hxxp://t[.]ly/s3WFc

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2023 00:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://t.ly/s3WFc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2260	msedge.exe
2260	msedge.exe
1716	msedge.exe
1716	msedge.exe
2196	identity_helper.exe
2196	identity_helper.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1716 msedge.exe
1716 msedge.exe
1716 msedge.exe
1716 msedge.exe
1716 msedge.exe
1716 msedge.exe
1716 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1716 wrote to memory of 2148	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 2148	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4464	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 2260	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 2260	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 756	1716	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://t.ly/s3WFc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9034146f8,0x7ff903414708,0x7ff903414718
2⤵
PID:2148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
2⤵
PID:756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
2⤵
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
2⤵
PID:896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
2⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
2⤵
PID:396

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:1552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
2⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11489258414969309483,5323127426462696318,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5240 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2940

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
208a234643c411e1b919e904ee20115e

SHA1
400b6e6860953f981bfe4716c345b797ed5b2b5b

SHA256
af80020ae43388bbd3db31c75aade369d489a30a933574dea19163e094d5f458

SHA512
2779b96325234c836cbb91820ee332ed56c15b534ec0c7770b322a5c03849ec3ee67b0ec7978e1fab563eeed1cea96f5155d7b942702555d9352ff6711a548d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
2be904f06a3e2ccdd90baaac59cfd69a

SHA1
85b546462e2dad67f6359bbb89687276e45d244b

SHA256
58b4a3ca7712acd615300702e2157052c3fe69ddcbd3e29f3f8ce3a567a4d9c6

SHA512
6c1e6d80a44c180aeb05c89d5ad5e353c95b74406d9c7e39ad56c5d8bc17cb26ba5d9b32666637bf790e502966890749b32cb033cde9309a7706952ca860ce56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
ea889b10871431d3bde1890d75ad1276

SHA1
7f48b5fc2bd8aa6972f31b16ea5809bf8f039d25

SHA256
4a222761512628b41e57be05cefb26f556ef9a10e021dd56798d3b4a37c2a3bd

SHA512
9cedc3d20314cf0d03e246720227d18eb76d2470d7800cb20cb0979d19d468803e4937de2a604796bba9217385ce71bbb11d05a322466ee7d3c92a9d259793e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
bf43dd6ffe80afd8e2ebdc59133998b0

SHA1
134a61bb481506698ba1466eaf64681f9c9416b8

SHA256
28922f4438ce17526646cfebc09cd534fcfb58c2de5edb2df0280759790f4110

SHA512
5762baac6be185671eafa0548611c2394667e0640fbae2f2e07d456a7c6957cbeb905b3abf7d8e0106eca52cb7dc1f952cb10d6300e1774e80d0325ef08cbb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8fe3b68c95ccd87978e2cbfc18590195

SHA1
bdafcb3c468bafc921cf4d6dfe5741c9437ccbb6

SHA256
5c59a1e1535fddb4f22e1303c54e7a53f906ccbc331c25bc563046f95f0ecd88

SHA512
6a978fe40be4408e6f37b40bd4388c2eed3b9ca2768e9b03a1bb6e9b2a3725d88aa24d9b76be2d233c57c5649c87ea75408f9041d84a5e5181df0232a9c5c86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
9acb3137bcefe9dc5fedc8412ad329f4

SHA1
c628be6a1497b832791088f156d053a3af05111c

SHA256
9832e26a7058aa54b0c806111ce0c62aec4985d73d8b44d19981655b4604ae95

SHA512
7a0b8608a2ecf39e5499883f4b828ea6fddd13d18791c89299f575fa0719d884bfef9d6832079f27f96da018887a4d341c089861a7eaa850703f71e30dd09dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f52c44537ab9fa52d71663eac829020d

SHA1
ad0f9adbdcd9712e8f3f0699c31f0c46a4e3e2b1

SHA256
4a85c1cd72a094a1c1f30f08ab3e623cb1444238218306b56cc9ea4a7bcfac4d

SHA512
8bced70f721b5c8615e7f95305169f9fb86c45b7c737e6e805f9a4f8b0bb02023d283805f1dd0694e8e6046a0652825211ee671083daad1f212a0a4f885f0dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d71c1492ff635b76f59833114fec8a37

SHA1
792ef1ed9fef21414d0f6cde70990f1773ab8495

SHA256
3275af2b752a4e6de1dc5b150ef9d9e3376d17888911be1b11019388fac3a0ea

SHA512
bf11d1be63b06c20a625e1ade5ec5279836207c0c79ef9b7c5349f527dd1d365c311fd0c3880c2931f9cc7e4b8de0eca8c7918362de6c7f09b7e8d33ce87b66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5a6206a3489650bf4a9c3ce44a428126

SHA1
3137a909ef8b098687ec536c57caa1bacc77224b

SHA256
0a9e623c6df237c02a585539bffb8249de48949c6d074fe0aaf43063731a3e28

SHA512
980da83c3142bf08433ec1770a2ec5f5560daf3ee680466f89beae8290e921c0db677489daad055fbc1f196388f8bc4f60e050600381f860b06d330062440a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
93a2963107ee21580dbd874f0dc26b4c

SHA1
ef98852cadd39ed344569054190cee2eae51a4a9

SHA256
8031df372c719643dec2b992106a667cb3ce6d2ca81868befdc50fd75c0abc93

SHA512
44774fbae4af2a00894eec999d3cf0b98a6278edc10a008089ba6a9351e088f1bb1c230e58e4ca330e71f191adb676de8336b3bc8297159fa28d8a4800520920

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1716_VAWCVYTJLUTVJVKZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit