hxxp://google[.]com

Analysis

max time kernel
93s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4616 msedge.exe
4616 msedge.exe
2836 msedge.exe
2836 msedge.exe
2632 identity_helper.exe
2632 identity_helper.exe

pid	process
4616	msedge.exe
4616	msedge.exe
2836	msedge.exe
2836	msedge.exe
2632	identity_helper.exe
2632	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exe

pid	process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

Processes:

msedge.exe

pid	process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exe

pid	process
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe
2836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2836 wrote to memory of 4836	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4836	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4512	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4616	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 4616	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe
PID 2836 wrote to memory of 3672	2836	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf8b746f8,0x7ffaf8b74708,0x7ffaf8b74718
2⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
2⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
2⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
2⤵
PID:4108

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
2⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
2⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
2⤵
PID:3452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
2⤵
PID:3304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --disable-databases --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
2⤵
PID:2740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
2⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
2⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --disable-databases --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=2192,10804535251889866045,1112960415425207291,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5644 /prefetch:8
2⤵
PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3412

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\2d94bb0f-54ef-4ec6-ac6c-566e8129df72.tmp
Filesize
12KB

MD5
3c1efc8cd0ce40eedf5e1d42641bb452

SHA1
325be57f31905a7f60243e000744ac8cadb3e54d

SHA256
77512d263d065ae85bbddc2a6bb01a9c717ed9c1b6d137b9b8303d0183f85608

SHA512
a7e5644e8bcca045fb18424983b16d4970a8e8b5cca48d62972a7e8f1ea22917dcbf290c05b1f66444cd1c0a6733d16241196f0296a56ab2defdbc7e4d0bde0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\48549734-a67e-48f0-99ce-1da1e163db11.tmp
Filesize
1KB

MD5
c327968d02a4684637d0355069affb74

SHA1
1c96480c328a030767e426ef715d58241a80abad

SHA256
ea74e3a210dfb923ad4b0cd62cc68b1e1178ce40763bff13d3fbf43b3262ae24

SHA512
dbba0bf2d7ee970d0583431ee912ec628952b546727733847b877cb889aaffc6f348cfb5e7f5d801dd592416fa904051f4b52e4decc50985208e3e80f3311f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
936B

MD5
367fe676110685c2a46248ca2017a351

SHA1
e35288f18b4445cbe3f50b147098dfd535239b95

SHA256
cf5a7bf07bf101a83a9f06dc07f80c836ec88288338e7f0825a077518b4d1117

SHA512
eb24d357436fa91561657b18b48bca1bb733047d72afe53e5805ed375b8b3c055455a0af7257a8fa792b4772a96f2edebfb52245ccbdbfa256b34be15d24e0a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
ac38651527d0e206f894878788a3e836

SHA1
2d641df5780787d8fd09411f7bdb1c290b836437

SHA256
49cdb5fde9cb03d804ee445f33dd7f4e0dec1ef23c91d0a9f76f89ec7747f9bf

SHA512
f70d3cb72fdda610984b8f56eaefbfce936273d2c9ffdc29d6b321dc0ea5d0beac8194b730d3e31a1bc82868fdbb0afbaea0d343f4cfa97cff292531d94bcf25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f124d81c07aaf8866ad6a90d003fac6d

SHA1
70e06a1fbe49ad90d473bd311a7667f7dd8d466e

SHA256
58670eff7b75fdf315ffca966dd2077a12194b2a35171c2cb41bd3e42518e134

SHA512
ffa1a9826684d00fa71bcd614eebfd2e66f41e627db889f255c6098b6731114c1d318a7e8830f1b9637c5b55d418f09642fb0a91e66478a2a065e278dd1f1429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
6727c39f81c0f3c77577f298071d677f

SHA1
fa94e10f5a80dddd0b026af5575b055af8393599

SHA256
45d43ab9c0094e7a2f1e2732c86d0d5f81a547a3149c3eaa128188e941f2f15f

SHA512
362e9c59034773fa7462929e754e364fa0ba374fbb284ee0fcbde9c41f228f6036fba21e211111a1cf5fae6338961c892b48e6807ba9552cd48b7aae90aa23a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2bb110fafc81e9e464de0d6db71b8042

SHA1
64b4c0397fd69e797bcd33c701b5d53c7a68e33f

SHA256
2a547273156821c916b4112649de3b312b59a51f52552d80d73121c91dd50ca6

SHA512
4d1a0032c2e42255efb7f874d6dbbdb33163f436369349eee0f004a9cd478ae55739129ed2c1a5e412735368c393f6d0b5747fbcd8cb259ef9a75f22353181b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
bd52e0c0835d9156c77577be9797b849

SHA1
b7dbbf8b68c771e0f9a10fd1d9955144c74be909

SHA256
f1bf1f7e06e34ac10bc33d87e4a27462ff4f38f06155a5e2a49d47104a51f38f

SHA512
d100aaaee98758d3fd0f29ea4a6583fc73318d0569b7c67766cef122fbe6291921cbe31adbdca90f9e895fb45e3daeec68179118fec2f9a9765629922b6ef1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
34fffc3e3a8489d155be91061e1a68f3

SHA1
0176c00ac45ad62c69f9fc480b52f077557fcbf7

SHA256
6ddb8e7fb98196748f827e2c50565efe8fe7d1807b0607f1c6977bc67da1bb25

SHA512
c861359ed9205df23a66ae3b994412c9e8fe1a243955ffa109637768831f8057ea5d532530cddc2e57170f750ef19ad3ba94c4c9533395444f7e218307c2de6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d443048c25f0d8d4ff0bc91ebf693c09

SHA1
a6bfd79db6d33d58c69299085e2b5bae00305514

SHA256
e900a3741e5ea9f654222a3b43f9824fa999a5c7ad1cf294cea10404e99b5a34

SHA512
777f8dc713ebadca0633835118a391a2577ca66f7f48c57b7f68d4aca23652f0853bdfb3374d61b1433d9de1539551e8857722e5c7c169e0f41deb053c8f2366

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
ef0d32a9bfbd04ec5556df89d25cc1f0

SHA1
a704982da817521b8e761cca7fda97f0ba85d662

SHA256
376448b5b7388fe9cfe104a03cea036e44a67bc17b3e38b0677156b20f17de64

SHA512
02facbb5968489898d88c90d7c3bfd1b08e2924372bce6b0012dfbd1985272103bce03c24145bb66f74c576b859a5161c46855d35604ba4f0dad917386f9a117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
d65060b0f40aa1c781cfab53b7d259b0

SHA1
3381038095a9a5f8b58bfa1a2ab09a093f976450

SHA256
94d54c526e0bd50c20d1e8790611c074270ee4ee9bf72cbfb32ec3587cbbfb70

SHA512
0fdebe154011f3d6cbfd363c73c6c39f86926c38ce070765e4e63fdfa22e21660ee3dce3ebaafba98f96e303dc0201018851bd9ee902fc94b03fa04474699f13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
2ed19c8137c7ed5acf0de1cc62d94a2c

SHA1
8aee2b716c6d07d673162cc847228ea80c50c6f3

SHA256
591444689ef6eb6ba504ce254cecf899f36ebd6138b4e4050093a45ec1e9865b

SHA512
1fa20fdb29ea78066322b9c349246b2568118ce36586216c2e46d772925d491d74e7d1d50405d25567c9197eaa29c237d086ffd2467d55b78df988209df84785

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
8aa6bcf7ffa8340a66a58f164c9c7ddf

SHA1
cf8dfa589dd744af9bde3688c9580af9ba1fb31b

SHA256
9dce71467e510309785a2847e497d7fc09cbefdfa8051e0f8457adc094fe3f0f

SHA512
8930e84b87f04ee41d31da4dbee164c6adfa45f51bb40641379b9bc331260d8b5923d55d6689ae072297138b9bbb9705b8ac3bf99f2acc28b4e6ea2745cb3283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
449946ab62a113c1edd4f2867571d98c

SHA1
7c3a62449a59d76672695a9ec0fc6b96745c0e20

SHA256
45c9cf5e3d74188503c4a70dfa9a6d560bee472c55d8a8b5864381d868636426

SHA512
0bd30a95b9cbe4ee80bd9b28269dc8feac646295a5c6b921b6ff96c8d164c005a6f0c1981922683aa9d2bb3c6f6b9b0920b9a5dbd0ea663c7a7a36bf14ac75aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b4d9.TMP
Filesize
371B

