hxxps://mega[.]nz/folder/4H9W3IKK#iBzzEMTR_ia9z-Kh1jFkPg

Resubmissions

01-11-2024 21:33

241101-1enataxleq 10

01-11-2024 21:32

241101-1drlvatpex 3

Analysis

max time kernel
480s
max time network
591s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
01-11-2024 21:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/folder/4H9W3IKK#iBzzEMTR_ia9z-Kh1jFkPg

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	Process
5112	msedge.exe
5112	msedge.exe
2684	msedge.exe
2684	msedge.exe
660	identity_helper.exe
660	identity_helper.exe
2816	msedge.exe
2816	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe
3892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid	Process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	Process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	Process
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe
2684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 2684 wrote to memory of 4788	2684	msedge.exe	80
PID 2684 wrote to memory of 4788	2684	msedge.exe	80
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 1056	2684	msedge.exe	81
PID 2684 wrote to memory of 5112	2684	msedge.exe	82
PID 2684 wrote to memory of 5112	2684	msedge.exe	82
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83
PID 2684 wrote to memory of 2560	2684	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://mega.nz/folder/4H9W3IKK#iBzzEMTR_ia9z-Kh1jFkPg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff989713cb8,0x7ff989713cc8,0x7ff989713cd8
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2480 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:2560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1784,4791297139543794714,8027880635789637904,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4664 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
21KB

MD5
b1dfa46eee24480e9211c9ef246bbb93

SHA1
80437c519fac962873a5768f958c1c350766da15

SHA256
fc79a40b2172a04a5c2fe0d5111ebeb401b9a84ce80c6e9e5b96c9c73c9b0398

SHA512
44aefedf8a4c0c8cbc43c1260dc2bbc4605f83a189b6ef50e99058f54a58b61eb88af3f08164671bad4bd9c5e3b97b755f2fa433490bef56aa15cdf37fb412b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
36KB

MD5
f90ac636cd679507433ab8e543c25de5

SHA1
3a8fe361c68f13c01b09453b8b359722df659b84

SHA256
5b4c63b2790a8f63c12368f11215a4ffec30c142371a819a81180a32baeb2bce

SHA512
7641a3610ad6516c9ecd0d5f4e5fa1893c7c60ca3ba8ae2e1b3b0cc3a72f7f9bef4c776a1f2fc52f366bd28a419ae3594a6576e886e79a20ebd98b55b2acc967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
acacaf859807eeb221bd733d21929478

SHA1
ea8ab8d48b66608ea79ffdaa60d169f5bb993cd7

SHA256
a3391c5028e848805288aa5d1c14867cb66cd8215eb8c0a38be923289b11a094

SHA512
3aeb33a549f3dc9d71a2d84c4a5a92247966a2b37bd5902156cd4f45fb2c2a468a15824918b6a523c7fb0e87048ada9a882c4d4464da7482d6df7d919edd398c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3f67779d6c288e3e7b118d3866dd05ea

SHA1
851b6eeac447eb76990808fe90c677cbf7292dc6

SHA256
cdfee0bd97bfebcc5ab4590b8feac8f7b312899b1c976e28675994dad1031dcc

SHA512
fb5a4fb05faafb89d08473c2a2f5c30787a1f725f100bd7bb9cf22944e883bc3472f7473c7dbbd7f51a5f7e0f6dd6a5b98d32ada5fa362c3023a3b949e7fe203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e027a013cd7f4e5f6ffc2a2b1cb8b797

SHA1
5d4aece4a46fb3e13c4a2e218fd053412fb8c2e8

SHA256
f1fe853f4c5574440f017c6930259130ac0f52e76f4b1a8e20e0363587f85ff8

SHA512
5943443efd018edcbe455017642b8b0790c9ab8a1a8b479d0d139cc64f4043aec055e55ec62659a1cefa8b616b8f781289e13edb96e0b4e313a793779a9bf6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
07f9859ff57922d9c3a4e6dc5bbc4d75

SHA1
582788e7ca591ed19a08eb2ffe88eca3d45a85e3

SHA256
8cc666bdb233408992eb1346006564676048361e92768653af3f97acb5527fc9

SHA512
d41c65af6cb25aeb8eb41ed3c489153e85661635121d74c20dd2cab723bf162bc1db73e3c5f21045af20053d79f44ca82082fd2c9b24f194d3849d1d87ee3aa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b120.TMP

Filesize
48B

MD5
8322e910a99a98dcde434f4ff262c9a0

SHA1
6a46978f0a3fd9546139df3eba4c36a6ee8e494e

SHA256
9aa680d727aa60b5c59778ac3173bf63e8c5a5f7ea54a48d2c48489f45f63048

SHA512
459fd12ffedc122d512730831004342eacab98090c7338eb3e92e7bc4b167e34cbb21f946a9f294d2b7c178ad22fdb32aa5a74718aaf515cd31f40be95665ede

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1d64ca5c517131497b2824e3da767898

SHA1
4d9b9838c7424142f10bb863d1628272734321e8

SHA256
0803468be9e23b545fc74aa71f3f13e091ad251991e6ad762fd6ea079c256b49

SHA512
0fb605f3e62d0a15ff8df8faaef4967092af2ed6ae97e23c7cc08c619eb5b34b3c75099dee6916820e5392306ba0ea74ce53ed88096dae80d85df5ac08e84734

Download Submit
\??\pipe\LOCAL\crashpad_2684_VCMDPJOJCCZOXIGM

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit