 3588	3348	msedge.exe	96

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:3836

C:\Users\Admin\AppData\Local\Temp\Soft.exe
"C:\Users\Admin\AppData\Local\Temp\Soft.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=Soft.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed73646f8,0x7ffed7364708,0x7ffed7364718
    3⤵
    PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
    3⤵
    PID:3588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
    3⤵
    PID:888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
    3⤵
    PID:1528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:3200
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
    3⤵
    PID:1976
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
    3⤵
    PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
    3⤵
    PID:4696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
    3⤵
    PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,464494296488747097,3430715718219204035,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
    3⤵
    PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3590c7788f1f36717cbd298007259a6f

SHA1
9e9a602016435a1d642e18a54d8d6589f938a5bb

SHA256
09a08de2fcd19e304c3b8f6e04f5e4da257a3f18759827be4e9c6af862412174

SHA512
07df3ee7e2d4a313c996c6b8451450556a75e5ac8e4d10595f255164fdd25d6bc596ad579d90f6496c78a15a3c6fc349d748dd7c5f4b2b51d330c52577e2988a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
4780c79851344548af78229dfc3aea90

SHA1
984ca9ca45ce436b2b449960cb0d072c1e13718d

SHA256
fcf24dda61ebd3cbf5da944110fbe010d546500c81f50936382460d178d2b9f1

SHA512
f4191b16c2c5a0c9178257c432418ff6b7b8225468a11a053e380fc704f190da52065475c659fd70de9f86eccaaf2347d1745103529493b3f8a682c520523394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
59b2804b8c507c91a5fbd9a53237e044

SHA1
c79d85e59b348be0a80553bc1f8e693afa8e237d

SHA256
b34e7a7ecfba2a5aac7e04fe4f61cf6e2fa2285792ba2f5d979846163dce2993

SHA512
154c5f56bef902da046c3ac0acb0d40a07e066b824eb45bd61878a344cc6e208ff3e76ae6bf27ac9bbd0120f26b927eb6c42baf6bad3230d0115009823409f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
178e62589a8da7c9d33e4047ca80b7e8

SHA1
82f63d0b057acb1694986f8782f540149a925da1

SHA256
657d322cf5918b136aa91c44704636d7b45600f5989b395e29a0d2ed7ddb0e8a

SHA512
076b3776c07eb8a08a5b0a5a15834e849a25034a93643d31cbadc9704cbf1bd52509bfc0d0495bc0af6392081b45ece1730a01a4fa525589f8da2857854c7319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d647efb8e44db6e9c777c2931a4cf46b

SHA1
0b29fee262d87010fac677cdd2b6cfe0f516f3ba

SHA256
7adc069f9061784b9d81b1b00c147f748a0bd4c2714a6072b0b788064a83a42e

SHA512
21fd26dec40bc6a89109afae2be1f0b1dabd711fe980896af55c067c7ee4083dc653bf798f6c3bfc44991774f753960d510d4aff085b9a2800137c3a8d6ed71b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75272537430c6e3ac089d7ee509c329a

SHA1
066ef54db7d5545ca65b182353ab4f475029d6cf

SHA256
117f408655a4a0892ec416c2f79f4088455e0b40ea14d47b1f8c6539aa533f4b

SHA512
cabc4c50f3bffc9724d31c7f56dd18ad80398bd801bf7175bbeb4315f0f80b1766afe54bc4e903feb9e07f6eb02751b7f0dfc2eda06f66196299754229ea7da2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
a128973ca2ca245299ef7e60156b4ef8

SHA1
d39a437204591bbff98d673e6d1c4f869683ebcc

SHA256
5c6e1f3c7213460c24dc670521adbe32ec76df5e3facc0a7b92a3fa9e340b302

SHA512
bbbdbe2fae61c2a27b4aadfbda2efae2675156dcea6edb8b45fbe83f397f8a1f50d694d8bcd1f53939a277722baf102f3f80caffadfcf0ca80d7408d77d8c490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
8a24acf03f8a24f878d342e9f022650b

SHA1
811b0ee27fa05e8dc7f1364f95c7280f7e0d0b8b

SHA256
32b829e2d3846e5d6be094c1019f54d6e796c36b72c251ef7aa17b873daaa9ea

SHA512
541602db4816ac17fa14bc2a221623ca5e4cbdb88c04d151ec9a3c5cffd0b06fb9c5be29bcc35cb14027d54e792c352e6e98fb3d60f2ffe231b7374ea19c9215

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
f8dd2ce11f3d49a5af0b4fc6d50af77e

SHA1
d6b8dcd6dae70911bcfc2a15edd0ab39043b1db4

SHA256
14d9e421ffc2edfb5e980da5bc4d90347c9ae61973d87f0e1fdea53fdeb20fe9

SHA512
0840c814fb97f49e865ffdac897938b07057e9f469433c0cee5ea03e1606b9aaf3786b61b3a789f3479fb9fa24624f924d09d3adbb0df1af56078c544764d0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e8c0.TMP

Filesize
371B

MD5
4f678b0606a4a0fa3368d79438414c90

SHA1
7e65688adff5569045c38dce767e7d57b5ddde8a

SHA256
3a19141998a8e39a34a2b6539aad8b397b94510a532c61d3202ac7c4dd38dae8

SHA512
a41f9476d304e7d20f242358ef4124c46a4fee8e8063717952a3a87327904c9302d2d964e9e0bd4424d26e739dda1c319315de0620d6a36f0f8542035040d2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
692af027c4c9e504f3e7175113cda13f

SHA1
e5634c1dfd5a85e8d6d80df4e82feab19bd17386

SHA256
c01c16f7c983d6c3d76bc69daa588b4dbce2ee83bc041d3cb152305be9acb875

SHA512
482f822799f132be1baec70fbe672ecd80c6b3b5f138d31084cf297fcccdb708d9c8aa37d2bd5b84125a424215fc9c21559adaeb299b7732d6a4b9f7599c1502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9e445ca36503230e760c0db14cef8d5f

SHA1
8fe9fbfb6bd770144acad7b5d7dcbb5f05e00d3b

SHA256
cee7a5073f78d013493079e01e62c5a80da1dff3fa00b64691c23cdaecb3bc1b

SHA512
6bd784442f073e8de25c540456d628e50a808904551b74223d218eee19ccee09f19578c65173da4d50c146bd20282bc4a9a877ef4888bb731e65d04f713a4d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd403c1308cdfecbe6791e28e0d996d1

SHA1
d5a0d1db41c5a1d5702f53f81a8bd84f0da468f5

SHA256
0e79de4c342fb1dc0a70b5523d89118f4cc9fe753894bcbb76cebc78fdad418d

SHA512
950f557abb6b0dc15b93ccfa1717ae2a095694a170969d58a7b17d440d1531606a132dbde59df4b554c836a75485bedf7fabba3d990b2c6b49db4e515ab87bd0

Download Submit
memory/2720-7-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/2720-8-0x0000000002030000-0x000000000204E000-memory.dmp

Filesize
120KB

Download