hxxps://beast-note[.]com

Analysis

max time kernel
72s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20230703-es
resource tags

arch:x64arch:x86image:win10v2004-20230703-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
14-07-2023 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://beast-note.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

2184 msedge.exe
2184 msedge.exe
896 msedge.exe
896 msedge.exe
3036 identity_helper.exe
3036 identity_helper.exe

pid	process
2184	msedge.exe
2184	msedge.exe
896	msedge.exe
896	msedge.exe
3036	identity_helper.exe
3036	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe
896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 896 wrote to memory of 2188	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 2188	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 3632	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 2184	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 2184	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe
PID 896 wrote to memory of 1128	896	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://beast-note.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98c7d46f8,0x7ff98c7d4708,0x7ff98c7d4718
2⤵
PID:2188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
2⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
2⤵
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
2⤵
PID:2456

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
2⤵
PID:1380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:3288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
2⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
2⤵
PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
2⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
2⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,12722707531160088094,15011437950172040896,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
2⤵
PID:3596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
fc99b0086d7714fd471ed4acc862ccc0

SHA1
39a3c43c97f778d67413a023d66e8e930d0e2314

SHA256
45ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96

SHA512
c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
4958d657a66068e7e8d429088718fb02

SHA1
7079adecce24660bb3bb77538281e7d468cdee31

SHA256
74f6f2420b4c8bf2eaddef6b004819ab68ffb262f754ff1ab8d8f88ccfa99428

SHA512
c38f8b74273a70bf4801599419082ea3c166bfa17524584856588a5b000656d62405b2134e1b247fadae46a74f80ffb92396ff8a2e45f1a0eaa4e7be363a23c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
fb29694e9a24a24e3ff33fbe1e053649

SHA1
2a7b56eed39e3743b2187087e6821827203a65c0

SHA256
d2e1b41e9d2446a1ab27329ba99e507ae34ea2d37efd5918d5a7581bab4c96d1

SHA512
4c96e1f5e5467f2d6ab886bf68c2d8c889800168c0922b9ca6b094a3d9534e1b3460ed1a8ee0dbc694ab6d77e02bdcac511905fbd4e46f23915a71a2e9230ea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c597e144ec73e69609f5edac8856f590

SHA1
50e214322ab76a261da62fe2b1f56596b5997d6d

SHA256
087fed4787584b70594aa4e227e487e6dbcd3e2045761433b73448f60577f24e

SHA512
96d8862597488d1110a4ee9b1c9b315cf9112c2dd3dd3cda99a02614f8c1204d93467c5dd1c21d0a09d2259024778378757e144cae4bf3297238dea3d90122f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0e8dfded12257af337a6431cf1502a58

SHA1
7ba09c5b64d6c9422fb0972cbde582ca412f5d76

SHA256
948c89caef1891e78b978dcf2e4bf85b29a61706621470c4803f1be20a28c3b8

SHA512
5eb303d8a904f87fed862f24c30ba007ba44150e9ba0d0e3d9b9aabb9d7bcebcb224270eb5248edde59f6aa81eb5a315eb62a2241904229cb78a054f8ca96f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
de99d44d831559b17e558af62c438141

SHA1
2a224a799bfbd0e38423505f4dc944816b6876a6

SHA256
ee6b84b14b13c94090e936e11c92bb63b40adc24c4fa50e51820a98721b6d269

SHA512
6f062c84e38a965e749db39fdfffe1e79d3e0ee6f61cfa341a50e5e4cac3e1aff5dc142825aeb51820426a84c42645c4963c41ea00beca20a462e49daf59da4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f7212325543900027ecc506907b878f6

SHA1
751f05ed5775766ac0796e78cb062d00e6f5145d

SHA256
8f281043b3cac7a015c7a26bd91c9bd2afde9f27a83f7815b27978389ccbc5f7

SHA512
4a20c560936901d43e47345cc481a5ae9c151608b7075294ddc529510dd0ec10d7194cb1f51019a8affd62ea364915d7f91b8376e3ea8be3b5e0476f493ec400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
15146cd5f8343956275263468d23f6bf

SHA1
52d20d2d154630d6798c048e64e663855dea46d2

SHA256
aa953bd260d328b56edf3e0ea331a06e207bf65930f608b32da1bb561562d8dc

SHA512
7e8cf5286de26f5633a8cf2b9b021fd9fd977c081c5c1059b3e3db96cb0a3482640253313fda79d4dd176a8b1f6f696151805ca744e95de3f46dd80e409d507e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
95571a7d39283768c07335a029a9b6c6

SHA1
d86681dc215c1302f2dfd7e1d0bbeace12cf8fe6

SHA256
018a71eca96758cd79b6d65971f4602cfd935f489ec49ec42e9df8fada0ca0cb

SHA512
584b7183be082aacd6c9d6bda3b51d68c03545f796b72749a52576996cf36b15b7fb8afd90810d65978bfe830c8c2f65d98a35be78c01c3f1c2e495194f4ddb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
96f00bbd6a174879c58220f95f0115f5

SHA1
d3d7f82b0bf27daf1b3903bfe050c2d05422050f

SHA256
644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107

SHA512
e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\75f54ad4aa3b57dad63a6d19e677ca5d1e4f3bef\index.txt
Filesize
88B

