hxxps://wise-approve[.]com/4ewtweiufFJDFewekfhwj124FJWhjURWOd

Analysis

max time kernel
128s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19-02-2024 10:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wise-approve.com/4ewtweiufFJDFewekfhwj124FJWhjURWOd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1616	msedge.exe
1616	msedge.exe
2940	msedge.exe
2940	msedge.exe
3656	identity_helper.exe
3656	identity_helper.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

2940 msedge.exe
2940 msedge.exe
2940 msedge.exe
2940 msedge.exe
2940 msedge.exe
2940 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2940 wrote to memory of 4964	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4964	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1148	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1616	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 1616	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe
PID 2940 wrote to memory of 4676	2940	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wise-approve.com/4ewtweiufFJDFewekfhwj124FJWhjURWOd
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1d2146f8,0x7ffb1d214708,0x7ffb1d214718
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2456 /prefetch:8
2⤵
PID:4676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
2⤵
PID:1148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
2⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
2⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
2⤵
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
2⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5900 /prefetch:8
2⤵
PID:1532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,17166866225662821674,16627258825901809636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6128 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4132

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
59eb1d36e55d312c4aa65ddac91c5da5

SHA1
196097bffae4185d33e7684bebf1c325abd70327

SHA256
f6e710b25669b58b8d5eda0d49352d9ee482eac7cbaf999a1bf2c8e9b4af58d0

SHA512
a5a1bbeb4707c0fac1201385c8e6d9ac6bf5dcac3218387e77816eec4894f552706657609894d5942e1f0f3799d0fc9b3a75cc12561d5106c1af34e4b54e2988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
845B

MD5
1309ad5c0d6f8874ca861021ae72fcf0

SHA1
7e44cb04787add5de8292967acdcb9be307c17be

SHA256
f6de9f8b3abaf6377b9775b8c58010ec4083c885c1548931eb0dcffe8a3115a5

SHA512
a6ce73335973a0db6456abbf9b9705d4e58765e3c064b57da5e0a758bbc2746b25bbab30ab09aba689bb04ff814c3b39871147d07562ddfc6b0aa6551cc215f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
2179d550551d46a02ac8087c20abe556

SHA1
d4525602f128c2f4358e1808b4b3d28f3b6e2afb

SHA256
41b94bb7c6643d7af9d295b816875302590663a068590b2e216c76d224a0ff9e

SHA512
33539b6c103717b41741772f8dfff59aac233ca0caa8226b5eb4f820f0c3c1dde56aa4a2ef4d3b40650f742391ec6a6087d065fd2cd7ab92211418996baf45b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
dbee20b73ecf9f3a2df722e17477d011

SHA1
fc9a3412b0e8065424f1efe84053e6070338f193

SHA256
1532873dc99b80b8cd76514a1759c600e9a6ef1d5850078d168ddd00b029a899

SHA512
a19480cdaf00147914aa3cf37bcd21fe24f6a2f8b53ed4cbadf0062f2a9ddfbcba1c8a08b3e97500669e87d5b11daa4f8b5823df2f09f519ce769b23eb87b5e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f75ad12b12c7af0e1e263f5b57951e8b

SHA1
45f4bf1c7522d03bc2b74252f17780078d2a1ed2

SHA256
866d38b7c0c1d05505d884298ce00219a936ffee23ed1b42b86847b432b731b5

SHA512
94d7bb37d687a9418df5ea985f8400c5dda6769fb5aba270ce04b06e7856e01240def665bee573de5f1307f92420df9adc71f03a920a925e3bc28e6912aa1a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
ee7bd6f1efe02b1e9a5b472073b3834f

SHA1
250d2fef19096eb0f69186688b984194096bc4f0

SHA256
9f8bcb337f4d77757430db2249b74a67029b9ca226accc798730cbd917b16ea3

SHA512
a5cfdb032b95084c6cdc2bbf5dec102c5a85cea36f6ffe11f7eefdfe04638a4b2213909f8b184c6bf2a52eb4c1692eb14831b5158dddd3b7d82372eea0ca32dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
cfd341ce8a48bdba7d63c9653d0c9eeb

SHA1
cb396755a4aed6edfa045c7aa5a2cfce41cc3b19

SHA256
a2ee97ff97ae09365b284fd9ad9cb4405624d034a54a5564d36bcaad5a2cfc53

SHA512
0b17bf5d7a58149c27e1650e93bd9b28b3a7f1256e1377650ddd35a510253297ee06f6540961ae4dd43ef844ff0aab8f4e9c6ea4aad5864dd6f2c74f3adaaf2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e078.TMP
Filesize
371B

MD5
ba3796af90f432266ac55917d5ccacd9

SHA1
ad200d29bbe8cbc003705d71f8a4772afe172735

SHA256
5a328558783fce72a57bdba5ac508df2d38f89942019256ab60b35c831b2f659

SHA512
36c419c20288a6466641ee96100cd89d6ab64855cf1b1e9069a8dda653ff98d1e053bef279f9220b76cb4f3daff28f0c34c47559495b631d15107e1808953dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
8cdc2533c2aa48ac4a510e84c08e28f0

SHA1
6722f682e4952aece5082d5b428d754e792734a8

SHA256
e3b1b338bf7281879bee9a3a388d16b9f6c4b79dc2ddb73fb237f49aa1a3f456

SHA512
92af58d85a133d6298ddfedf0f2ad64c4554cee08941792c46d799cbfc149980a91e922273dd5ed4e62c72a8fb772addc67efb76310909ac46fd590a2e2d4240

Download Submit
\??\pipe\LOCAL\crashpad_2940_ROZXWZHFKNZIOFCD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit