400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256

Analysis

max time kernel
148s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 21:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256.exe
Size

4.5MB
MD5

71d2a48b6ec0d4703eaaa9a88a271e8b
SHA1

2007f1674028c5a7d67993ad90d6f5dd19cba328
SHA256

400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256
SHA512

ca27391eb5fedc7a134ba67e66284a530191e19c3549901bae7f408e926a9ff2c31ec4155cf8a4d30511d057d8a78922e9d7a23861e83a0e798753cc97cf52fd
SSDEEP

98304:ecLf/XJJltae9TZ0i1/HwCEKIJS4PkigJ:ecLHZJ5308/cTSi

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1044	msedge.exe
1044	msedge.exe
2852	msedge.exe
2852	msedge.exe
4544	identity_helper.exe
4544	identity_helper.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe
2852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2852	2904	400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256.exe	87
PID 2904 wrote to memory of 2852	2904	400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256.exe	87
PID 2852 wrote to memory of 2340	2852	msedge.exe	88
PID 2852 wrote to memory of 2340	2852	msedge.exe	88
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 4040	2852	msedge.exe	90
PID 2852 wrote to memory of 1044	2852	msedge.exe	91
PID 2852 wrote to memory of 1044	2852	msedge.exe	91
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92
PID 2852 wrote to memory of 3784	2852	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256.exe
"C:\Users\Admin\AppData\Local\Temp\400fb4b2e26244e74ae7c98701e8adf13deebf7672dd8c8372cd92df4715e256.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://telegram.me/PhoenixSecurityy/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9df4446f8,0x7ff9df444708,0x7ff9df444718
    3⤵
    PID:2340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:4040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
    3⤵
    PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:3432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:4928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
    3⤵
    PID:3644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
    3⤵
    PID:3268
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
    3⤵
    PID:2900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
    3⤵
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
    3⤵
    PID:3144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
    3⤵
    PID:2836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,223103247762692404,15193572576058842885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
6c5916f837457ef6e35478aebf98590f

SHA1
47f8b247c716a758947e2c8586ff98b692e61665

SHA256
1200bca674021717c54f50fdb70a901b2363ed99f1f3dab247dd67f121e178d6

SHA512
b4a32e01dab6a1caf2e5bb66bf0d2a52ca2dd89718844dcd7e5c7fac8558661784b212a3ba559048dde648ff9b073d03b7c2e09a407f7535a42deb28c8ef80ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
249B

MD5
add517428b30e1d6e285fd126bf90d22

SHA1
2a17b64d40deade99ce032585f10bb2b07d8cbc7

SHA256
973b49a2365630fca606529169f1bb2ba0a442b369490407f95825346ab44495

SHA512
17fa2734f9238a70041e0d711ae415d3c6c9d546ea7ce4a187c09e43cd19f720707444e406f224fafa7d993dc4f51b4e49593279258399ef4e6dddb47b45a131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
df12cf0298b142e7bfd9e1b2c4274646

SHA1
a420a88b416f422b64833c62c8f8d0a988fd4e4d

SHA256
b36d8cd469d600d235d2c7dbfe044840f0fd746cb54a85c14f90e40fcb32ef0f

SHA512
7a5586b0822f53049066ef12b2a685d356255b151b99a25194034565874b89151a86ad3112d52479cd9ec251bc2d299d03c585c0e5475a924f37bb3cab5b3b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27fffb7279be1f3942cb2e976a5746b6

SHA1
94577844912580ed4ea50de9871ad2b3ec0c6fc7

SHA256
165fa6d7cd9429b5d62f9d004cd3a98ed21d321084d527d5e5d6819d74ddcc8d

SHA512
db6d9b6de0f2bc0fba15667bf8f98e6a4b57bc8cc55f80c317bbd30de173b43422c6aa9c7521c729837baaca88f25717c8282e362280ff330730b867ca5c5f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ef9c591ab323eb6dba72f305fb7623a1

SHA1
83457951521b0bd1556535488b29386afc42f6f9

SHA256
212b6b94a3281ec80491f1900cf9581c9a4555914715c28a4ff53127da01bcf4

SHA512
980086a81547dbb2fda72eb3d1b6807973e9804d5a50b07de84ca9f20953e1e94335f9489a4507f4b26f7a9ac647a5a4da9ad9ddcaca5dd03705f373121919b9

Download Submit
memory/2904-4-0x0000000005DD0000-0x0000000005E62000-memory.dmp

Filesize
584KB

Download
memory/2904-6-0x0000000006020000-0x0000000006076000-memory.dmp

Filesize
344KB

Download
memory/2904-5-0x0000000005D70000-0x0000000005D7A000-memory.dmp

Filesize
40KB

Download
memory/2904-7-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download
memory/2904-9-0x0000000009E40000-0x0000000009EA6000-memory.dmp

Filesize
408KB

Download
memory/2904-0-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/2904-74-0x000000007461E000-0x000000007461F000-memory.dmp

Filesize
4KB

Download
memory/2904-75-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download
memory/2904-8-0x0000000074610000-0x0000000074DC0000-memory.dmp

Filesize
7.7MB

Download
memory/2904-3-0x00000000062E0000-0x0000000006884000-memory.dmp

Filesize
5.6MB

Download
memory/2904-2-0x0000000005C90000-0x0000000005D2C000-memory.dmp

Filesize
624KB

Download
memory/2904-1-0x0000000000E40000-0x00000000012C8000-memory.dmp

Filesize
4.5MB

Download