hxxps://707[.]su/987z

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
02-03-2024 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://707.su/987z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2972	msedge.exe
2972	msedge.exe
4880	msedge.exe
4880	msedge.exe
2596	identity_helper.exe
2596	identity_helper.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

4880 msedge.exe
4880 msedge.exe
4880 msedge.exe
4880 msedge.exe
4880 msedge.exe
4880 msedge.exe
4880 msedge.exe
4880 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4880 wrote to memory of 1412	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1412	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 1596	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 2972	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 2972	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe
PID 4880 wrote to memory of 3664	4880	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://707.su/987z
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe9ca746f8,0x7ffe9ca74708,0x7ffe9ca74718
2⤵
PID:1412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:3212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
2⤵
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5248 /prefetch:8
2⤵
PID:3280

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
2⤵
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5848 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
2⤵
PID:3036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
2⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
2⤵
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:3556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16500207738144023871,4259877834088065686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4600 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x510
1⤵
PID:3300

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
912B

MD5
d5ff92009538c4b0001aca673b2d772d

SHA1
c94041afcb83ddc362ee26d90056c5bba46d1824

SHA256
6f44d52c492e2daa069571b62b53104340bccb260c6030947282d82c9a04ea6a

SHA512
c103b9930067448c87a28729d45fd49d35181baf1098be4794d478280579ce5ee883f542be83df2279fc146023e3531c27a08282944b17cd579452cd50ba4671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\001\t\Paths\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
63a7d1d8971ea3274a5bd9a6b4060e78

SHA1
266d2a32cb6eb30222508e05370f2d6316cae59d

SHA256
0ea5735030937ae745bc1295e5dfe0e22dbf8364206d938df0c8c0c063836ed5

SHA512
0c22c7ef16adaa7ab4ba5668fdf43b089510db5eff13e9aa2da418ce41f23cbd2ac00f6cdf14c60a03ce4d820969f374d3f6e45f6bf3312b30efe6df54ef6af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2cb01141ea1f2a2c02d706c6ef039c54

SHA1
7cb8156487b297e9eb55e6624043a92d169462ef

SHA256
9deb8493a5bd5eb69033086ce1f9bf674678f1669fed5c1f590babac1466b771

SHA512
28dd59bcc32cb18e60c83b11667bd51c35e41a9ee0c2f2a220e3351bafc7801784f0f8f6c9ceb167ee3b3bc87cd6e77a4ec09fdd8c1f0746c681b0989279b1f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d313450107ac5284b87e08ba887fc291

SHA1
45e0e74b61d733e00b68c825533a39559fc74f5b

SHA256
6b93842f902534395fb479a7581fae3f7e44f520807f815b12082de997ea2c46

SHA512
b5a16758fe15ef23c244a2638a1a1391f42c9d64f28fe296c1442811107f61c9d6e3b4ce6bc9e50a4660c1d32b4181404fe553bfcb4638d35f33d3e417326af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
8612d10cbeb889f3d6d15cc6e8bd38d9

SHA1
7ad0c7bdcaaf7f17128338a632710bf9c937720a

SHA256
f95384f24f8f64aef82044b20ec596e36ca40ba3d310c6dd6bbc6a5ecc9dc6a5

SHA512
b77a876475acfcf0f0f9f174f60263779bd72aeb16033591dcbbc2a8c840f5e5cb3db9060e404918e0fb7b28a1e2fcd1c329dc8cf7f40a6bc1d22b3fe550e510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
fa51ddf8d498abdf2e8b1d20f1b6ee07

SHA1
b39b66cda5c76115ea0054f4762d3aee2258dba6

SHA256
17c717240154c23ed680c3f9d6cec0871c339f9254323fd017f545db56a52c13

SHA512
15c8f440e6bc2f3461659c2dcfc78423fcc0b1f98c5d21d2eb5cb29b713a9cbb9616093e6d0ad41c1fa22f234e5f000a228d4e315dfdd510969c5fcf1eafeda6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5780b9.TMP
Filesize
1KB

MD5
f3e928b64d3c3e79b0e4b8295b4e45b7

SHA1
48f76011a453cd062aa2b7b07830d05026795aa4

SHA256
98d0c28fcf6006e109557531adb4e5615b02aaeac643210115361e63a8464e5a

SHA512
c92a329ec42ba72aaaa24093864da0eb55969cc88b6cde88dbb2ac6a88eb9cd5ba9788ecb51fe9e61d8891ab075ed8529e16f65c126b67af7a024c848b86d348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
13caa065052a52376089725de4f8eda5

SHA1
b8f9cecd136bb7fbd051f7e43eaf750b71bf8dee

SHA256
cf9c3698d98b7c05395561a3d376303c5a7ef25c8375ec55c92ecbfa8b010ac9

SHA512
709bef898ffdfa314f26f82d9431d4e6ec1eb1ce54594bc34e2bf0cf3a964ebe0525bcffa73694123d49b7a126cc05f613479de438aec373baed84d0da312af0

Download Submit
\??\pipe\LOCAL\crashpad_4880_GXTUNGSWHRHOWGEB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit