12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97

Analysis

max time kernel
113s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 06:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97N.exe
Size

53KB
MD5

f0fb442410a08a6084fa6fe46da3e240
SHA1

1f05f4f27288234ff60e80f8ceb7835d72884a54
SHA256

12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97
SHA512

cf6a9d04b2fde6cc03ba32087dc4a66f7bcfdb757e30d707196f0e6369d31ec49a18dad07732fc51939e600b97673e139a7ccb7e395772c79ea0392fc7191b02
SSDEEP

768:IdpnF5/ija+1I+NYVawgYvCAvEZQ25AX94JosOy5upx/0LTWHiqZl84woTMeV8xi:IdJyqnvE3tJSbF0LiHi9x2XX/q

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	cmd.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97N.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
852	msedge.exe
852	msedge.exe
2144	msedge.exe
2144	msedge.exe
4672	identity_helper.exe
4672	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe
2144	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 2960	3088	12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97N.exe	84
PID 3088 wrote to memory of 2960	3088	12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97N.exe	84
PID 3088 wrote to memory of 2960	3088	12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97N.exe	84
PID 2960 wrote to memory of 2144	2960	cmd.exe	86
PID 2960 wrote to memory of 2144	2960	cmd.exe	86
PID 2144 wrote to memory of 4656	2144	msedge.exe	88
PID 2144 wrote to memory of 4656	2144	msedge.exe	88
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 2008	2144	msedge.exe	89
PID 2144 wrote to memory of 852	2144	msedge.exe	90
PID 2144 wrote to memory of 852	2144	msedge.exe	90
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91
PID 2144 wrote to memory of 4504	2144	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97N.exe
"C:\Users\Admin\AppData\Local\Temp\12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97N.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\3088VCPV.bat" "C:\Users\Admin\AppData\Local\Temp\12f4b704534f540af03f294c8bc9892f5f871bfcd8e38be441b9938c43f81d97N.exe""
  2⤵
  - Drops file in Drivers directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gusanito.com/esp/tarjetas/postales/amistad/faltas_sobre_la_arena/937
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2144
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa9fff46f8,0x7ffa9fff4708,0x7ffa9fff4718
      4⤵
      PID:4656
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
      4⤵
      PID:2008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
      4⤵
      PID:4504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:4456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:1896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
      4⤵
      PID:4756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
      4⤵
      PID:1952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
      4⤵
      PID:4088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
      4⤵
      PID:5068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
      4⤵
      PID:4368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,11734910253124818467,8422353507527436926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
      4⤵
      PID:4380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
1b7614f2c598e6243855c30bd916c85c

SHA1
21d2d4d6751f57c5a535f0649ad10df184427fc0

SHA256
83a7833ac461d60c30868562a779ad6e806b2daa8a10ccc4f4bfb91e690e7576

SHA512
f79862d0d6c188e38c93860a2c8ac048a3e939cab423e647cf281b13172899f77bbe0fb96b8470f81bf7aad4a5912eeb2646fd8c0ea8b86840ea21ecb21633e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
ada814cdc6c4f1286edc135e3f270156

SHA1
09ff2eec38b5bf128cbf14800e38e848f4803275

SHA256
1ab8b697c85a29992ac010ad0da28ce350587da5a1e8925ad3be6674fc192a82

SHA512
4c8c99957c079f9af7eccfd5894e5c1afb03f64c3cff6f58d35b51b2da12336db80a428daa220883f3b889a15a98581680cbd29f2937055ac8e5663fbed64784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
520B

MD5
122d1588e02b3fa4b9f0215f570c3295

SHA1
ee063846567658d1b45a80d648e0796b6aa75fcd

SHA256
e09d340ca53347265e084685f4169192e70c43ea805e594c311cf861af3c2193

SHA512
a7e05876dcc8a48db9f5160d26a3799bc0f1d0fecd5eccd35521bd7547e2b7347b189779333b3331d9a51abdcb738426b58b8ba5e8da483f09ea95a1647e2599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e33227788ff7fbc2e790bb96347d0e9e

SHA1
c464a8a3a8f9b5578c1a3e1caf2594e3c3b6fb37

SHA256
c7938be9a144467affa9af405f133b4967f2158e0958c58018226b217ab6ddef

SHA512
f5b93a88bdc561c8f59c22ed2aa8458181b6d507be2ae3d8d6e517acd67994a9e6ef5793754c9e052152488694f0a2fdc89d82375bcc9efc9062aa582f3dcdc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
68de6f6d427c6f929384ee19cb8f6a3f

SHA1
010c479a6bee70453761f8d07eb734d59bfc6dd6

SHA256
c78f4e0fe1fdbaec3cf7da760203b282b2fe610b2ed77b7141597db48cb97627

SHA512
bcd9b8e92e42620c3daf9e144238d8ee9e2777ea6eccf22f01778ef8dc0b6a91e1c3dc4e69a9b8646d7275148076eb26336d5ae8994b4bf1e0224dfddedd068c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1ff4965824a87c8e7c282c3dc18ca61c

SHA1
b80d80d2801e1e776643b56b83ea5ea9ad09ce36

SHA256
740bc2ce809ead03e4cd2747dd279b8102c7f79664198739bf3d1e758b7c6f34

SHA512
f8269751c0f949d48322760d874a35db498d02cd4d8e1a37c51813c4bef6e4e0130dd2eea2dcce72dbd1d06ca6eabdddb98a2dd9f0ed6f373a4b0dee8fd81764

Download Submit
C:\Users\Admin\AppData\Local\Temp\3088VCPV.bat

Filesize
4KB

MD5
7163acdcf8d529a1cd4772532d9c7c48

SHA1
957f91b724dec8d30198b99837980b64510abadc

SHA256
ea817bfd3ff1846a916a2f3f7a724df5a73b38cd2e1d022654c232912d31f16d

SHA512
b748e6662ef10b7075785d4895d3690a8ab34b054f58b8d2973c0591559370cb1f460021fddc07d59ad5ae2d2a43d131e176da6b910bdf510d66b5f668a13114

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
2KB

MD5
d65def66010b2ec7b931eb612864a911

SHA1
09f137332601b0ec56167660ca0a46dc058e8e7e

SHA256
87cca137565c5821f0d173982cd04c8c643d8fa2d168ba41824d4b95a196f5d1

SHA512
6541b0cc32bdf809053f8bec6dbbcc92fda254cf3f7dee30b1670ae19cb330ab112d3d583253d9f47062ede4e4360a581f15cd83606dcb58e7beb8bf04b3bb06

Download Submit
memory/3088-55-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download