MD5
8ee783c49bdd2d57a0a71a42fe581f97

SHA1
99cabc089c3176a9b51f40e230a5657371b09654

SHA256
5c86c19f3c4dfb3cb1af81dc724fa4d82d3ebe37f461b77f0cd77d7130eb30f2

SHA512
c2a1f454f2bb77bb584fe2e97e25b14fefe0f3d8d63c1ac2f299a3b27f67db75c9ed0eb83740b3dcfe4846200d4d53c4efe0151f6251874fe504f60b872145fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\75f54ad4aa3b57dad63a6d19e677ca5d1e4f3bef\index.txt
Filesize
81B

MD5
f457496c1af0d2cb21d06b81934b95a6

SHA1
d8af795fd59705934046fb86db6c84d7d8048f5c

SHA256
3e5138b5f5546bfbf11e50fcda768ae0a11550cc2116b6786877d9164eda759c

SHA512
02517a459bdacd32dffa6d4c30724c643e9124b3c684c3cd9aeb0329305b5cca04d26acf8f75340fe70428a7852d34a241b68a9b8006a0dac8c88f1c61323c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
bce68f45fce4eecb1580135a2e1ae362

SHA1
d183aa566a2e9c361c3790946fe0484fa15ea686

SHA256
269fc488c216f74cfb2e184417ad46d98298bdfe93889f15d512749803e699ca

SHA512
baeaa30ceedf8a265d01569022c86f606f63006fca8f255a923fd9aee90fe27b22b3771d9323b0533442bdfe204fc5b0c9043518251572385f5ae74ee5fbe20a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
8ae0e13461533ee6a4f18d08fee0cfe5

SHA1
1b958ee369cf0cd3b4fb02afd1098c1f055e7ef1

SHA256
665b91cdad393b186cc0874bf0ec7741d03417c501d7d85f5cc637635327e489

SHA512
4fd7395a2f1a364be5c2ec2af941561d31e751991e4fea09dc2b011d3ecea5d1cbd723420bd06a97b0748ce7190ef296e8fb3bea65cdee9e0c1e248c3168163e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
14c62779ee3083fad7e1eae780110765

SHA1
ca078dfaba3d78bc4740e63fc49559b8268f7b20

SHA256
6a4a2e375c8cfa6166e5a0010bd8762efea63fa75613f52f9cbb7cbb787ec69d

SHA512
21b501c3f188fd489275cc6c3832f11e75442d30fd50a10a1759b6353eef0e3a6b141433029951e0e45e2c4b3d76b5c95e7cff37cfaa2b24aa2211a160c009d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
878971d49b03c97c6c586fb1a266c78d

SHA1
2d9d99b62515de1d6d682522788aa87ee4f2ded3

SHA256
6c566cc1a7ce5dd9b08dd1a6fce6c0dcc9291bdc26b8ed34650069c313e89334

SHA512
7d3a08cee6fdd09f63f1ebb7058cfe2e57d72e481efa4a81888cd48446f02a0c7da82e7e65d1473db15e99070eda3041d5650f87a019afa64ed708cae13fe045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
dcf5ccefb16a97a84fd1a254257b1c6c

SHA1
da2a82fd807db978f2c9173ce31e0978c89674b5

SHA256
7f634e4c77e2792aee1f2572e9ba0a769f66e3ac550bfe86fe42a47bf0d34200

SHA512
17e41c49c4808fd2c6d4c81dbe79fe19f4e8f04c9c52f69032ac44d2e635f185b1676bf3243379839cba430f20d2499394be0025988ebaf87a5fc44d567b8f40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cb4f.TMP
Filesize
371B

MD5
ca91555a28b964de69b47f206d751675

SHA1
66401c019807b0e2689d141b6c24e881c14955aa

SHA256
f56cd41d2b296e4811a226338800bcc6d7d79e33608da095d9c288cbedc72d5e

SHA512
db654c3139bf24f03ca051921ab7c09cef67d0cba45cea01b984915ef81436df379a3c0382939754df65a75ee9af8c696809faaa283832e1f103c47f7670ce9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
ff8804190f50797252a04b2a184e45a8

SHA1
bfb62dee35b40681399de5bcb5927f1f6ea467bd

SHA256
6fd93ba06eeb82e348aabd978821ccbf10f90bf9fe8cf462c5bb8baea9ee5a32

SHA512
0b06d803d62b9d928fcf6e0d262d3192393775eb5ea4b596d95ce0e2a715da5f00fb3a96c30807c8a0c1fe4e30fae76f306c3372dc39e75d4321674cbf52a908

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
d824cd1c851b61f275ddc0db6be60b93

SHA1
e1c202237cbabce8fa72d1b628e5e71cb15e12f1

SHA256
c8c645f69103b97cc1ab49a24b2ec52eaadeb3292be09e71a5c4f3fefa2f229c

SHA512
ebe361eb1e7dddd85601e39c7f7f68dc03efad559794c638cf286f29ec2801d438077da2bb70c4ace63cc083d73581e034e4a8b6a5989b21e546341b7c2bb0d0

Download Submit
\??\pipe\LOCAL\crashpad_896_XSVTIOCMKMIIZURL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit