hxxps://wind[.]nationwide-appliance[.]com/landers/b329e9c4-d5e4-455b-9ce5-3860b00c0dee/index[.]php?lp_key=17077ccfb3582bcc451d1a5bfffcc623d36b960540&domain=sing-tracker[.]com&clickid=cn55ks0sncss73ct2vlg&osv=Windows&language=sv-SE&lang=sv-SE

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wind.nationwide-appliance.com/landers/b329e9c4-d5e4-455b-9ce5-3860b00c0dee/index.php?lp_key=17077ccfb3582bcc451d1a5bfffcc623d36b960540&domain=sing-tracker.com&clickid=cn55ks0sncss73ct2vlg&osv=Windows&language=sv-SE&lang=sv-SE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1800	msedge.exe
1800	msedge.exe
1368	msedge.exe
1368	msedge.exe
3604	identity_helper.exe
3604	identity_helper.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe
1640	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

1368 msedge.exe
1368 msedge.exe
1368 msedge.exe
1368 msedge.exe
1368 msedge.exe
1368 msedge.exe

Suspicious use of FindShellTrayWindow 56 IoCs

Processes:

msedge.exe

pid	process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exe

pid	process
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe
1368	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

msedge.exe

pid process

1368 msedge.exe
1368 msedge.exe
1368 msedge.exe
1368 msedge.exe
1368 msedge.exe
1368 msedge.exe
1368 msedge.exe
1368 msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1368 wrote to memory of 392	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 392	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4116	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 1800	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 1800	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe
PID 1368 wrote to memory of 4528	1368	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wind.nationwide-appliance.com/landers/b329e9c4-d5e4-455b-9ce5-3860b00c0dee/index.php?lp_key=17077ccfb3582bcc451d1a5bfffcc623d36b960540&domain=sing-tracker.com&clickid=cn55ks0sncss73ct2vlg&osv=Windows&language=sv-SE&lang=sv-SE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd891e46f8,0x7ffd891e4708,0x7ffd891e4718
2⤵
PID:392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
2⤵
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
2⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
2⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
2⤵
PID:2520

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
2⤵
PID:2600

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
2⤵
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
2⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2232,8008021578241071776,7279066339019786843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4752 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
efc9c7501d0a6db520763baad1e05ce8

SHA1
60b5e190124b54ff7234bb2e36071d9c8db8545f

SHA256
7af7b56e2f0a84ae008785726f3404eb9001baa4b5531d0d618c6bdcb05a3a7a

SHA512
bda611ddba56513a30295ea5ca8bc59e552154f860d13fed97201cdb81814dd6d1bca7deca6f8f58c9ae585d91e450f4383a365f80560f4b8e59a4c8b53c327d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
486B

MD5
31dcb5c18ad793da0f1fe8aa304cdad1

SHA1
0208de7030bb13f336bb97374b228c3d315753bf

SHA256
604d66fa074fcf7c07ee449f1cb46474d54b93764faf3fd52ecc7084fc460eab

SHA512
cb3c21444424b6b6ff27772fac445212861c09429cc7b2af48d7d0a7e0657f943d9f33dc5396d270360ef191f479eea1de5e0ea3330be47b495b6db4c71d1587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
49787b6e09a44eb2e5e20451ba9c85c2

SHA1
3c2def7cf6f6215d6f1524b0f453002dd46f347b

SHA256
73c959d56488982e7a12f07ae8c1362e607fd5eebfe8c16521b4b8b89bdf6bb5

SHA512
d631999efca1179a2f94d6cf410013ab8b46b724f4f653e179ba2ff96e76676adefd4d689aa7dcce7cc39e8fb7a30c165011fb3a66ce94ffe8f168fdec589c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f64ea74e6bfebafadfc222d584ac7ea

SHA1
a7e10ae27325a419af08526798fc3a975a37402f

SHA256
dc4ca31aa6e8b00dbd44e8185707155328d68208956a977c74acbd0cbfd64e61

SHA512
6c87971a66733caf7a2e80353be80617d42803d9688f43c545602132dda84b83df36323f4e713333220bf435bf2fcbeb93b8fdc74d6c72078cffc9d8187d4541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c834e79fdd27e05d1fad1a4a922ab3a7

SHA1
e712df9bb90d562d2d2d07f362f4713ae8c714bc

SHA256
b40b4749f11ca5a7c5a343b191099894e55a0444480f0ecbbea033e00999d2cb

SHA512
276c676074c7ee54211838bb71f1b7c4d7870061c315f6d9ce1d0d7d8fbd4d4f9d0c0a85e7ec577c72513cac91af0071bf23a56b38fc9563a14bf21e69c7af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5d1b490c608fb3b96149d98d7868795f

SHA1
40749b39fa8875cdd3d54f8560c15248aaacdacb

SHA256
ade9cf5bf416c16d9892e7b85c69e7096e033f73372b42833d2f1d78f3df4dd2

SHA512
e197992b14323c138b83a0d1553c2460472221d999aef77cc59927771c1937330f93d54b83ccdeaa894694a832dddadb04559d6d0182f29e67445f9dca84d987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0c25e1305d0239fb4b51ae0d14009174

SHA1
f18fe47ed5f52cbe9b10b2b4008730fdd8a464f1

SHA256
85baa54d589c5e6b85e09d2f8ada65e2d22ce4576d433814a0bc1821f4856775

SHA512
571f1dec09df374adb70fd3e4fb10549c9f3b6cd3baa7567999a68e8ae779aa579eb2d64f8dc30a20067ccfea3905f82a078e9e7366d4992595f2778643cb330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98eec996cbabfc910a3255577dcaea04

SHA1
3ac4339035d02990e6c45e7a3515123922164c65

SHA256
462cf3ed6114a12ad95fd3abb9661c6001735bb1fd547982897ff0a274f7320d

SHA512
5bf7544ba135c4350d9e838d2ee375baaa33cf6acfba161dea5a7b6042b1502ba7400fbc60d6b2d6e29ae644522713445cbdc180d0ec2a04d2031fc6acc0d92c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8103541f5a1caed8b50e91a956b5aeb6

SHA1
f56ac76a655c64e381b9580e2d9e4b77d916b16c

SHA256
5158c74facdbcaf66998a72e79b2d99ff512c7d84fc590781793fd39d38bc579

SHA512
fdc6cdfc7a0187060ca368cbab9c1d75f5cad6c5c177a782145078f12ce6b7a68bc2565f45fdf9aa88fe5b0614f7815d5f7396b573165635b594bdd9944dde92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
121510c1483c9de9fdb590c20526ec0a

SHA1
96443a812fe4d3c522cfdbc9c95155e11939f4e2

SHA256
cf5d26bc399d0200a32080741e12f77d784a3117e6d58e07106e913f257aa46c

SHA512
b367741da9ab4e9a621ad663762bd9c459676e0fb1412e60f7068834cbd5c83b050608e33d5320e1b191be1d809fef48831e0f42b3ecabd38b24ec222576fa81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1eb2c5351ff3f8c2d19af0a2469ea54a

SHA1
c63def0b2b345f3febd3be77d8c28b47482b0547

SHA256
6856aca49d09af85f62872fccfaabb337e156ba8d4da9def68ee7113fd1cab28

SHA512
dff51213c46e6df37c1f6e688505ce3ca14dc9778b34aae294aca7233bde774014d09badacb4b18f06508659a512d877edf9adbfd9fcef1a7d718cd86f7fb638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
df3c24e18c41ff666e91ea41ff101633

SHA1
f6e1945e983206fa331ecc4e000fc43ee26b2c15

SHA256
37fd248113ceddd53a15d272869d79de84b59d2ebdcdcf414dba11c9cbfc409a

SHA512
ebc2199202f811e3d4ba71f901123efa7d6f4829f5f8709ac9e43ae9fd4193c2cb3153feb992df541f361212a2c168090eab8f5bef51a09da98bbbec43712f68

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
13KB

MD5
5d56580d6d644ebb1e14e95e7ca5ff62

SHA1
16417e16549b45f090ba45a7ea95cf738cf89a78

SHA256
d837024ada1252b86ef63e4d5a149638e2dc6e3e0c699a0adec0db92ca94579e

SHA512
72cb9d5435e2decbd402b941a8e5f16ea96fda5f07589ecd306bf1ecb5fe4d941d013dd75d08829eed94ce92d0158e8c507301e68fe0bad399a5f252cbef2efa

Download Submit
\??\pipe\LOCAL\crashpad_1368_AUYAZLFMWISPLOAZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit