hxxps://notifications[.]google[.]com/g/p/ANiao5o9MV5kZkNEgw12IoLfP85HvXVDENCIFOP8MaFjyh5ioJX7x1PPGhHwzGw4KOCRW-L2fso_8cqk9KR1Na07dYb6MKFu8bxXJRY7qCxklcQyVamCnxlwBzlIK6NqjSEsCh9Qb3dQDDfGoen093nTBM6nh_6JrsEcs-SyvbrNDS4DBMQlKsJODitKenysMvge98WUrXA0E_g8407ifEGplRNmQ4vjCk4kCLAf3btPIsrQ6JUOoutvhkg0C7vTLTF-3LffJu7HYk06E_A6JN5qhiP9xOSv1OtZDCvpy_-XAi0lY5iiKopDJhT0cb7qghRJOkzm9Xcb7qo-oI42aNCh_03hrp8IzqDZlLDjR4k

Resubmissions

25-01-2024 15:35

240125-s1dz9sagcl 10

25-01-2024 15:23

240125-sskg3safcn 1

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-01-2024 15:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://notifications.google.com/g/p/ANiao5o9MV5kZkNEgw12IoLfP85HvXVDENCIFOP8MaFjyh5ioJX7x1PPGhHwzGw4KOCRW-L2fso_8cqk9KR1Na07dYb6MKFu8bxXJRY7qCxklcQyVamCnxlwBzlIK6NqjSEsCh9Qb3dQDDfGoen093nTBM6nh_6JrsEcs-SyvbrNDS4DBMQlKsJODitKenysMvge98WUrXA0E_g8407ifEGplRNmQ4vjCk4kCLAf3btPIsrQ6JUOoutvhkg0C7vTLTF-3LffJu7HYk06E_A6JN5qhiP9xOSv1OtZDCvpy_-XAi0lY5iiKopDJhT0cb7qghRJOkzm9Xcb7qo-oI42aNCh_03hrp8IzqDZlLDjR4k

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
212	msedge.exe
212	msedge.exe
3212	msedge.exe
3212	msedge.exe
380	identity_helper.exe
380	identity_helper.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe
2252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

3212 msedge.exe
3212 msedge.exe
3212 msedge.exe
3212 msedge.exe
3212 msedge.exe
3212 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3212 wrote to memory of 1772	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1772	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 3968	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 212	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 212	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe
PID 3212 wrote to memory of 1128	3212	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://notifications.google.com/g/p/ANiao5o9MV5kZkNEgw12IoLfP85HvXVDENCIFOP8MaFjyh5ioJX7x1PPGhHwzGw4KOCRW-L2fso_8cqk9KR1Na07dYb6MKFu8bxXJRY7qCxklcQyVamCnxlwBzlIK6NqjSEsCh9Qb3dQDDfGoen093nTBM6nh_6JrsEcs-SyvbrNDS4DBMQlKsJODitKenysMvge98WUrXA0E_g8407ifEGplRNmQ4vjCk4kCLAf3btPIsrQ6JUOoutvhkg0C7vTLTF-3LffJu7HYk06E_A6JN5qhiP9xOSv1OtZDCvpy_-XAi0lY5iiKopDJhT0cb7qghRJOkzm9Xcb7qo-oI42aNCh_03hrp8IzqDZlLDjR4k
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed2eb46f8,0x7ffed2eb4708,0x7ffed2eb4718
2⤵
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
2⤵
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
2⤵
PID:2544

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5256 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
2⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
2⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
2⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2135504934847536670,1540917389243635837,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3040 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
d0c8f7c375613cb668d975412e158e11

SHA1
53141be52746e4c6a3f71d9001cce8ae22f7f4d6

SHA256
7fcef15b3f8ddb9b9547cedd2f978b4761c2004f269f28c5e5b072a0a94fa75c

SHA512
8b7b56e22a9db1457500e7eddb319395bb1cc7653e8a7652191f7cc97ba842ee203fa67b1f1878c37d446dc1dd01ef2df26d2d02cb98730a68d6965281cca47e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
29b1096cefeb09e0f9d5a2f0c68ab1dd

SHA1
25864116b9fcf097e2861eaabc2bab32cb602763

SHA256
aa6426ebaabd0ed329badb6e6329fe401a87c76f912969df4d32143fd341735c

SHA512
7e0e0d0643e6baa61bc08e9a891c3b6273627d2c7eea620516f899d981d23c801c004278ff48d180c12fbc4511061c2e6f18c0b3d1edee5432a201cf70e5249a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0b2c96d6593f71a73d23daa271ee324b

SHA1
0bd0f1d5c2390573759f66acfd8cd905a58614eb

SHA256
434bf1ff87db06948bfdd06c1f1eadbbed566a1bbccedbe215d10480d5c3e4cf

SHA512
d38e3be10f0bcf7826f5290a2c2036ffdf8811da6a9f446950ab525ebfc1ad4394c67113b2e0e9bd46d189120adcc6e0e68d0499b7a1eb9667d77d5db0dc7083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
514a4de7e91ba72c7e712f4564dc4b12

SHA1
2b268bf02f6b26f45bc9e2539bf45bc394884711

SHA256
72864535a1193a820a3b0fb31cc15d021e81887c155d80a92df72c266bf844a3

SHA512
42c24f8182d58833c4462050cf862cc5c36523800f3fb8489a4803f38e6fa8acdb57a4dd290256a638997438a6630ba07bc54ffdab1116f09af700dfde546f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
203B

MD5
fc32a415c30f9e1b8ba0575935a00f50

SHA1
10695a570ef5a9e4e9255a8b25d39434bdc17521

SHA256
201faefe1200d921cee9a60052f252170ea1fe86bb483fcf71a0de2811367c22

SHA512
790baae918550b0809b3fdb88d9201f8008c4c42e9993d8638b60aabb8be4448f78d6379fb6178f03e9074d0d90cc1290dbc1144f9d16a99e92d121fbac1af7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58603c.TMP
Filesize
203B

MD5
a69af6add4b6a1dcb53da66cd1326127

SHA1
84bee575c4a7036b921046f70318404c69a63587

SHA256
b5f5704d67601fe82bb895d569a7acee945ad1481a9989766cdde593de86b7b0

SHA512
4c02f269ff17de3610290b45f3659b7e8338877c566ab9a3133a1b4fb9822151e0b06ca527163daca837b97903139a0925df49530959579c474aab10503ca0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1a5ca7d-a51e-4723-be71-d341471c5ab9.tmp
Filesize
1KB

MD5
8af4120a8f1b7c11bf3bc679ee9069ee

SHA1
b96bf9108697abd5ddf3b7c89a516d41a3e209c2

SHA256
90da42ec90a5b4cc72e72950edfcbd4c194c8f8469eea745a9e129048a37b194

SHA512
a526c872af0a4cc68a7eac6509541a2ba2708ab80335e30bcdb47fc351c5248a1b1622a3effc8a6c921b7b2cc8ceaafed7674ec5ffbb0f2219a00376afa19f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
10f984f4bc0343036d3a25d067b56b6f

SHA1
fb46dcd6fb2086ce75e61ce1d796c52807e765b6

SHA256
b8fe8bbe92852732cf7aa77b9686a9099877160477b7ce01db72477dbd92513a

SHA512
6765b05f966e2574c98230f4bb8645666b72462c1c34b2fc7acb907505b88e4d36336a0e3ba7a85208e7a94bc6a82a9835f39bf4d51d3b0e1e96effb85058917

Download Submit
\??\pipe\LOCAL\crashpad_3212_DFTJXNOOHZAJJEGD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit