69e4e93dff6f8917d615f5bd43ddd169dac02ce6a66c35fc668fca97b1e29a1f

Analysis

max time kernel
152s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19-01-2024 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66df698cb05de01a352563c9cdde2560.dll
Size

406KB
MD5

66df698cb05de01a352563c9cdde2560
SHA1

0604ca00b007745550eb180667fa4a4ca1a1fc67
SHA256

69e4e93dff6f8917d615f5bd43ddd169dac02ce6a66c35fc668fca97b1e29a1f
SHA512

fe640d7be1aee9d9261950bc234e9d130119cc0d1401efd46ecc9cd0b71d9cba0c0ea94611b90b57cdcb968d7fbf54f577fe7c06704741538e1b1a709de35964
SSDEEP

6144:x94UYYo/pATA7VboU5Ek8/yG6wKc9FFPAEVgQeeaQeetQeesQeeqxQeehQeeXv5K:/4UYYo/pATA7ZPSk2yG6wGEPiNP

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe
4412	msedge.exe
4412	msedge.exe
4956	identity_helper.exe
4956	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3112 wrote to memory of 4076	3112	rundll32.exe	86
PID 3112 wrote to memory of 4076	3112	rundll32.exe	86
PID 3112 wrote to memory of 4076	3112	rundll32.exe	86
PID 4076 wrote to memory of 3768	4076	rundll32.exe	95
PID 4076 wrote to memory of 3768	4076	rundll32.exe	95
PID 4076 wrote to memory of 3768	4076	rundll32.exe	95
PID 3768 wrote to memory of 4412	3768	cmd.exe	97
PID 3768 wrote to memory of 4412	3768	cmd.exe	97
PID 4412 wrote to memory of 3228	4412	msedge.exe	100
PID 4412 wrote to memory of 3228	4412	msedge.exe	100
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 2160	4412	msedge.exe	102
PID 4412 wrote to memory of 3704	4412	msedge.exe	101
PID 4412 wrote to memory of 3704	4412	msedge.exe	101
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103
PID 4412 wrote to memory of 5040	4412	msedge.exe	103

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66df698cb05de01a352563c9cdde2560.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\66df698cb05de01a352563c9cdde2560.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4076
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c start http://www.facebook.com/little.deblonkz
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:3768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.facebook.com/little.deblonkz
      4⤵
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:4412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9771746f8,0x7ff977174708,0x7ff977174718
        5⤵
        
        PID:3228
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
        5⤵
        
        PID:2160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
        5⤵
        
        PID:5040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
        5⤵
        
        PID:4136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
        5⤵
        
        PID:4464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
        5⤵
        
        PID:4172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 /prefetch:8
        5⤵
        
        PID:1240
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2920 /prefetch:8
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
        5⤵
        
        PID:2572
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
        5⤵
        
        PID:4508
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
        5⤵
        
        PID:3492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1666927339338284727,14526406204874361014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
        5⤵
        
        PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
02c1c5837080ee4707b7af17d87f7506

SHA1
57eee107de281dfdcee0e17b20077a1f84d47d83

SHA256
d2c1c39860115826429affc5cc980bc6e37b4912716b1d3067896b21c5996643

SHA512
90d51b347a974cc9ccb1db7aa11fb8bcb422ec5cf5ea06a8770d3ef223713afdd5b32a1fbe95249fd65e2de79da5c8beb3c86905455881dd072c73a5b42c3cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
398B

MD5
ef38235b738c75be474e407925422843

SHA1
08e5132051e95367daf1af589e9426fd219dd95d

SHA256
ba991d1ad86d0420bf56a926fb1f1548a0f55cff6464b5ac282a5d35e2b7c6d5

SHA512
50426707ce90a4bb0a823df7726cdf821fd577490fb911f399560e3739de77e6d993dd2ca5ac31a4a996a7eda281638458fae1112cdced28f18d9fd4b11cb106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8177715c719bc0354547b3375cc65ed7

