hxxp://tryhookup[.]xyz/?s=Pretty_132s

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
03-03-2024 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tryhookup.xyz/?s=Pretty_132s

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2552	msedge.exe
2552	msedge.exe
828	msedge.exe
828	msedge.exe
620	identity_helper.exe
620	identity_helper.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe
4368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

828 msedge.exe
828 msedge.exe
828 msedge.exe
828 msedge.exe
828 msedge.exe
828 msedge.exe
828 msedge.exe
828 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 828 wrote to memory of 4012	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4012	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 1664	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 2552	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 2552	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe
PID 828 wrote to memory of 4292	828	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tryhookup.xyz/?s=Pretty_132s
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd113746f8,0x7ffd11374708,0x7ffd11374718
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
2⤵
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
2⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:4552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
2⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5072 /prefetch:8
2⤵
PID:4780

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
2⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
2⤵
PID:220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,8242349018231860664,11441458031635531634,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4bc 0x494
1⤵
PID:4940

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
926KB

MD5
fc2524edf3b6bd635c7d14207f540d34

SHA1
bb0a4ce987ef1eda81f0a945992d2179e9d9774d

SHA256
895e03c5e6ecf2c4108e58d16ff7ed4076fcb073d52642e415835a1e8c3a249f

SHA512
ea199503926df3e1c098c9e5bd03af66fa01c54937fc5a1bee0cf30605087e5a4580046696ad0dc980c721cfd4f497afa93e1bc44411e19a3ae72f6e1abcf85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
1002KB

MD5
1e6fd17a2c369b38f8238862c1b8b0b2

SHA1
ad44dfb61ff74274d5a87574f486d20b81203970

SHA256
738af0455f72152a57dd1da7fcf69f227e2f7ed31c718cf3f44c4160da948f5c

SHA512
2e73ad716433fd2c024f2657d12305e0c51527b120bd187f761445b983e844ee775d08e6a22293c62dbd769d175f9432e5f3bf9c9d059adc79df019112432043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
867KB

MD5
e2efaba54b2162679764429f3956a748

SHA1
ec0dd31915c238101ab05cbbde10303e3b91b43c

SHA256
7adc58702ed53832e349da044432370c1b6a44ba3600cc8ef528d3438fc99799

SHA512
690d3dcb8f17d9718eb085370ccad3050c80ef9b9f79cb6b7df732fefe74df9a0ddf26b9474c3e5019ee1b647c0db640843db92a84f62ab96b250f269705a96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
897KB

MD5
db22417a41407696abf66a9bc95e474b

SHA1
023e409cc8db9b943f94ee87943c02e2a4c194c7

SHA256
f93f5fd0b670cf421520644fa71fec64c7471a729569d5916970d5957b768607

SHA512
a35d99e93c82e0b925e2bb7138afce054e73d67793176be33944494e643eababfbfac5e6c07ec23a6527e8e237f9b52a7e605ff2ebb9fa8e6f695a5e323367ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
915KB

MD5
c0e296ee87e71fb4e4fedeeb81b5b8b4

SHA1
665954b42cb5456e2e58531f55c794f139987293

SHA256
91eafc68266cd0c350f34d46554e21064a8d0a6e4929a3db891e336a02ba560f

SHA512
9c7b1b9dabb437cc502fdc6c758e0293f78bf14550edf38339f26e25dd9f5ed14dfaf3594952c828ffd0ef390f56f28c9f8131ea3ff5ee3a6be6e7ac5f5f3d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
240B

MD5
f30bb79ced174864b55dd026c4b3701f

SHA1
2d5f95549e8303c9cfd59814ff0f5c7b4b0a1b20

SHA256
63fc088d21e6b656fa0f7f307f5dd28a143373a8eeb9119904a428d6cab58a47

SHA512
7c8dff14663d73b73bd1393141eff45066f247d295a7a340e80a914691a1adbc25f561e3d3abf3706c42fe228476fe2f117f8404330bbd0893a176a60d8c82fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
94f03c27e9a4581fddacbfe6c47325a8

SHA1
15a47c7a64f8684bbe7201d68700dbccd4b80292

SHA256
88070c505f08bde31e1ebc11e8d7210a8481a903a907462f4f816ac03d3b5071

SHA512
ef93ce47c5460d2f2d4ad4bd0f20fc2f142cc1805221879aa59aca91e14a4828046cbf5632df5b4ea58b63de17260f11f93affa81a331b882ab2e136a86f4656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3887904aa1f9ca680fd3fadbb7df5577

SHA1
b88d05b91561f6bc58bc5e3336af1b0ba73a38e5

SHA256
a309e81d5cb1ec2ef722d462d6cb5eeb7405638482e2500451f410b64a1ec3dd

SHA512
8cb75bdeb003ebc7be1a8b00a6d284eb29af608490791b381d5ac8230e2c694e349540d42cfef657f5219b876b35515c8fecc074e4acb9ed4b5aa80bfec0209a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f7f252ecc4107ac5d25bb0f79310cee2

SHA1
a29475ba079a26288e41d2f579dccca05b335841

SHA256
62e82e252ce0ff1d4959c5e7f763077a32c01433cc4b4513a4f2731d72200b9c

SHA512
6a455fedde9028c6210e533ac19809b99f11254b798019c4aa0b14e374fbe6a7bc606937376d2b52fe7dc0dbba6ff0043fae213c863ef456ab5217bfdd8ad8e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6cdb321b166fb872cff0f1e03763c501

SHA1
1100a8472eb70d7187e0c81fc010d8132a7b1812

SHA256
a9d61260e90af5fbbb7566651546abf995606b8a5e3a02b9147231ab7bd03b55

SHA512
50a865b89335ea8bd4a78ee90d048cfaca7ff1774b9c07e069c5ff40d7c7254532f1227e54b4e17fdb9f3b04f8d2be8fe9f0ceccde01ac96bed469bb50dc227b

Download Submit
\??\pipe\LOCAL\crashpad_828_PYHFRILCIXMVMARO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit