55d7deee93b0e6c0a3910b89bfbedf86c1b25643f8dc1feb64ec1efc0877335f

Analysis

max time kernel
20s
max time network
26s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2024 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Widget Launcher Installer.exe
Size

559KB
MD5

fca4ccdb0f7bbb6e3eb625a37e510144
SHA1

f05dc05520e3e529d88e20a181d7e9baacb8642c
SHA256

55d7deee93b0e6c0a3910b89bfbedf86c1b25643f8dc1feb64ec1efc0877335f
SHA512

932e88e39498e9bfa422ed2c1637978fa3f64d4e059e1ca97ce9024e9dcbcd5e073b3746e25c432f416a7d8abdf22f4e4ccfbf507b8fff4cf3b33bd0a690e314
SSDEEP

6144:t/SqpkbQHOSdzjO2+SV4qdeNAmOrrKvcjOJ9THlpBLqqHPh8hEl:ta6kbQHxVoNMDaHlpYEl

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000\Control Panel\International\Geo\Nation	Widget Launcher Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
4592	msedge.exe
4592	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4992	Widget Launcher Installer.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe
4436	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 4436	4992	Widget Launcher Installer.exe	84
PID 4992 wrote to memory of 4436	4992	Widget Launcher Installer.exe	84
PID 4436 wrote to memory of 5020	4436	msedge.exe	85
PID 4436 wrote to memory of 5020	4436	msedge.exe	85
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4732	4436	msedge.exe	87
PID 4436 wrote to memory of 4592	4436	msedge.exe	86
PID 4436 wrote to memory of 4592	4436	msedge.exe	86
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88
PID 4436 wrote to memory of 3376	4436	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\Widget Launcher Installer.exe
"C:\Users\Admin\AppData\Local\Temp\Widget Launcher Installer.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apps.microsoft.com/store/detail/9WZDNCRDQFBT?ocid=psi_t_be_f&referrer=psi
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa804246f8,0x7ffa80424708,0x7ffa80424718
    3⤵
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,7177147852910930658,896867635464350433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,7177147852910930658,896867635464350433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
    3⤵
    PID:4732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,7177147852910930658,896867635464350433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
    3⤵
    PID:3376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7177147852910930658,896867635464350433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:2204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,7177147852910930658,896867635464350433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:3940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eb20b5930f48aa090358398afb25b683

SHA1
4892c8b72aa16c5b3f1b72811bf32b89f2d13392

SHA256
2695ab23c2b43aa257f44b6943b6a56b395ea77dc24e5a9bd16acc2578168a35

SHA512
d0c6012a0059bc1bb49b2f293e6c07019153e0faf833961f646a85b992b47896092f33fdccc893334c79f452218d1542e339ded3f1b69bd8e343d232e6c3d9e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
ac18feb4a85fdc803010f431131a493e

SHA1
c906a432872721c4810a0755f74ccfb087cf8f2d

SHA256
9c3341a0723fab7047a98aeaa4b9b0d9a950f18230f78592d440bff548afbff2

SHA512
0093af02ee0b1641cc4184b307df94d7ba1a6d0d7d70380e7218443f698c74c1b5100d108212c538d3494ab4b5e8adb649329ac00416b083562fc80676a04883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
651B

MD5
be61f0cdaf66edd64d117a1f85987d03

SHA1
63b75fb1cccdb14face4a6cf08eed91f9a3d816c

SHA256
836701d78418545b214b50761b5266307a04c7566e4ecdf46e92e4217e3cd8aa

SHA512
b9b2b28c6b336dd07a38335778522dc73e9a3ffaa6bc64a0ffea98c5f7c515c4f28085cdc0808ea877dc94afeb4b5678b2d609214380cc579da9e61330fba79e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dec8727aaccd473870e7956a2619cb86

SHA1
17e9d450028150d18cbb3d639bf8284ada1cfebd

SHA256
5001becc5e733969b3b195f93be8aa9fdb107dda4c70844403dccafa58fbec7b

SHA512
726a82c90a29812cd2541b3e1b368a218215d9522f0bfddac55766cabe3338af6142f0e67da7162f8ea75942b7ea0b18d6bf4b700c68e7ea647d6b2f3dce754d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4ccd38875114bf3aa107783ef412aa78

SHA1
22aaabbafc2bfbb50bfb1f7b71e4a00cb0d9b20e

SHA256
1bbf7cfbf9c24529b89ec6343f22284300eaa56b1e2f886ef75d327c3a354c29

SHA512
066b968fcd656ca59df6460ea04b373381646f51b103cdb335a58dd12c53a6c0a3d1174a76da03308970cc1f678bae8b902b4430e866ff16a543e42405b57259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c5c698cca1a90202ac910ef6667a9d99

SHA1
49550076e0e210e345aa89ed9a8522d7c6352fde

SHA256
921db7bc9f20c5ea1f38224ff96043be6e88b341f8d7226f147a98232e81e36b

SHA512
c5bf235f4063aaa03ccd1ae3277903c71c31860bab13e7ab201e6860b3f419bd18140e9ed47a4317004d27ea2a7078c4fa56f2ee6d5de77b04ccd47c46181d6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\0b805c86-4234-4730-8c7c-17f989f991dc\index-dir\the-real-index

Filesize
1KB

MD5
0db5bab2a3652cf1844f8a1d5bcd8d47

SHA1
eb682b1d67ba6736efbd823f5e7e561d96f63143

SHA256
d8cd870d0fb3a0e15ae5814a4f7f1bb734ebad6f8772ea59e26dac4ffd199629

SHA512
fe99c6e0c125278fb3dee0b8cc3265096f94ffbdb8e743dde8bc69eca02790ba44bfeb4d4b5d75091963c3e6c58766b14e83392de42a4ff7df8c4cbc529ef885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\0b805c86-4234-4730-8c7c-17f989f991dc\index-dir\the-real-index~RFe57a930.TMP

Filesize
48B

MD5
4283ad38aad1a7dea05fdabcd8cc0645

SHA1
6e470367db95f4c2c2c92980faf0cde854b096b5

SHA256
1fbbf69e5ef23514a75abe429badefd75fb7a68caa6b159b169e6dc38326ae9a

SHA512
fc2aa623936ccc9e924f89600f5f4a584c1c8145ba697e76a10a72e92c360053ff30b16372f223ee8d23a22fd12830380c124fd828060dbb81173305cceaa4da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\e23414ae-c19b-4933-a982-767113968a54\index-dir\the-real-index

Filesize
72B

MD5
4f435c011b93ccb0d0a67908cd88a9c4

SHA1
a834814fe9085dde3441918e6110360ae41223b3

SHA256
144c4bc2f0c1774835cf2127357072b27fba96d027e8d855e4669b8de2c11dcb

SHA512
a5902d4446aa7778e614bd2d5d96c22ef78ee6847ac3b227ab27950ea14410b6653cf4949e37c56376c1eb4f48b0a9c4dee9d88013b3daf32d92576c8814a0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\e23414ae-c19b-4933-a982-767113968a54\index-dir\the-real-index~RFe57a940.TMP

Filesize
48B

MD5
337cb2561d40e2905de479618df1256f

SHA1
9ffd98a903b438d658b9507ec9d15d7d54cee89c

SHA256
b508c1663c8b58b94e261482ee0a09cfb8d9522cc1b2b7d4bd5747c0f5873c41

SHA512
cc635e2e201103dd3ed27669222f639d8c6049fea110381798e9222365e9d7e12f07288523f2384b60a30a5f3ce1f8c7acbbeb071e08e520e6752a057d5dab73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
109B

MD5
11ac478fa847a807a1301edd0657a7ca

SHA1
e68ac4afc5b1e175912d090435b8ba0f0709f8d6

SHA256
10ec66f31357b1e545a926ea2293e1f67259f244641f4031cd3040160e947ec9

SHA512
d3300ee86994dd1a6a0dd23692be002fa092589b634d41ca054201a531ba8447c134c67bb0564b8d3f26e07c5b93570b89ea89e8fe09b64a4c372710e5fb741f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
204B

MD5
812bb1cb6baac5a793bea5c8c1114b5a

SHA1
0f3a844647d39203336137a00073409cdfc965bc

SHA256
c8f52b90b0c4ab8fe35cf6e2f8d5e025337115861dc23471fd7b60419560f48d

SHA512
f8aa803b59fd6ead2c69a8ed70f0de7de7aa5a296ddbc3f5001cca62dff74c366df05f358e8efe16aa3a37c53da6bf208bf980a82835ab6760de165ddd829c39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a0a74304db73132d4bc12ef9404aa74f9fdeda56\index.txt

