26f5b4590ff9ca791118130b05363b3ad7a438c60cbc032fc812098943640976

Analysis

max time kernel
70s
max time network
71s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sapphire.LITE.exe
Size

1.2MB
MD5

1bbca3b8649901b50e00f8c0eca6482c
SHA1

398b31f87642bb25fd10be8f8936d0d8664e40a9
SHA256

26f5b4590ff9ca791118130b05363b3ad7a438c60cbc032fc812098943640976
SHA512

53ff755b549eff97802dcb91c193217db635c109b0be445d98f0e3deee1ff0a543b04f9e6690a45f0103a3523e033c2af9568454ea071b25940493530435c970
SSDEEP

24576:ichxoH6hdFETH5UCwIjcED7G2C/Q7xD0XVhEtmrC7l7bp8dXGI6T:ZoahdFETZhjcED7G2PxD0lLC7R18tg

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
35	discord.com
24	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-566096764-1992588923-1249862864-1000\{C9845CF2-BE8E-4A22-9EF6-992C13FF50DC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
604	msedge.exe
604	msedge.exe
4476	msedge.exe
4476	msedge.exe
980	msedge.exe
980	msedge.exe
5268	identity_helper.exe
5268	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1124	Sapphire.LITE.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 4476	1124	Sapphire.LITE.exe	92
PID 1124 wrote to memory of 4476	1124	Sapphire.LITE.exe	92
PID 4476 wrote to memory of 384	4476	msedge.exe	93
PID 4476 wrote to memory of 384	4476	msedge.exe	93
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 5028	4476	msedge.exe	94
PID 4476 wrote to memory of 604	4476	msedge.exe	95
PID 4476 wrote to memory of 604	4476	msedge.exe	95
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96
PID 4476 wrote to memory of 3056	4476	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\Sapphire.LITE.exe
"C:\Users\Admin\AppData\Local\Temp\Sapphire.LITE.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.sapphire.ac/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0xd8,0x104,0xfc,0x108,0x7ffcf23b46f8,0x7ffcf23b4708,0x7ffcf23b4718
    3⤵
    PID:384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
    3⤵
    PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
    3⤵
    PID:3056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:4844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:3948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
    3⤵
    PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5220 /prefetch:8
    3⤵
    PID:5104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4792 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:980
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
    3⤵
    PID:5252
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
    3⤵
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
    3⤵
    PID:5356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
    3⤵
    PID:5816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13579696695026399210,818173765981591601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    PID:5824

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e3fb927025dd33bcc57c2aaa8c9f698d

SHA1
34a21f155b787ffeae53e234f6faf97de9501827

SHA256
134222a6a86521ebec71045430d96691ab33b3745be1f100eea8fef6ebe84142

SHA512
68229e8ee8266b634164393b4ce0a2c138970f2f9579511402860b8661ca549c0593854a035c01f775a468d47b718464b566f6b928d657b3d9cc47a8cd02308b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0f7d0b7790188bceca78df8412b4ed3

SHA1
e79e94a82f259eb76d9875be978fc837a9cb3c3b

SHA256
2b9025a2b5f069780b61da2a0d4cfb6d1367aa103b147e86f91f5931c90ebfc5

SHA512
059fc19d96309579b3334f03980d5bbbc0abb20df839bdbf38cd86667f0d3ddc19217d1f04d1a0d2a279ad47501ba78d8f7bac8bd18f60228c46c30900e9071c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a604cd8dc8fcbd3f3d344af065532f8

SHA1
b67275a825554df3f4bcac7eee3043256bf494dd

SHA256
5c953e387c0d1a080d283df5158d1bd6cd742a2ded7894dd884f62d2d4c53b7a

SHA512
0ab7f6a7c6409691de005a8a76c662fdc1ed2159475f0f60331f1ffbf419169d512f3516ff64686c5839b70af855094d7e8486a82eed1854c59cfa9f13a00988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d6e7d75bf963ecdb10910f4c9551518

SHA1
d3679f4987b0538af732cd32b4330b7f85b00c8a

SHA256
9287014bea7618619287423124503d22f2e713a51d93c87a7efebbb622f26990

SHA512
8c5c869e87fd537b7bca69bc1f63f69d0d567e19d25866caaa459cfdcef9c3f90c73be52ade05cf204ba2b626bf73a1148968282f3b614eede1877578494925e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
452b426052b753dd59e063edbca97adf

SHA1
667571868c049ac7bb69d030697e98cb426d40f6

SHA256
3010438edbc3e60e51ce554342c3fe1a8da22e2ab2a0fca6741fe98e73d02252

SHA512
a5ef058e2c5d7a5372447a87195c80c9f9e3f8992de29970e5935871fed4d53bfbbea514ced0dd89e8e7b90fd8e3ac912e247f72b861b9cae9e28e03b5a29814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5839a9.TMP

Filesize
203B

MD5
cc1015a4949d4a57fd385d5d28754ff2

SHA1
486c138b2d9fe57817bdc07bf036021c83441ebf

SHA256
a935c5e36ce45534df142a3c49cd7e973ca8d70eec739a6f7fcfcc0bab96cd91

SHA512
246051340166aac850cfdcadf03f3a3c320d76c320da044210539d3648ad803c02fe72f98c9576496af73782a07f2498c8a61935cf145160ed907111c9ac084e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f18560e9e20e38384be9e30a5abe445c

SHA1
903b7bc0539a951f3cd54854049134dea5fa06c1

SHA256
e8b1ab8ac61679cec8cca9b8e5299583a5ea017bc8d59c9039670dd59042f0aa

SHA512
0e1e04fa50d66ebb313c5a77f0b7df677af10dab41068ded91a75a460de82350954eea3cf546d238e847d40a59ee44c0092d79a42ea2f2792fca9d2cd5a797a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5dfe1837a3f59f93a94a53b12007b539

SHA1
05ad954a509a85292e469984ed466595ec144486

SHA256
2eb7993ab89dc140a91c8959c3c51c85ef550091b7a01c6d4ed2247f955b1614

SHA512
bee2ee8c93d2ad243153a9273df026bd41e767a7c566c89c9e848bad2d2b169a67301fb9007ffb7efcbde935ca8761a75f40f3f68e3e4c678d8041bb1f81f184

Download Submit
memory/1124-6-0x000001D30CF30000-0x000001D30CF40000-memory.dmp

Filesize
64KB

Download
memory/1124-0-0x000001D30B280000-0x000001D30B3B8000-memory.dmp

Filesize
1.2MB

Download
memory/1124-244-0x00007FFCF75A0000-0x00007FFCF8061000-memory.dmp

Filesize
10.8MB

Download
memory/1124-245-0x000001D30CF30000-0x000001D30CF40000-memory.dmp

Filesize
64KB

Download
memory/1124-246-0x000001D30CF30000-0x000001D30CF40000-memory.dmp

Filesize
64KB

Download
memory/1124-256-0x000001D30CF30000-0x000001D30CF40000-memory.dmp

Filesize
64KB

Download
memory/1124-5-0x000001D30CF30000-0x000001D30CF40000-memory.dmp

Filesize
64KB

Download
memory/1124-276-0x00007FFCF75A0000-0x00007FFCF8061000-memory.dmp

Filesize
10.8MB

Download
memory/1124-4-0x000001D30CF40000-0x000001D30CF72000-memory.dmp

Filesize
200KB

Download
memory/1124-3-0x000001D30CF30000-0x000001D30CF40000-memory.dmp

Filesize
64KB

Download
memory/1124-1-0x00007FFCF75A0000-0x00007FFCF8061000-memory.dmp

Filesize
10.8MB

Download
memory/1124-2-0x000001D3259D0000-0x000001D325B52000-memory.dmp

Filesize
1.5MB

Download