MD5
9972cd9d1dc00f40297487c711c70813

SHA1
f59071eb79f4c898f6b2d21a552b555acc358341

SHA256
b1c37ee67a859a96a2b321c06274bc5aa895de7e014c47bd06468349daae284d

SHA512
042a24222a617181b2ba321c20d072a05f37ee200293087a5280fe5233a0fc3c211e0ceccfcf900fcd2b1c57a7ecdefc7c512bc80206a94d3bb95b4a75343437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\78a8f2c7-bd60-4337-b481-0f2243c6e4b1.tmp
Filesize
24KB

MD5
4570999f1eab31f871d7029f0e736d00

SHA1
d8208ac83bc1b3d524d60ffb240af40c99260ffb

SHA256
e74411ce9fdfb021909bca04126868e5be04d01ff843660ae4eca5d9d76c8eb7

SHA512
9252349881cebdcbf62114c801845f296a59adb493e4a4af910a49129b35b8271c2c3713277bffc49771348e5673ce6ed83a30e5241f5831f69620da754b0fba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Extension Rules\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\GPUCache\data_1
Filesize
264KB

MD5
ff60337a8b65ff063927e689ca6718b0

SHA1
3b645a512d39e2f522497088125754baf19d77ec

SHA256
a54331bce8745915205ea343392954445fe95c8e567835e368e19d58aad49790

SHA512
85abef184a015322e8453b02c3371423f2923d3adfe4637de816a5b9ae1cc56ffdbe2d12db6bf589c1c6c71ee196470fcb117a03ad2d95ee1ffcd05e286a112b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Network Persistent State~RFe588d47.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences
Filesize
1KB

MD5
f2ea7b8bf4ce3aff390c3cace3958ec2

SHA1
9bf1af0eeed48498728451ae91ae1d6fd26b9013

SHA256
ad473c982df42b833060c7669d87a7a5a125666f87a868e58bef27fdd071dab0

SHA512
1d38c5bba0094428c837f4926cf6cbcefe35994f3fecd746e6b3b1c91a1c903e3f89e3bc96ee0a325bfe67232d4d8611f89b953802393e1ddab39ae321deaf6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences
Filesize
2KB

MD5
e5ce3699d461ecceff05bf307faeabcf

SHA1
a5a4680d5dc22cc05254b1ea1f4d6dcc0f59df10

SHA256
5903d5c773a7130300eb096875e4e4749331b35bac9a624b7311c058788e3d1c

SHA512
401dc8e8603fb890f5540e588308df2e13f74d4d72c06afa59eb3c182ad901af99d0b4f84ef569d25279ab65c247131538fa1431f83f46f16fd781bb2004035f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences
Filesize
2KB

MD5
948a3584820c21ebcf141d5b3f6614e3

SHA1
37c45e273480e97dbc9a91a4099089a593583c81

SHA256
92233cadbf6d729f788941969fe2145603de1cd9405c6187d45e168fa129456d

SHA512
6b711aac9958fb78beb45f30cfcbce31631d7276d1ecd7d32f0f724792c80d0f5181cccd5cdc280ceceb6ca3da874edfbf0bf60515c190bef0e5586298398150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Guest Profile\Preferences~RFe585697.TMP
Filesize
1KB

MD5
3c6317e34ba196e3ac7e728471d2c60d

SHA1
8f68f07bc44d0a3e324aba4934b53ae00c20910c

SHA256
a74f767e3718bdd70287353af8c47106709fe3935022db8fefcc2e441c9c93b1

SHA512
08406f51933c4a583f7369f35f4bb7549f235aae8578faa16246e4528db8bc964d6df145cd7ad50bc2aea1b24ab7055e047f27bb2fb257d9dacfa3df32498dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
171c1100e1aec12d9667ae6de6648364

SHA1
cdad648a54075d058bb384a5de51e8ba1d120f39

SHA256
ff27febb6662dcdea728155a99f358180674a37a5840c1a4fcf4c770c6fc4525

SHA512
dcd8852c056e285909e34722db528f4765b1b95288fefe0845300573c86b6e7400744b9f5406f4e1a6807718e2ba90ea3abbe50b4e805a02136d7c94817339e2

Download Submit
\??\pipe\LOCAL\crashpad_2836_HYPDJYITZISTPRPC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit