1f3ac725f48f2442886bfafab79345396961c4dc15b63b9904c5a6cc0328fb8e

Analysis

max time kernel
147s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-12-2024 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lib.exe
Size

2.6MB
MD5

0bd541037d1794d63bb58654f1e897c5
SHA1

a901fc2bc1fcc672b6dfee0d3e93b4ca8f11c710
SHA256

2e8931e43c5674bc641651868ef311e2d3407e0132325c0795bdf4f5404fb30f
SHA512

85412b5357e65ceebdd1f460e4764e3b5b11c242250500f9f55fdbaa0d2c6aa15cf0f68f7e1d88369a013a2d16c95e235db68dd48590e306de59cf01fb7128c9
SSDEEP

24576:rVsQ6BKfC+CWDU2fy6Uuri8MmOmbCYUz7PH8Zeaj0HM3ow5Xt:rVeBB2kMOnYUvPb

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
1	discord.com
7	discord.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2253712635-4068079004-3870069674-1000\{20E46901-2B40-4AAF-8C3E-5DCA3AC6AF27}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3552	msedge.exe
3552	msedge.exe
3400	msedge.exe
3400	msedge.exe
700	msedge.exe
700	msedge.exe
3740	identity_helper.exe
3740	identity_helper.exe
4188	msedge.exe
4188	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe
3400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 3400	2120	lib.exe	77
PID 2120 wrote to memory of 3400	2120	lib.exe	77
PID 3400 wrote to memory of 4960	3400	msedge.exe	78
PID 3400 wrote to memory of 4960	3400	msedge.exe	78
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 2844	3400	msedge.exe	79
PID 3400 wrote to memory of 3552	3400	msedge.exe	80
PID 3400 wrote to memory of 3552	3400	msedge.exe	80
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81
PID 3400 wrote to memory of 2576	3400	msedge.exe	81

C:\Users\Admin\AppData\Local\Temp\lib.exe
"C:\Users\Admin\AppData\Local\Temp\lib.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/z5vMmkQ8pj
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff84b243cb8,0x7ff84b243cc8,0x7ff84b243cd8
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
    3⤵
    PID:2844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2552 /prefetch:8
    3⤵
    PID:2576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:2476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:2620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
    3⤵
    PID:4944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5000 /prefetch:8
    3⤵
    PID:4208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5012 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
    3⤵
    PID:4692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
    3⤵
    PID:4888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
    3⤵
    PID:1392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
    3⤵
    PID:4176
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,5579530447826069693,3558398995942882599,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5172 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
af91dbf130e0ca2760d9b17c69b7e7a7

SHA1
1c554a285abab22d16456f01ef4277233683b04d

SHA256
13531a5768e53bdfaac3304d599b02b1e625cb77654cdf98ab5afabf0ebf256b

SHA512
4912aa72338291c490a4728f1be70a4d3c363a3a51da7084637f6c3116c9b14ab37492083f96d9c3285359755b8f9feaded1252d1bc5345e0eaee56e77d3d9e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
536B

MD5
431d47268e1db1401c42e9423334cbe7

SHA1
a67487ee8bbf8378c7b6b98cffc3b1e06ad0d6d0

SHA256
e3185c79efb3c9632a4efc9e1b99742001a24cb1a93a5e8b9ac21974cd17198c

SHA512
a06a836d15d0e6d643e13dec7655f598388776034dba3dbc91b11070f527fc8b62339e1f03582dfa40be241eeb154ccaf99473e5250385d0ef6da4258244a76a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
479893220399336cf188bd7c9e874614

SHA1
1a774c333c9ab6454f023d014cebd4553b165f0a

SHA256
1a288cfe78f24506f32e6682e148aa8ebcb8bb02c6633aee5e06f2a0101bf364

SHA512
c99cff1ea9009dd7c0e6eb7938447c2ed3b49030e5e5600cf613b6d0b6ee0da36a90643f1aa363a8eff8384700cf935f58606aa535ef94341a4e188082454c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
773cd3f4b7f44f0558d58db10b99f5e2

SHA1
8a83a3c5f67a5423e2410f24ff9ccf6fa4cbb743

SHA256
cf2a7fb2178e36a49b47cda733816b946b3ae34b5c3a74151d6144d7ea1bc674

SHA512
b1958b7a391ce4f1998dce0aa3dba79954a2cffb76840cd191b375b109cd319186ffb2361249ec50e365a1f8dab184c8c963efdd5b7ed78cb2a71f778540c376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90ac23a94432cc28cbe3f04fb3900092

SHA1
7473cada6fdf602a7ceebd9a171194e4c44966ef

SHA256
434255d3ecba0c6c3d390312acf9ed9b4bd150d5d6f3a81935e30b0c2d403382

SHA512
1e3d4141d1c0cb82d553e1ede61e2a302beca7302e7483bc4df766589cfedfe7dde1df0d23110785263b1d2efe98ce41e0157491028dafd844cf54fd630ee147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e917ebb259e67cc440a769c0db01c7ae

SHA1
f54c93a540197bfca2b9c85b915deedd9d974b4c

SHA256
719dd6fea5831b636b1b5c327626d0db176bdc0f558f1eb86f8117d9738be4e8

SHA512
1ecec5ae0a23c3282c3a54701eb0a48c9b5bfb84e5f678b364fdc15289457ff7317d913db24cdadc2a1bb7579b968d4b1db79343080f2ecccdb3c93879e7bba5

Download Submit
memory/2120-121-0x00000257BBD90000-0x00000257BBDC8000-memory.dmp

Filesize
224KB

Download
memory/2120-127-0x00007FF839FF3000-0x00007FF839FF5000-memory.dmp

Filesize
8KB

Download
memory/2120-132-0x00007FF839FF0000-0x00007FF83AAB2000-memory.dmp

Filesize
10.8MB

Download
memory/2120-122-0x00000257BBD60000-0x00000257BBD6E000-memory.dmp

Filesize
56KB

Download
memory/2120-120-0x00000257BBB50000-0x00000257BBB58000-memory.dmp

Filesize
32KB

Download
memory/2120-117-0x00000257BBB60000-0x00000257BBC1A000-memory.dmp

Filesize
744KB

Download
memory/2120-0-0x00007FF839FF3000-0x00007FF839FF5000-memory.dmp

Filesize
8KB

Download
memory/2120-3-0x00007FF839FF0000-0x00007FF83AAB2000-memory.dmp

Filesize
10.8MB

Download
memory/2120-2-0x00000257BB8E0000-0x00000257BBA9C000-memory.dmp

Filesize
1.7MB

Download
memory/2120-1-0x00000257A0E20000-0x00000257A10C4000-memory.dmp

Filesize
2.6MB

Download