Filesize
201B

MD5
883ae8f6103e96068f7a5e9e63a30a87

SHA1
a2e26400fd22b268277be95f2127ee45f8c406f6

SHA256
ad18f3eb9943ac0f752273a0a7aecd5f7de543196cd25f56b54727609c95bfb0

SHA512
af10a5a78e3847893c70ed2f71aadaf9665f578ee713461a0a33cae6bc19096344832a8148d4ebd4c552da27e4788a29dd7d8ae457b17415a0112f7dc5dfe595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6907879b8a6a460bfc8e325437627249

SHA1
e6b3e92eb0d8cd988979c0915305c6274bf86495

SHA256
6c5e01f9a47671cb0a14ce320b8da8a1559628e6c4e8644590f4a32dd96d311f

SHA512
df3cc78ff893ea8704ed9972ee177a49ad21b9dbaf9e120bfc217fe1d5e6085ad327274439cd631f0c83d9c60741820f34e5ffd0b53490cb7f156b54652190fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a930.TMP

Filesize
48B

MD5
93f2dd123177071d8fdf41a0dce309c6

SHA1
753e7882f6c1a642f36e37d1183a8e0282891ddf

SHA256
3063f68d5ce3e61f71529f06465e0942cff216a6fc20727b7c8a909427dc411c

SHA512
46e9a18ac36525e3502de5dedfbcc2ef4643f596bd82c92f7e02d1e019a479926ca47e89248b0a95326d2ca40f81919311c1731cb64006104a2689e866a062a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
838127efd9092b6e490b69797b618461

SHA1
361a3e3a79b27ffe353f0101cfc13aa672109fca

SHA256
e3a3fef9a648e07e296362bca9d3a49798e328a215ff0e95abb1ef6d02f8e877

SHA512
7a7e275823066f956e1031b881cbfd3aec35733c57dcd9d1aaf55ebb0fc6e17f2340016f4bce845ba9117e0bce498a885fea60b976e2dcd765499b15d5803c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tmp7242.tmp

Filesize
1KB

MD5
a10f31fa140f2608ff150125f3687920

SHA1
ec411cc7005aaa8e3775cf105fcd4e1239f8ed4b

SHA256
28c871238311d40287c51dc09aee6510cac5306329981777071600b1112286c6

SHA512
cf915fb34cd5ecfbd6b25171d6e0d3d09af2597edf29f9f24fa474685d4c5ec9bc742ade9f29abac457dd645ee955b1914a635c90af77c519d2ada895e7ecf12

Download Submit
memory/4992-0-0x0000018B74BD0000-0x0000018B74C5A000-memory.dmp

Filesize
552KB

Download
memory/4992-25-0x0000018B7B770000-0x0000018B7B77E000-memory.dmp

Filesize
56KB

Download
memory/4992-22-0x0000018B75060000-0x0000018B75070000-memory.dmp

Filesize
64KB

Download
memory/4992-21-0x0000018B78BC0000-0x0000018B78BFC000-memory.dmp

Filesize
240KB

Download
memory/4992-20-0x0000018B77200000-0x0000018B77212000-memory.dmp

Filesize
72KB

Download
memory/4992-27-0x0000018B7CA90000-0x0000018B7CAB6000-memory.dmp

Filesize
152KB

Download
memory/4992-24-0x0000018B7B8C0000-0x0000018B7B8F8000-memory.dmp

Filesize
224KB

Download
memory/4992-23-0x0000018B78B90000-0x0000018B78B98000-memory.dmp

Filesize
32KB

Download
memory/4992-5-0x0000018B79280000-0x0000018B7933A000-memory.dmp

Filesize
744KB

Download
memory/4992-4-0x0000018B75060000-0x0000018B75070000-memory.dmp

Filesize
64KB

Download
memory/4992-3-0x0000018B75140000-0x0000018B7514A000-memory.dmp

Filesize
40KB

Download
memory/4992-26-0x0000018B7C8B0000-0x0000018B7CA36000-memory.dmp

Filesize
1.5MB

Download
memory/4992-2-0x0000018B75060000-0x0000018B75070000-memory.dmp

Filesize
64KB

Download
memory/4992-31-0x00007FFA894C0000-0x00007FFA89F81000-memory.dmp

Filesize
10.8MB

Download
memory/4992-1-0x00007FFA894C0000-0x00007FFA89F81000-memory.dmp

Filesize
10.8MB

Download