5eba0502b0f1b712091c9a00c5d8223f7f9629738d691d7306fc589e6b5fb08d

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-08-2024 10:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5eba0502b0f1b712091c9a00c5d8223f7f9629738d691d7306fc589e6b5fb08d.dll
Size

2.4MB
MD5

56216df4aa89a671f363296a322ea903
SHA1

71d25fa1b6c443a3784af64ca56d99f78f5efc41
SHA256

5eba0502b0f1b712091c9a00c5d8223f7f9629738d691d7306fc589e6b5fb08d
SHA512

a5ed6298b1efa0d3fc5e17324b108babd4730e958fc9bca555b8c79d548c1bb913b0ec5799819cd5e187e673c180b752d43e4006cc3823b99d37cbec3e12f86d
SSDEEP

49152:HFnuiycXxQxb2TMqWeppjyYaJyLen397Kbdi:HpuipXxQBSpba6en3978I

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4628	msedge.exe
4628	msedge.exe
3488	msedge.exe
3488	msedge.exe
2616	identity_helper.exe
2616	identity_helper.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe
1720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe
3488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 3832	3808	rundll32.exe	86
PID 3808 wrote to memory of 3832	3808	rundll32.exe	86
PID 3808 wrote to memory of 3832	3808	rundll32.exe	86
PID 3832 wrote to memory of 3488	3832	rundll32.exe	89
PID 3832 wrote to memory of 3488	3832	rundll32.exe	89
PID 3488 wrote to memory of 2324	3488	msedge.exe	90
PID 3488 wrote to memory of 2324	3488	msedge.exe	90
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 2364	3488	msedge.exe	92
PID 3488 wrote to memory of 4628	3488	msedge.exe	93
PID 3488 wrote to memory of 4628	3488	msedge.exe	93
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94
PID 3488 wrote to memory of 4412	3488	msedge.exe	94

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5eba0502b0f1b712091c9a00c5d8223f7f9629738d691d7306fc589e6b5fb08d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5eba0502b0f1b712091c9a00c5d8223f7f9629738d691d7306fc589e6b5fb08d.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.itopvpn.com/btschoolgift?ref=schovpntip2&ver=5.0.0.0&insur=other&insday=-1&user=0
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc72fb46f8,0x7ffc72fb4708,0x7ffc72fb4718
      4⤵
      PID:2324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
      4⤵
      PID:2364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
      4⤵
      PID:4412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
      4⤵
      PID:1964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
      4⤵
      PID:2552
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
      4⤵
      PID:3344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
      4⤵
      PID:1192
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
      4⤵
      PID:2416
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
      4⤵
      PID:4432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
      4⤵
      PID:4968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,2686367867167814284,11593599991608667767,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\iTop VPN\NpGic.itdt

Filesize
38B

MD5
fae59463894a81f756b73d441f065e9c

SHA1
98499f72cee8b44e6c740f1b3fcc75ee54d9eea3

SHA256
454ce577aa6be8efaf91875c868c2c82c0c3e8a576255ed2e8b670624133490a

SHA512
06bde3011eed859d9297a15ab9fa8d924a83e084fc3eed976d0c26abb3ed1d4ed1479e05fa1fc5fa34a6847df7e9366250b7cf3b375597e36a6f2ff3226f3d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
35KB

MD5
b35b459e5f815caf87dba7ffb234d23b

SHA1
ec3ddd8e7735f1d4c1f0ad497068546944b2349a

SHA256
47eecd8c662e45ac42adfe7e1fe8e2501fb36b78d5deeec84030f6a3bb6d7c20

SHA512
98c12c56a48e326bf629489a6ead52aff52a21c8e9f96f04134ce30247bd6cd0a40f9ed2007823d310f6724f0a1252cfa46d2f75ab40b3ba3d848948ff3b76fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
0710838214d2c44cf6488c56d3c21f3d

SHA1
7c909032cf9f2c9b30110d854d4d828f0c183c2b

SHA256
b8de1a6d3e5025ae1527834c2ecb3818f9ae03490884d0c9b560cfafc38fdd2a

SHA512
c1f8abfb81b17a868b8a665dcacf52fa712d41f5e40e9d6493fe8224f0d25f94d41a7316726da0808d1c5e34d5120246082f8074fb51ff2f5f35a7c347255829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
14a5e5925cf7de4cc7bfbf07bf5af812

SHA1
163515efe8ee1106d554934fc2893bb7e1f2cb10

SHA256
3592a67c59b77de0f1d86b80e9126f6aaafe3b98bfb31f24024e2c19ddba883e

SHA512
ac5861c371b3db804e1a230f21ef233f1ba1dc4b67f748fff12f08019e26d1af67197ed45791a2916d45d1b3033fe29e66ccfefce9e0c61f908d80a2e09906ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f15cb4213b6b050e7ef1a8de8fd12f4

SHA1
bf3ad2555ad42dec558202170f395c87c7ef8371

SHA256
13f13c81f57644e573e2ac464adeb121ae89ae3250ccbb9b5c64e09db7b32e08

SHA512
68299b4acc2869ec96834b4e24269d769d90773bed17294e96bb78dc7e46efc3a7b43a53ab61fe8857312cf0a200dc0a9e437a019b06fd46709d2e12e30d783d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d7dbe8f04263cff61dafdfb2da4fa7d4

SHA1
af043e22d2e51e9212c1f27cc7e04be8832d6793

SHA256
58b406da443689116303762d047ac9805bebf683e0091754080f0263ecd01eaa

SHA512
d300af3fc34fe82265c1af67befd7efda458ec144d6f2e3c400932fd1386772fdd05ca92fab8296fe7bc6c11851a30eca7690905c985195e0b20dc3628b922dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87c249f394ef0029bbf92b568196beea

SHA1
0509b739a20c75ccbd1350b7c1b668c0de39e9b5

SHA256
b82bd99e10bd02ae2289822d100e0d1400e6bf8a0860e422fe0b7ef4040de236

SHA512
96e713983219acc37556fc8e21a3ab3956a3c664a5fe8e123c37820a5df3da0edfe2dc178ba92f00f17a018080e68307ac2747add51647b091b0f59f55346392

Download Submit
memory/3832-7-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download