hxxps://u[.]to/pYhrIA

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-02-2024 17:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/pYhrIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2352	msedge.exe
2352	msedge.exe
2976	msedge.exe
2976	msedge.exe
2820	identity_helper.exe
2820	identity_helper.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2976 msedge.exe
2976 msedge.exe
2976 msedge.exe
2976 msedge.exe
2976 msedge.exe
2976 msedge.exe
2976 msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2976 wrote to memory of 4944	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4944	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 3740	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 2352	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 2352	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe
PID 2976 wrote to memory of 4632	2976	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/pYhrIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff897b846f8,0x7ff897b84708,0x7ff897b84718
2⤵
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
2⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:4796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
2⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
2⤵
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
2⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
2⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,7541985055039027126,15326820297611100555,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
91bd33487f6a0e80368f8f8425971f39

SHA1
1b43b25b5046a8fe348d1a3a4f38be9ae11d48b1

SHA256
32070e0cfcc660599fad5ff2a8c723e46626731bc7c189e6a3cf3531064317b2

SHA512
9e3e56dc03696ecc15b24c1126cfb1706a3dd624c9d47a9cda8e8e8dd1a87b28d853f64cb66644da4d7817304e5600c15ee9b80850201703ff57a909ffda8962

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
768c48210cadb99d1325730f5a6e4a13

SHA1
ceca5f18bc5955133a8f88ed1e760290eb03dadd

SHA256
9a3386971f4c39fe0b88ef4891f73045748a3f94f5c332da440625b8bdc0b1a8

SHA512
cf6d301fde2d21b907e3f5eec6cd9d66f6dfa45d80d92709eab4589081c0686ae0410b5ba1ede6e9b9b71706a8eba678f8d48e498e98d8dde812d790f243705d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
141780f24bf80bfa95d1e8ce00a5dfb7

SHA1
bb795aa757d63619e44a1258ea933582727b4243

SHA256
bcaa01d75460b3674752f8400955ad7fdb7a3992acb1c2b46c90f858ec484dad

SHA512
a13bb0fdeee6c56a8e5911a9dc0f3faa3c12db54689a18252aca4675059be7f6df37792bce417430887e4a3e92719135cd8e99fc1c022634228ebb26f4aeab01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
aaed724bd66421d665e314f51fd7eb0f

SHA1
4a7c5287a53a31d597ec66c5c2112368b8dad510

SHA256
bd9e37a40d4e2e8a863d414ac1b2b51d4b1b126d9247a440e9bd813502d74209

SHA512
2948f4cf0fce7b68773494810381c965b282e96cc224f85e677fefc0eb61519413aef1cd6a9df84c715b9212e9e06cd5257da4a59ec7bac399de1385e96c4897

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4a06baf5f64085bf2d1f02bcefb7815b

SHA1
7b4bf915ae8c6997abdfacd574d4e29415653e2d

SHA256
998547e46814836c2046beefcf62b1e7f000089d79569b032917c2b6525dc99b

SHA512
8c741baea9b7d6ea4170477dda888076d470194adec5bbe025be7aceb0d87b0205216f512060eac362a29fdfba176f205067fe0efd99c32e1b1b38a2fb1501c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
03f39a4de5c01b286844d6d2ecf55522

SHA1
544f72de1e99ff295891fad2b831e4c822a4a988

SHA256
7d24a14a9c4a88b4cf52b3d3b5d14d10e89007895af86384ed1798704bb50290

SHA512
027fb754694a1a59940198f96e2119074bb8b3f892ce77902f9c87a0ddca38bb699293af835f94fd1b80c3da7025e7eb5ea8efd48f1a8a3c5ebb9240c38d6293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
73f84de09ef331e530d83a06275fbb02

SHA1
fd6c0e12fd382632efdd7cddb80b1393f79b60d1

SHA256
d567d6215c02ab768d8b6406a51e04c4c07bc9e623b61adf7990609a5faa95ee

SHA512
2698f55ab986231b04d311c0ffad16dc88b4d6c04dd9bf6815b47f7089b76123fa8a25a01902fc1f666d78ff82716bd20b332522f8add3b0159eb28abefe26a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
09d242dac7cfc13238f572ac10f83e17

SHA1
32dba26646b2d5812a32f7956eccbd859b47720a

SHA256
5d9c9dcb243f5382b21b010422eb8fc4cb1bbe7d7fc6c96b0e3e63a72ba36299

SHA512
9d88917d64f799a4bdb7e995fd0880c851a98a2559f62708b0e40d3e4c445db5e364180ffe92c4dac9fe1f788009e3503c90f6e14a4564764d82f68b2fda66f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_2976_TAFSNNOXLPLDRPEX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit