hxxps://apo[.]cuona[.]io/

Analysis

max time kernel
241s
max time network
289s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2023 14:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://apo.cuona.io/

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1043950675-1972537973-2972532878-1000\{9EFD04F0-429F-46CC-BB47-F48464F49223}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
524	msedge.exe
524	msedge.exe
3840	msedge.exe
3840	msedge.exe
1760	identity_helper.exe
1760	identity_helper.exe
1504	msedge.exe
1504	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe
524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 524 wrote to memory of 3060	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 3060	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 704	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 3840	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 3840	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe
PID 524 wrote to memory of 572	524	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://apo.cuona.io/
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc65e246f8,0x7ffc65e24708,0x7ffc65e24718
2⤵
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
2⤵
PID:928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
2⤵
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
2⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
2⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
2⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:1356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:1752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3448 /prefetch:8
2⤵
PID:112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5324 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1
2⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18265272489854195483,9723430051488855071,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e523d374bba411cc5316a366dd287b2a

SHA1
59e4d09929e6ecd5989c52df9a62072b61685db9

SHA256
0820aa877a2a3d22cbb9e4effdd82852711486fe835270e8d0aedc3e28d53678

SHA512
2bfcec76b8c124e366eda9018552159914bd593a53b0abf2a9b7b62ee6490bb8b44bdbebf0cfc01988c2766bdd8bfb01539d3fe50f82603abb52f4db56eb8c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
626B

MD5
f176187c20808a2f8ca1e9145f5f5fe0

SHA1
fb9ccc31bc18bf4ea992dd681fa49de8fac7c5e1

SHA256
69d68ab212ba3495308b42f599d84e133aa9982350dcbddaf590e255ee70be71

SHA512
5eb041d43ea4da8cfd80b31fd6d13536b2e929cd8e41faf70a3ce355ec69a01e74002734df1e0c9bddf2163e2b0a757e4f3cf891c4068fe6f99c36f65be33788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
560c8a4526809bc96f58f612857d4606

SHA1
39c7755d0fa03be7b83af501f2adf9a9e96a184a

SHA256
5fa452bce2df0ddfe7933f92b526d3f7be9754b2614f274bcbb615c82a0ff38f

SHA512
c1812ee09959fdf511a4ecc8c2f3f1401bf51c509cd10a2f0568b0f83ebf50419c37dd467aa7dd251d79eab896f523ccbc26d4402207781d2d614526c32871f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
61d22d50f11f0a5b54bcbaa4191f96b4

SHA1
b175e95e7cd2a7222e2bd4e582d6bd17aab596dd

SHA256
a5f8a6a6bd8c6d83ee31721ee4858f826eaab03ec8e4e88d0e61c0f67dd68afe

SHA512
28c2478038b1df37133009e54f5022c013532d627befbe50ce0c5f8a941aa20894f8f1827047bac9d1a5b434bcc6946858e5ff55ca2fd9358f21974608a4b567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7bfc311fd9f36641b0ec6247d45e3c39

SHA1
73cf4113f0f0e5f1f006dbd8a0c8e0be48220170

SHA256
695d169681af4ec3e2206ae0a99b79c3c1a6cc7211bc25af603d229774d99c41

SHA512
e7c8a38f3f4fa535a10f12a4bfe3bf733212d635c7a493bfb9d087e33802c2a63c1591fe5cffffa832b3a20a773fd414e6497893d1d350fee4ed190d2f8bc1d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8705cf81a3d85da2e1e49e120fc58241

SHA1
69592408336cebea42159213886ffe254b7ef0fa

SHA256
359eed9a40316a5b49285698033a7bf5e84938ea7f92fc9e1d993c51f3469f93

SHA512
ce32237182b0d2dc954355abb094e7a9ca19a0ce953b988fa3541feffaa2911383a219a88e5de12dac9d31f6a2bad59c9336f929c86f5d60c7eb0c3db48ceaeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
6cf2f6268bfe88b6c47b5110af2c525d

SHA1
395324e4decf75f907a5c1b6ef492d879a43e025

SHA256
f5842730f6a7cc4a1a355988423c2bf933bf5b00d6bed53c008d6832ff3b22cc

SHA512
10aebb9a1664bee88e5890d67bec649c33c0a5a72f3eb3e0d2aff3289bdd7b3135033d72cb8de394ae55d7f46bfb8fa5a225c847693e97b9d2bfdf3911893cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
d9fe3700a8f1cd263979c31a2da1fa18

SHA1
1ebb33549a3aad009a1687bc51d4a52e9a991421

SHA256
4f35262b35aa3ac89d0525daf1f3a6fde365cd79c15c29d5d4b71350abb0074b

SHA512
6f4628757d9c443222df32eddbc865a8296cda584c4a14b5ea5ff5ab9b677e8e87f847b8223cce1c567c243dba8539b81d0a98e9eaedb4c5e53f9cd6de461064

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_524_WIZTWAQEEQHPGZTJ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit