507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388

Analysis

max time kernel
149s
max time network
147s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01-10-2024 18:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Delta V3.61/Delta.exe
Size

17.0MB
MD5

774ffee84d8e760761b8819edd2bc252
SHA1

74ff2bcc3baf64790181b97dc09ab951d9440379
SHA256

3c2cbcfb0dc0b92e1a0f15e725a1f8c4756a990e298098d94087cdd3fd491758
SHA512

935624fdaa9ae57d4515a456a9383c20240988848046fcab69948450413e573167c0f17a456f0f5120ec13e3215759ad11c4857873900606116c3e495dd69650
SSDEEP

196608:LOM8QZXcqPrn0guhegnueaIN3l4X+yBXeLUpcgwBj9aR:LOM8EmegnBaS1C+yBaUpcgwBj0

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	discord.com
7	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Delta.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{F30C247D-F4C5-4957-A370-9556F5F1E09F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
2912	msedge.exe
2912	msedge.exe
1336	msedge.exe
1336	msedge.exe
2592	msedge.exe
2592	msedge.exe
2280	identity_helper.exe
2280	identity_helper.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe
1744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1944	Delta.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1944 wrote to memory of 2912	1944	Delta.exe	78
PID 1944 wrote to memory of 2912	1944	Delta.exe	78
PID 2912 wrote to memory of 3556	2912	msedge.exe	79
PID 2912 wrote to memory of 3556	2912	msedge.exe	79
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4172	2912	msedge.exe	80
PID 2912 wrote to memory of 4000	2912	msedge.exe	81
PID 2912 wrote to memory of 4000	2912	msedge.exe	81
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82
PID 2912 wrote to memory of 4936	2912	msedge.exe	82

C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe
"C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/4TfpR6wUUu
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffff8783cb8,0x7ffff8783cc8,0x7ffff8783cd8
    3⤵
    PID:3556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
    3⤵
    PID:4172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
    3⤵
    PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:2000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:4448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4164 /prefetch:8
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3048 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
    3⤵
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
    3⤵
    PID:2080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
    3⤵
    PID:3956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
    3⤵
    PID:4708
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,11179841101511013483,10459238135211935058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5808 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
a590902dec6f0cc2b86ee1f116dfd558

SHA1
56950cf7f2acb63f88d2ba709038159cf0d5cf31

SHA256
78561c364ec0b2bd23df7a373f0eb7e98dc3b63fafedafc08afc54b6ce39527d

SHA512
c386fc70c34bc751992e90949815865469f0ee7991396a01c440454519c8e6d4d6398a3fc526733caeaac47b4bb6c82955a32708610293f8167a8e60025fb6a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
536B

MD5
404bfe39a8945190508c345960554787

SHA1
bda190164360be80a79a2127bb24d2fbe2d9cd6b

SHA256
39adab44997738b7f06c2baa851d0ad2c962e0576378c17b0524e811a37e1fca

SHA512
fa165ba592b620ce78a4b7bfdb173358a193f472ceaca4f2034110c1f21f2dad89a308a24f8dd652e2ed0e0d4d9f27cb8119b3e5a315e44e996fd24a41eb1140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6e2037f1ab0e0f6ee5b1e9ec39638d9d

SHA1
a68ca0acab028ef8e8c85522008631390b7e46c5

SHA256
07f4fc4c8fe0e206cffabbb3acb21b1735f2dc7484e13f0a7043bdd25b653c7d

SHA512
59b6e2993fb9704cf2409a487c821b1fa7b7b54d77d6aab6b434d883c411cc709633b26ca5548553960d103a3c78d9b9cb85a171fdaaab84db6d9bcd2a815aee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
751d98a9d0e8b40ab3e1ce5d0a94bcd7

SHA1
b908eaa86b2d5a6250355f40cbe397d43db18f43

SHA256
08e0a4c5f4ecba9eba22fbe67aee55ccb306db874beade000c61addd900b83eb

SHA512
e822cf49dfb778fdebc705d5a92d045b08eeaa35565c843ed7a506137c29f56c79f02dd1a7e70d9eb542757b7f397cfcf8371bc893c81096ba327022cd629582

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d6baedd611998ed26508f3f4f49ea81f

SHA1
2737cab656e4690ec8e73d31e1fe296eb074f89d

SHA256
810f6c1189d2f48ba35e3c5aac1038ff50606978815797f99a65e6215f326c0e

SHA512
9ed7aa682b035fe48b38efc8adc4b91dd74b42d70a1b5ac8c9d1917ca71ea82741e72b6d6aa2eeb4507bae8253ff1e3d8e37259fc95aa01e903a43989994646c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
56816339e9d720b93994741768fb4cdb

SHA1
08bb1331795acd54c00f9a05e33637f9034edaf8

SHA256
e956a467433d1eb73982623554429d9594bf2e4d58c986d27d3a1a66884ba4e8

SHA512
fa29fa4e7d47661a67c4c0a3e43c3c467d5ecd5a87bd1a831b1d8137490c3686d46f83384b8024b5a2814ad2cd98a0b56db1c2d6779110f85a8d454e7cd3f704

Download Submit
memory/1944-7-0x00000000062A0000-0x0000000006350000-memory.dmp

Filesize
704KB

Download
memory/1944-130-0x0000000074290000-0x0000000074A41000-memory.dmp

Filesize
7.7MB

Download
memory/1944-15-0x0000000074290000-0x0000000074A41000-memory.dmp

Filesize
7.7MB

Download
memory/1944-16-0x000000000BF20000-0x000000000BF28000-memory.dmp

Filesize
32KB

Download
memory/1944-13-0x0000000006C40000-0x0000000006F97000-memory.dmp

Filesize
3.3MB

Download
memory/1944-12-0x0000000006790000-0x00000000067AE000-memory.dmp

Filesize
120KB

Download
memory/1944-11-0x00000000066C0000-0x00000000066E2000-memory.dmp

Filesize
136KB

Download
memory/1944-8-0x0000000006710000-0x0000000006786000-memory.dmp

Filesize
472KB

Download
memory/1944-119-0x000000007429E000-0x000000007429F000-memory.dmp

Filesize
4KB

Download
memory/1944-14-0x00000000070B0000-0x000000000714C000-memory.dmp

Filesize
624KB

Download
memory/1944-0-0x000000007429E000-0x000000007429F000-memory.dmp

Filesize
4KB

Download
memory/1944-6-0x0000000006070000-0x000000000607E000-memory.dmp

Filesize
56KB

Download
memory/1944-4-0x0000000006060000-0x0000000006068000-memory.dmp

Filesize
32KB

Download
memory/1944-5-0x00000000060B0000-0x00000000060E8000-memory.dmp

Filesize
224KB

Download
memory/1944-3-0x0000000074290000-0x0000000074A41000-memory.dmp

Filesize
7.7MB

Download
memory/1944-2-0x0000000074290000-0x0000000074A41000-memory.dmp

Filesize
7.7MB

Download
memory/1944-1-0x0000000000160000-0x0000000001266000-memory.dmp

Filesize
17.0MB

Download