9b1becaae353cfed426aac596fdaee9a343dffbdae42e3be55f245cd16be4b6a

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 11:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3DShow/index.html
Size

969B
MD5

a34bee2135aba21907569ee43dfbaadb
SHA1

49458a0ab63274c811135befecfea6db567bffb4
SHA256

96264a0320a9871956304ab3dc7d1dc80b161d65f5893b981bf7660889d7be30
SHA512

f2e2144d8b1035d613cd345c3992be45be1407e3bedcea9f3c876dd2bde1ad86365671cf344fbf8500de7d2672392e567e5d71a43b953592af8df0c30b09fa2f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2848	msedge.exe
2848	msedge.exe
4364	msedge.exe
4364	msedge.exe
1184	identity_helper.exe
1184	identity_helper.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe
1620	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4364 msedge.exe
4364 msedge.exe
4364 msedge.exe
4364 msedge.exe
4364 msedge.exe
4364 msedge.exe
4364 msedge.exe
4364 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4364 wrote to memory of 4356	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4356	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 4908	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 2848	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 2848	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe
PID 4364 wrote to memory of 744	4364	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3DShow\index.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe3c3246f8,0x7ffe3c324708,0x7ffe3c324718
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
2⤵
PID:744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
2⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
2⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
2⤵
PID:968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
2⤵
PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5177160522554117986,12354398583030257671,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3248 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:980

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
744B

MD5
d08ac98059d420cab3b589b63fd14498

SHA1
5f20d39b1b060238fbf69d7254c7828f4eeae71e

SHA256
8d677ca0cadd1629997808a1028219a6b3a274dfc7bdb511c31235fe4374131c

SHA512
2d0de324cac42f092bd58ba562a6ebe233da4dfe7895e017fd96b30256b0bae038a49fc2c65b813b96b39605770a7e2822bbe93edc9d75c1fad89674f4bc569d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
bc00539496ba33c93305f41e9ad36d58

SHA1
60c0faae1dbfca0f477c443cb60cde7a8d931ee2

SHA256
3017b8f3f893a544529e7eaa6f61c8246c937893412098cf0767f30bcacb2aa8

SHA512
db6d080ed64c735fe3e0b2dd34eeec59b98df8fca4e326f08cea5de9e3cc5ce9454554d5d110c303a895d77f03eba96b2c83cff73dc763e805d281bdfb88b5b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9470311706d25b07c1dbb46d21536422

SHA1
1b34828a8712318f769bdcdb59fa892089211cfe

SHA256
092132eff3f642aa727dc2723a076375d02452dfba1c032a806b5c56c9b8f0d1

SHA512
29bb0607344b0550cabc2476f9506e513e862e81f97c8d667766602083a87b3b52d2f1ec0052db7997e5a3838d2ea912abf7aacb572a06a2ea9464dacdefecad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
809307998ed2e65f578be16fceea00dd

SHA1
feb6cc32856c80dc70da400fbc702a1eda02cc2f

SHA256
8948e8e46c1298a26eb2d75649f2da3f0b4fe87d40918494bf259beaca2889e4

SHA512
c14c9c092bd3cf8c97e95bab15baa0a69d0a1b9b16a6811fb8416591dcecde50af0c929881ad93fe0f94dc0469cb8e944905092e522a41660e0ce6a39a028597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
a7fc44c295298feebe9fbb872c38e558

SHA1
099dd5521c7cbb1b444151300bfaf3bcba4c728b

SHA256
0a7a6530f112b955e944602cbefe0fc03fa56f90b633017325381b743ed3ec57

SHA512
ecf00248a8dec8527c786563823bc1349662c27e0361f055f8cf37d0f005583e3737c86d41417c0a3aa49036f2be265a36fcc008f0a88df0944f08f7d145a496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
9bd307caffb4a8cd6a6e085a38d6a6ca

SHA1
0fbd16496ee7aaf4f7d622cf45962f91781457aa

SHA256
9e9f5706bd65e26a7c9a017ad051fb2027a55189fa5e401a01901b0dd55b2000

SHA512
7644cb0bb8efbe434ba11a95c26a94b6fcbe29c51478f6895fcaec5467b57c3b62fcb8aa9387da25de1da0e485dd55a98c2110eb1a3198f56b6cdcc2d6c62fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57caf1.TMP
Filesize
2KB

MD5
d3f1cb6e0f6033b9b2408d42a4ce94d7

SHA1
2929d1f6abf38f73e48cba0dfab5d240827b8b70

SHA256
9bab88a8ea9eaa2467616906174454db7a7087316c4da499d4452445d6ec180b

SHA512
33f499048782913d378372fc804dbb5fcd9f4225684d13e0141d790efcd3fe2ee7f1b61f98da15a9a1ef30404c2a077e59943381b664272412f2b1d413a6e343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e6092ceb5af85585e2ced1f0ab9d5905

SHA1
80bb3013e6e159fcca1acc8401f0887c64841099

SHA256
84d0e6e8e2594aaf6ba489de5c883b381e03aa6f70c899d225ffd78e846b2b82

SHA512
763d7494688e06cfaa605497064b64d783862786807d246787a96d0685f077001e1117ff3f5e92ace70a3cd73d1aeb9b08db7d2551f5f3358d4740b570ebf796

Download Submit
\??\pipe\LOCAL\crashpad_4364_ODFDCEDKHGQSYMHZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit