hxxps://gg4[.]shop/rb

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
27-06-2024 12:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gg4.shop/rb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2924	msedge.exe
2924	msedge.exe
3856	msedge.exe
3856	msedge.exe
1196	identity_helper.exe
1196	identity_helper.exe
1564	msedge.exe
1564	msedge.exe
352	msedge.exe
352	msedge.exe
352	msedge.exe
352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

3856 msedge.exe
3856 msedge.exe
3856 msedge.exe
3856 msedge.exe
3856 msedge.exe
3856 msedge.exe
3856 msedge.exe
3856 msedge.exe
3856 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe
3856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3856 wrote to memory of 4148	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 4148	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1104	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 2924	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 2924	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe
PID 3856 wrote to memory of 1228	3856	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gg4.shop/rb
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0xdc,0x7ffa93973cb8,0x7ffa93973cc8,0x7ffa93973cd8
2⤵
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
2⤵
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
2⤵
PID:1028

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5916 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
2⤵
PID:956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
2⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
2⤵
PID:3548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,12455069657536239609,2094584395890223149,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5588 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f717f56b5d8e2e057c440a5a81043662

SHA1
0ad6c9bbd28dab5c9664bad04db95fd50db36b3f

SHA256
4286cd3f23251d0a607e47eccb5e0f4af8542d38b32879d2db2ab7f4e6031945

SHA512
61e263935d51028ec0aab51b938b880945a950cec9635a0dafddf795658ea0a2dfcf9cfc0cab5459b659bb7204347b047a5c6b924fabea44ce389b1cbb9867d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
196eaa9f7a574c29bd419f9d8c2d9349

SHA1
19982d15d1e2688903b0a3e53a8517ab537b68ed

SHA256
df1e96677bcfffe5044826aa14a11e85ef2ebb014ee9e890e723a14dc5f31412

SHA512
e066d74da36a459c19db30e68b703ec9f92019f2d5f24fd476a5fd3653c0b453871e2c08cdc47f2b4d4c4be19ff99e6ef3956d93b2d7d0a69645577d44125ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
28KB

MD5
b6f9d615a6f078b6c68a60a40e692cf6

SHA1
554378eaa48d82f90bb679ac4bf8172d87d19ccf

SHA256
dfb6db094465d69f3289ccb00ec33ec310e6d569114e4bf2953384b122c22247

SHA512
d3c5ed0a2f6532ed03831fa9cf9499399ce978257872449a1793006188cd3e042ee7c0cf7df1cfc35f871adfc054f58ff48de3bb262e33eccbbc94add8220423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
962ed2e197ccdbcdc607e6bfa8c9124e

SHA1
70b85255414a46a408b92157dcb593c9b8eeacd0

SHA256
86d1f42f012e0440d63fcda45bf3565b459ce016f05e31b0b85ff1a05ea738d1

SHA512
71f826358e6e55dd41e7493b016aa61fa9fab04bbad2d07a5ffdd66e4dc28fe7dcd7f2100b79fd068986da03a7014c1be26b50539bc8d5784c57e67c8a079223

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
a4e4c748b39c49f57edbc9a9a6174d16

SHA1
835a680132a513d1c9c6ef332968af9c65899877

SHA256
41883db57b0b02281e4e3e27b6b3dcb9b41862fbaa24406052d27bd950c3fc78

SHA512
e9e73f780e8bc3ca200f81d2201aa85a071be3a7eede913ab5bb704da0c0d9597fb2d122bb463da944b6eafac9fd3ab5e10ff8ce17448de6ad4ae4afa2d5039b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d9cb037c70c69774ed1f823cd0f6441b

SHA1
6d06749cb415b1b3560851785b844092b003dc7b

SHA256
a6b50a944db1692d6bce29f8585eb3a1231cf715bf6a242c71046b6a8d49f8fb

SHA512
914570f0414d9a78ae3633f8bc53eb609b149bc4c2f0a5fa15cead391cc6f79736bbe7f962b71cc76f4e54767b1161be589e109de4b2b4c6e8220661e2645e35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8bc11ef3a8884c8b2ef2a16549781ca4

SHA1
b813479a519a374b00c862f71fbbb376fa334bb0

SHA256
5fa34fca82a0175a4194755b1c2887ace89c46ee6ac341758f6ba91e35497d31

SHA512
2a9daa6d56461c777c59a9c891a1aef7611d95a5b6bd8d92c43233a6a8ffa0a9c8edaeee7dc6b8cf513aa15fe6ce4e2b6fa722c5b3854b0c3f15930cd2f868c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
52ef65b8eed60df562a086175df58fc3

SHA1
be7005a3a18d33e94c03ff004f02e4e5f19ec498

SHA256
8bf283d7aaef6ba98929280602fdfecd6de42e811d1a44e71e0417be040b8dc0

SHA512
9c412a726cb3773f176f264d7f4f942c5e72da970df768db4dab2d2ae4d83ca97504eb794fd26cbc3afa6764aa58be982adcd8e663d9d02900b7cc358e3b6048

Download Submit
\??\pipe\LOCAL\crashpad_3856_IHOKZBYHERGJYKDE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit