hxxp://cqqmspeb[.]riva[.]co[.]ke

Analysis

max time kernel
187s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2024 05:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cqqmspeb.riva.co.ke

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4404	msedge.exe
4404	msedge.exe
2576	msedge.exe
2576	msedge.exe
2384	identity_helper.exe
2384	identity_helper.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe
5572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

2576 msedge.exe
2576 msedge.exe
2576 msedge.exe
2576 msedge.exe
2576 msedge.exe
2576 msedge.exe
2576 msedge.exe
2576 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe
2576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2576 wrote to memory of 2776	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2776	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 5024	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 4404	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 4404	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe
PID 2576 wrote to memory of 2032	2576	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cqqmspeb.riva.co.ke
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfe0946f8,0x7ffcfe094708,0x7ffcfe094718
2⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2
2⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2452 /prefetch:8
2⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:4856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:2848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
2⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
2⤵
PID:4432

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
2⤵
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
2⤵
PID:1456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,7602705819218530830,2380900276225437899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2816

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
68f716e2bc80f4fe355400784983a76d

SHA1
4c2eef94643edb7fb5e478295e69c94c36a96c4d

SHA256
2628c551ebb6bd4ceba469a0fdcbbc98d6bd5101fae051db7d954648c9d88ae7

SHA512
c76540104a466bbe3bf8cad38dea880dec9102d5bb4f4238e6528f72782f6b4ccc505f7911f0ed9129f52a1785c1a01b5673a57607131eaaa71409aad016fd3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
861d2e4cc5d14225c0f4fa328fa05690

SHA1
fc9fa40e8db8bc21e7bdf3a88627a4b5b6f4982e

SHA256
472d58edd12387c2106c77980330ad5312eb0b74eda567ab96d2f1275d97c7ab

SHA512
cb7618df536247804b5f29b8f47cf58887f9dd998e4b202da1538dac5ce1c4212a0c30add3ca3959070115c83c55af02a836fe544f699be8e2780b7979d3d661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
28761963d147408d725d30e3d6c7f231

SHA1
a46e7d80ee51a75b3c0d1803e8c655607075123c

SHA256
03ac43f3f99ed72adbf3d586450d347d1ce5b92bd5cacc4c5286b55984295094

SHA512
1f146760ba9a1d95a7a6e6e8d3e4ecc4e5286c9707c45987aa8488a46098d63519d49d1849b9479548bfdcde7bc1d2916a9a958044ed44af970c84d3618fdb09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1006B

MD5
ac2f506709a72a0cb781478633ea3e67

SHA1
5e7df5684e43136be83c85330213766d839af1ab

SHA256
f001911f3dc796c8f260cd49a26ed8fc54c4881e02bfa5c893a8ad7dc28945bf

SHA512
2e265adea4e6b2af167939d84cdf199c44ed6b9341dc26a2002945dbddbe3e3d11f8fab9457a88cbd43cbf6a61c53519464ec28b7c484d97ab4f5817a51f6914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3d0f87aa392b1473afcc7d773cf666c1

SHA1
7345f4dbb1c433898475e370ae07bab501c1f972

SHA256
e666709e8074c9f2d331f9dc60e2065f9c6f39a2df3cbe66a977bc46c50549f8

SHA512
a9ae7298ce3b544fc7da63313e656f4f929dd7fe1a0bf04d68d96626f5b21b1e3907a13315bea3ad02ed10d6b9badb55ed28fd6c0616ee83f871962e69e71ff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a6fac032984a7aac2920f92414b73e73

SHA1
2b77c449077e513590f60b75e0ef84e8852cf1ab

SHA256
ed4c6560e74b82b03f876405095960b8187b5df3d33589067f79688b09e58024

SHA512
0c40345276b3f4d7dca4dc85a2ecc8c784f26b7853be042254723614aa9f639b28ec85880dda43ab5e60f88b9ded871eebdee22f3270b9a2bf244b2198bbd27c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b88bc30edf3154c47d8b0b90580fa350

SHA1
79928235a7542fbe1ab0e5bf468b183bf63fd07e

SHA256
6fe3a93ac8e07236bf91d09f64f9795e4ba2e25ea17b95c20adab7dc7b7ff0e0

SHA512
a2f9c9dfd3aa96ea9abe2d7d85f13c489849c90c0ebc41512dedcc2959e70201db58bb3a63b6361db3679b38507555d7a2acbcd6e004b7532b562f90fe7d4b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
8618417fcf8ddfeca05504bf5bbf9a71

SHA1
b0777b23d8eadf3eb9daf864253af95fac41896a

SHA256
5aee07aa2b705d966b7b2dc232c5c25b20129ce0fc70b490901f30c0f8507ca4

SHA512
ebf6fdfcdcc713642d44cda4c209cc3581f5110e96abd41881ede0538c99b91c0771d7a7f93c19a5baf05340dc23920f68feb41aaac821e94291509b16a99bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
204B

MD5
b371cb78b2a0794ef661a4f830830ced

SHA1
1617e7dda252117ddd18b81c531a64a156f13020

SHA256
731069623e599e53d32922976ca3ce38153d40e99a6fc6ec29f7611393780234

SHA512
a430766a6f2e399d6356481ef875e25d74b9b324ee10cf62bcd83b617a179bb683579379259f7769923cb6a6df4ef8f09b9f1b2787fd15fda0daa368b7d9ead4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a4ccd069d3cffb2efa98fe35a26c6132

SHA1
9b4afada56c6b644d6655625823440f2464f4bea

SHA256
752c771099c23b60de3f638c199975827cacf032b56eadd3649b5badfa8c9bff

SHA512
ee62c4571cd86e5c4449c490161ee7e949e9b77d38d5ba784c78fd777b51f4c199bee1f4ab19833fbd2fbc97c10a10d1539d82b42a103c3a9441ed2181817924

Download Submit
\??\pipe\LOCAL\crashpad_2576_THZAANVCZDDGWQNE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit