43cff6abc2bd3abed6c3e604daf21efb28ea312a87684e0a2d5f590a44086494

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wpp/Setup.exe
Size

529KB
MD5

99b8d7e1f2d992ff45f7e953227e4da0
SHA1

501dbb3f200ee7cbeb176e639c1329cbcbbace77
SHA256

cbce497616214c0067141f0a5af344e1c97b16a7f3fa463cd1fae5f26c09ed61
SHA512

d1fffe687c37db9a485fcde937591a7cd53377339a0f6ada799f797ea60541d53adade33bd6a14bc281ad1901762be9d02d5a39a73a5164895b04f5ed5538032
SSDEEP

12288:I1DYrSKxCTxLTP5aVx6aGxtXMaAd/VZS6y:IdYZClMVxaQZS6y

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1052	msedge.exe
1052	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
4940	identity_helper.exe
4940	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 1052	4940	Setup.exe	92
PID 4940 wrote to memory of 1052	4940	Setup.exe	92
PID 1052 wrote to memory of 3776	1052	msedge.exe	93
PID 1052 wrote to memory of 3776	1052	msedge.exe	93
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 2348	1052	msedge.exe	94
PID 1052 wrote to memory of 1156	1052	msedge.exe	95
PID 1052 wrote to memory of 1156	1052	msedge.exe	95
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96
PID 1052 wrote to memory of 1844	1052	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\wpp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\wpp\Setup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.crsky.com/soft/4818.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ffaa0a246f8,0x7ffaa0a24708,0x7ffaa0a24718
    3⤵
    PID:3776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
    3⤵
    PID:2348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
    3⤵
    PID:1844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
    3⤵
    PID:3944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3932 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:872
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 /prefetch:8
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
    3⤵
    PID:3768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2444 /prefetch:1
    3⤵
    PID:3116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
    3⤵
    PID:2608
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10225681468628425592,10414508170132454705,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
    3⤵
    PID:3692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e9a8d91f790c9ce36d463a6ef5784d2f

SHA1
ae6642f65b9c4b533b7d059cdef58d116d5c9cdb

SHA256
26a9f0d046c1bb30368a49b09565573d2c36ef976755127ac2f5bc7de30728d4

SHA512
7114d77b2d78e929fa109e3f13fee943ca5c0c16625cd2c362b60f870add12cfb7ff872a1f68854fa19e0123438d36d2ac8891853805b16fa8525e9c54b2ad55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
7c9fc29922d55fa2d9d92904a00a8638

SHA1
e8d0bfe9a0aafe33d8bb17a3b76065d3d403f215

SHA256
36b2639c6d5db06110c4d12f545f9b991cd84e44753fe2658d22ec9ee23f12a3

SHA512
652ad4b744b60ab02277b7206206928b6f623ad7f88049baa65cfc68a3c3a07967a14e9c664c4dd749e6d0f326924f29fe16aa739af8521a6590dd0a4672eb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
d23e4f6b4e7b080dfdb8ed2a61996848

SHA1
12d14edd812113cd06af024bb768da2083fa0f50

SHA256
a4dffa34c75332641b700abdf8b3db510af6f0e439e98d8ecd74d2ebdb33e8fc

SHA512
d191bd982002ee926c4487ec0c8a9a384ba4b2154a107a02c3d549cd94296d7e9acbb4f57c1dc59eb9f8788a3501cafb7fd697599ea3a1d6250adf889e476cd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
687dee85105aba117cd37d2a1cb11f3e

SHA1
462b08a569eaf7e79e77c698157c9a64711b1320

SHA256
00d00273e34f6a01b9c5ba4ec0b938f5989b5c9ee57562945d14f2d38f99d316

SHA512
15f25afc36c6b352fb03b752d371b5882d2480db13d103970336b3546fdf8bed127664c440d941415dad2c2459d62447a0a14319514a625dc9cc23b4f16e9857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
954ea86b520c7f241aa669ac621552c8

SHA1
8b639d96d3b9dedc1d4493ad1b6da1d487a7e6e5

SHA256
1ce6c1ad7c4ae636854ad97e28a667da3be091b3e91d39758f667f565befbe92

SHA512
5e4baf448659244a0ad03072d298b18978b9c49612b839fab596a61ffb0fb825cdb3d354189f7483cb0f98e8515c9d219b401141470260026289e529df51c07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d5efd0566c20dff7e35ffca5a127449

SHA1
d8a07161c1cecd05a28f29efc6028cc26b2c6dd2

SHA256
85ef2268c3a7b0e9b9deaaa3d1f9417c9475995badf974d55e7dc5f95d0a980e

SHA512
5fcf727534e5dd09bea75cc2129cbd9fc403c1fb697da95b518b334f21530f538086704bedc140e368df35bbfad04b6de33731c1984237dc7faccc42fc1f5804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52daedbce7b35333068d094c3c1b6895

SHA1
85fbd4d5257b3bcc82b000fadce71c742f42e21f

SHA256
7c518c0f7db6e345a20d8c6c2f520a2d87c178e8faffffa02511ae965e37a09a

SHA512
5e105997da84e1c28028953263757d1be89a0e219b11e7bf1aa1d590aacf0a9b0f6c449b37d5c79a21fdc66c21f8f49b7276d3446f2a66693a1a0157ee0f5fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2755dd5ee3ba30cfffe5c477a0b6468b

SHA1
3491a28c6045ad016d3f10e047c2219a86c5e018

SHA256
138b35679ceda442a8559e2a299cdddc81b2803d5e3c8d06e91b4c6963684a88

SHA512
e73bafa5d617d065f4ce8fe9199dc66a9e2929ae025365d952c1233ca18df4cc2ec06a803bce8587480a7d04ed6f692e3cf69cf7a1cd1a8f01c7ac6a48ebb858

Download Submit
memory/4940-20-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download