42d3b70f87a52ad776ff802da5895b36610f905f31350f25bf51a9355be343f4

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-10-2024 22:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/NetCheck.exe
Size

6.2MB
MD5

5767a86dedd068e8f14f1570a9052303
SHA1

ccee276337037c0dbe9d83d96eefb360c5655a03
SHA256

cc815fcc20a41a0a2bf9c1574518004327ebb889e666d964e095482c5996ef11
SHA512

9121ae4a5c8a1485e3fc795f4857f2e44fa5a0271ffca747d195b9cde384f1e8f60864f2f4e955b96ecd38a1f6b2bd5acfb21e5ca5769b3f15c0c0d5937b6c3f
SSDEEP

196608:/ps7wa/hf0+P4aTMf+LZ5PefLEAyfWgJElwjAOER/4Uf/J1MtZkHnbFuRKnbErc/:/ps7h/hf0xNf+LZ5PefLEAyfWgJElwjE

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
discovery

System Language Discovery
T1614.001

Processes:

NetCheck.exe

description ioc process

Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language NetCheck.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	NetCheck.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4468 msedge.exe
4468 msedge.exe
3024 msedge.exe
3024 msedge.exe
3024 msedge.exe
968 identity_helper.exe
968 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3024 msedge.exe
3024 msedge.exe
3024 msedge.exe
3024 msedge.exe
3024 msedge.exe
3024 msedge.exe
3024 msedge.exe

pid	process
4468	msedge.exe
4468	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
968	identity_helper.exe
968	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

NetCheck.exemsedge.exe

description	pid	process	target process
PID 2660 wrote to memory of 3024	2660	NetCheck.exe	msedge.exe
PID 2660 wrote to memory of 3024	2660	NetCheck.exe	msedge.exe
PID 3024 wrote to memory of 4244	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4244	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 3280	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4468	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4468	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe
PID 3024 wrote to memory of 4684	3024	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\Netflix Tools PACK\NetFlix Checker by xRisky v2\debug\NetCheck.exe
"C:\Users\Admin\AppData\Local\Temp\Netflix Tools PACK\NetFlix Checker by xRisky v2\debug\NetCheck.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://t.me/xR1skyy
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb668346f8,0x7ffb66834708,0x7ffb66834718
    3⤵
    PID:4244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:3280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
    3⤵
    PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:3092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:3864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
    3⤵
    PID:1808
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
    3⤵
    PID:1572
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
    3⤵
    PID:680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
    3⤵
    PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
    3⤵
    PID:4732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,11336387634110507610,7456185680600106770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:4088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
9a86a2b12bc690f8a0e38a5bc1c19a19

SHA1
f7d1d43ddc75f5f8c3c09f900956f2d73fc7f559

SHA256
a2318e69f921df1c55d7e5360776a63a0826d272bae2b34c9d3e1493b44d2be0

SHA512
b96f4688c126a49ab646d16aca274e328ac46e82380a10cc237607e22f936e9e27a4578de1a6fcab1a6ff195a44cf61fe8d2900571a93c76a2076f469ad33079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
442B

MD5
c4b6dd8b8c7d216357c4a512916f8357

SHA1
23da0019990a2ec37c9c5dab4c0d2433faec4ca5

SHA256
5a84533901e49c5042223c89aa51605b58e80bd9492dbc64e97133abb091e2a3

SHA512
5c3b102be1f1e75a7e0f3a2f5c824f8ca1836548749e902244477a96e7034ffc00cde971e05338c4bd2bb0f92e494e6997f9e1fd9536e1abbb19395194c69e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a1e3b9ef4ca49f7a49fe90b16ce9efa2

SHA1
f1cdb99b770016fdd95059dfa4c84d75179da77a

SHA256
d4afbc2e5b5986a4f3c5462343a7d0f2b528f10f6c4bc845a7014c7a4fc57fc8

SHA512
073ee192f9d6eac6c6835acf202be5a7c4ae1dedcc8272fbc3cacf4f63ef9038991bc8581b5a8627776e82e2a370d095cd23463ec4eb726bf28d454e0e31f9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
870d39a5ba10b8a335060ae8371a4f67

SHA1
9010c41851eb984bcb89371f0673e6368ff9467d

SHA256
1db8e2194cbef173aaafd90c0cc095809e4920805193d0eb7e2aa48c2ac41e0f

SHA512
dcd308018e9b4a4396dba0768b0d6e13b08c47ec9209790e37c51c0c35fc588c540e08f133a6da7fb77763f3ec829367f688beaee88a9f11dea7501656acf366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
10006c540d17040c8f03b4528befd714

SHA1
93c033662dee7e18cbc244e8cea37a2f4e9b180e

SHA256
6bc56e55a88f0a983e136dd6d84036008f8ee8637d90f8233b85b77141460cc4

SHA512
13bfc4445f2f8afaad17e84330e560d8929c9f58297abfa1ec3dc73eddc8e85b370690176068e7cfd8d11d98db828ed48d7cef6309b3318e06cfa6a3a3fb5d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
00199143c5d1741c16897a8561a3e2ef

SHA1
b028659f517f0b88d93d41ce13c6dd7588cd4aa6

SHA256
e3215ede7a29480ac35b5cd03748e6c8371d52f776dab0b53ba05de93f18e3a1

SHA512
0d190251881609c92b1cea4d777ba88e025511614ab3da41676129b978ffe312c3bff2a36a8d9c12edc0e8beb2049e96e354802d459326c3e6fe941d5f5227ed

Download Submit
\??\pipe\LOCAL\crashpad_3024_OBKTWCRHTEJYASDB

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2660-5-0x0000000005740000-0x00000000057D2000-memory.dmp

Filesize
584KB

Download
memory/2660-11-0x000000007522E000-0x000000007522F000-memory.dmp

Filesize
4KB

Download
memory/2660-12-0x0000000075220000-0x00000000759D0000-memory.dmp

Filesize
7.7MB

Download
memory/2660-10-0x0000000075220000-0x00000000759D0000-memory.dmp

Filesize
7.7MB

Download
memory/2660-9-0x0000000006200000-0x0000000006256000-memory.dmp

Filesize
344KB

Download
memory/2660-8-0x0000000005320000-0x000000000532A000-memory.dmp

Filesize
40KB

Download
memory/2660-7-0x00000000058E0000-0x000000000597C000-memory.dmp

Filesize
624KB

Download
memory/2660-6-0x0000000006730000-0x0000000006C5C000-memory.dmp

Filesize
5.2MB

Download
memory/2660-0-0x000000007522E000-0x000000007522F000-memory.dmp

Filesize
4KB

Download
memory/2660-4-0x0000000005C50000-0x00000000061F4000-memory.dmp

Filesize
5.6MB

Download
memory/2660-3-0x0000000005640000-0x0000000005694000-memory.dmp

Filesize
336KB

Download
memory/2660-2-0x0000000002D70000-0x0000000002D90000-memory.dmp

Filesize
128KB

Download
memory/2660-1-0x00000000002B0000-0x00000000008EC000-memory.dmp

Filesize
6.2MB

Download