SHA1
26f96ff92870e397ae5c438c82fa7967112e6319

SHA256
099e84da56261abe8f6919d3dcc0855427c677d8503ee669352e9ef9ab2c1b32

SHA512
2ae28f756bdc8133bbb45cfeb7d04ea1a1a8edbdbe2c4e9737e5bd3ef2df6b7fad13ae8830daa07c6e3e5925ce80f0f437d66410500e00f996e8cc251a19a207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8f4123b2bf55e77c0c322ec0d81abcbd

SHA1
b1bab6a3a656663d7977e1b3c099b8496a6a8054

SHA256
8a6a03cdd6a4b24594d52860cd015c36f0ade08a9ac5eaa2f7501874c26694d7

SHA512
8d01eadfcfc4a873d8797f16ac941be9220045d819b171df2e90da2227f346185e11c5f78319e54b0826b30b69a8670abe1243590659828dc22b6faaf6a84f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b453c264397626d715f4839384436e93

SHA1
3296d9b86c3990b722e99e9e383b4ff015d89ac0

SHA256
55d8ee5e6b1111797eeb4a03ac669849c2437cd029888dd2f831a5d59d0a31d3

SHA512
806f520d1b7ca46c0b9ba9eb7e7d57fe6748a40f74a37611174de4940a06067e42501894eb686c63ddee01d38117329e0e82c5cdd136e617a7ab3939f678a895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
959c4c503221627e011027ae5406fee8

SHA1
9b54ac20edf1d8c71da78c783ea55d17328ad667

SHA256
3354f53280b42dfe11dc311cd62fc26fa7b815c14770ff2207959733260dd9ee

SHA512
688ba4f8bf865a1b19a524550c008a5ae13937c08aeb3cc89a7caa9ccd49ccdd080eae7ea4e0f78401df1c3066884f72db46b0b3291240325cfa0a3f1d904975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
0a0cd4b683747d7120d00c6d1b83c3bb

SHA1
d0a0228fbca91502b65ce62d8d972faabd2e9249

SHA256
3a3e812f0bbcd71292e0189e2f9f8418525014430939d21b14e7a610e22e4d87

SHA512
b1d0d603626721362c257b81e9668eb2f574158fb21abdabdb2eec5dafc7ca0f421641949f688d7266328233a88bb6e6e8cb810957a42637181831f2a7203c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b949.TMP

Filesize
705B

MD5
6850d19b5fc17fa31e2bedd6f5883316

SHA1
e9d1238e220bc659c7e1904abed5d7cc4282df79

SHA256
4062f02ca646c26c148d2911384d5039ef9c1d74cadce30145d8e783468fb6af

SHA512
38c4b37ee6c427cf9dcf9b6695e1237a2617bed3d9d74bbc445f40a37f3b780242849e5d251d1b1ea94a85c26b221830bec66ec390029636c192e6a71443b644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6efeaf8c426bbeba3c2d9f04360c70d1

SHA1
7f1deef430aeee41f59801ac116b27d9b1e6697d

SHA256
e22d852fa8643ef5accda31ce1f3939b564b940696cde993f279be308d1dbb3b

SHA512
6fcd951690e22bdbf40c41f54c9b7ab83413220bff9658a13f9fefa475d3a2d4a3781d57a66cafeed876a3e61910cfb0b8f54fdb0ecca65159d37fd5ee35412c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a0dc9d36977aac63730ce72adfe48f9d

SHA1
8f7b89c068e6415d0aaa6afe35d3f15d176f1643

SHA256
855125636d7f234a7c2fa67037adc7661ee54860e1b4aa88cc847c2ea4b13844

SHA512
cd7ce34a737f54187a772de28cad6f7e8bc62f66012a60c09ddc8da1df7bf38cb0a5ccab57ea96dd5e3a7423902861dedc1be9dead265c455443ded97066764c

Download Submit
memory/4076-1-0x0000000006970000-0x0000000006971000-memory.dmp

Filesize
4KB

Download