hxxps://yoursweetromance[.]life/?u=e9cwrk9&o=7pypnh3&t=janerichards12

Analysis

max time kernel
65s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-02-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://yoursweetromance.life/?u=e9cwrk9&o=7pypnh3&t=janerichards12

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4720 msedge.exe
4720 msedge.exe
4284 msedge.exe
4284 msedge.exe
796 identity_helper.exe
796 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4284 msedge.exe
4284 msedge.exe
4284 msedge.exe
4284 msedge.exe
4284 msedge.exe
4284 msedge.exe
4284 msedge.exe
4284 msedge.exe
4284 msedge.exe

pid	process
4720	msedge.exe
4720	msedge.exe
4284	msedge.exe
4284	msedge.exe
796	identity_helper.exe
796	identity_helper.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4284 wrote to memory of 364	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 364	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 5060	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 4720	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 4720	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe
PID 4284 wrote to memory of 3840	4284	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://yoursweetromance.life/?u=e9cwrk9&o=7pypnh3&t=janerichards12
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff921f646f8,0x7ff921f64708,0x7ff921f64718
2⤵
PID:364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
2⤵
PID:3840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:4928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
2⤵
PID:1396

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
2⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
2⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
2⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,16309926251331164085,5539890242168207319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
2⤵
PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2292

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
8539685a506abc64181d89399935feff

SHA1
3ee266f6f590612770628155236bd1f8e4203bbf

SHA256
e5d5ba44c11b7750d58e7d119fcb7f86666dbc775bf10e310baa3a77758be183

SHA512
a74a82690611aadcae18eb32a0b3e7171ed7096f4368ba9b50f46d9ee865ec3c1721e42406f0ec1cf60d19579d30a831c30b4ec551b7a8f52a1bc97d70279c30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
20db0eee14b2824d8f5cef6d740e664e

SHA1
0ebe14ad39715bb745ff4513ca21c04206917fee

SHA256
fa5a646b238251ea864e5923080ff19e660062b8e3e65b2c7ab863707b91e49f

SHA512
875aaa86423099a95b25332cd512ed09ceab6ffc2daf5306d78082b1cc8c1009bcf9fb8e4f04fc77a06a6053dc6b8970d89fdf3c732ca4867592306d1620417c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
770B

MD5
4dd91671aaf8ecef7ad24f6111d2b38d

SHA1
f3a7f5d7d84a5e37e2021861b2f33e0d14831d58

SHA256
76df134c48c532029e40d48e5a64040ae69260bdeb2d5e6d993485fe85fba877

SHA512
3db92a2c2056d6ee3d240790e377fc66e84fec695ab085636fb55946f86ffbe27db178cec1a5703d3dcd1f750337067fa270e1913ef102dad9c037979904ee3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
605df0d0f7777d8a50c58fdeb863fe66

SHA1
d518f7bfff94f554b9d6016acfb2605d3ac40889

SHA256
f9d051b24ea8c9126a0b52bcc6873c64b48e64b79616759b772dbc59018ee291

SHA512
78ebf7576864a60103dac23f3853c95f5c67e87926a02fcf331b2d82c06524814ad81c13abd2c03dd90224fad1091c9788cf6448b5bebf23baf8972d7695e81e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5e4c08b2d015526ece152e315bf27031

SHA1
69a2af7d0cc9ec735ce31f5e83e84b578b067f19

SHA256
18d48e270192bbb2bf32aabdddf77eab611694f2f071c3d19395ba7011f0447d

SHA512
8bd95474bccabb782216dd40b9b390b9ae3cac789d4f373a91733aed2dbcdc33b3c833ea05c980d0ad3e7e2969277fb123e6860d9a4753d28778b2f71f99978c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
a9a5af243bf120d5a0e0862e1cd27885

SHA1
9e8a13d2f9c6e43b01aaa5a310d423fc94ac7a24

SHA256
695e7fe5e33f6603bcd1ceb7444c988b87954388a96c0bdf452dcb6b731dea34

SHA512
3ae4848b5fa3c442e2d59818c571ab59b32e59294050abc551851635a5d7a64e654178c375083297a0937553b35412e7ebf785b4feb598607dfc21002b519968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
11a6cc85649832bf81557779bfe8974e

SHA1
eaa3e177e7c1628e0c6c55f016afe6b11dafeba2

SHA256
8cd8b28a6c1760ddd84623f3daeb47b03050e495aa1e4c64ee0e8d22fc0240ea

SHA512
896392a55b6b45216388d2e33f406e68d6be4f71266163416f0361eb406aa3815919c3f4cc35b32bfe9bfdc7296aa9aa8e88a71233ca4ab1180a371a0b5e8d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
369B

MD5
646d884dd5a48b045538a8ef2d8984d4

SHA1
f93abf590041d2742d322f5f3c7167ff1f2b8388

SHA256
72b4e67fa8f87fcd02dcde8e257ba0864085b719f6a38ea40a3110cef39c1d70

SHA512
81ab7fd7f234a097eb4d23ca5a65e908a1646028b9ce32445a00ae3926a5ab93ab5e69d53f61f04045edd08632f01cecb653bad236e58dec9d80e5c58d2da115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58218d.TMP
Filesize
367B

MD5
bbd6302927f00cc970f34435934b4456

SHA1
99aef5eab6efa64ec9e7425117798e8c800ad7b8

SHA256
d6df75c68efef859f8f8e72752c479cf26b3bccb11030571322f635c23973fb2

SHA512
2f0fd7404ac289972ca76a050cbb0f72c9bf89a822826271081f77b9ed61d1f8d104031806b8e766ca28cf19888f8d22d817a5f00426958314ba737ee2d7539d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
17ed974a5505d8446245665737fe132b

SHA1
074fdc9b3c57e03fdad991d9fa97ca987482ce6d

SHA256
c9aa69eafce2979562aabbd604de9964b222d41e27d2da7cd67f2968dec9c0e7

SHA512
d05c12778ef43faaba0ce252051fb18c5f1e73a605476f35d9f78e6e90c34964e335cc647481ca0e3faa3478867d228d97fdac0cd3112b128f70a313c24d2e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
5e7d79dd989cba0bd79df1438cf268b1

SHA1
c0515470de6acdb85d715302a8eec6d24e74332e

SHA256
762e1d0c96a14fe867d722338227d7f996a437b059b5ff4375f414f2880f949e

SHA512
664d9f7f589985df79787ce3c60d120240fcf65aade29793999be09c61fbc755de8d095e2dc8313885e1c634a879aeb503a96881b700137073ee35a404a58105

Download Submit
\??\pipe\LOCAL\crashpad_4284_EUPXGCDUVDGOTTXR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit