hxxps://cloudflare-ipfs[.]com/ipfs/bafybeigfwa552otmu64v65qbjtpmn7mit3fwqzesem42a54mf3xacq57mu/webHK[.]html#fundacion@ienova[.]com[.]mx

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2024 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cloudflare-ipfs.com/ipfs/bafybeigfwa552otmu64v65qbjtpmn7mit3fwqzesem42a54mf3xacq57mu/webHK.html#[email protected]

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

5 cloudflare-ipfs.com
10 cloudflare-ipfs.com

flow	ioc
5	cloudflare-ipfs.com
10	cloudflare-ipfs.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2656	msedge.exe
2656	msedge.exe
1384	msedge.exe
1384	msedge.exe
1508	identity_helper.exe
1508	identity_helper.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

1384 msedge.exe
1384 msedge.exe
1384 msedge.exe
1384 msedge.exe
1384 msedge.exe
1384 msedge.exe
1384 msedge.exe
1384 msedge.exe
1384 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1384 wrote to memory of 3432	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3432	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 4492	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 2656	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 2656	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 208	1384	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloudflare-ipfs.com/ipfs/bafybeigfwa552otmu64v65qbjtpmn7mit3fwqzesem42a54mf3xacq57mu/webHK.html#[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84ba746f8,0x7ff84ba74708,0x7ff84ba74718
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1054893102012707175,1114235522821904080,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bc666a68ba81bd5d8da7c29114e1365d

SHA1
22f9c1cb3050e59c4c45a352c9a01593043ce690

SHA256
153375666e1375346673f5142771ef88a073790448309706778870fecc75495b

SHA512
069e93fb7bf9a64cbfd151a322e5d090a832e861ed825dfad0f0b17e6ba7d3ea4d98e60642f08ef8ff08fca5dc5669bf95c01e8bb2e02cb85e49c55f7835298e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
617B

MD5
8607292aaf0db9759a5f8fca9cc0f361

SHA1
e1723dc6d36b34950a71ce9d28c5b808c4d6cda0

SHA256
872fd060ca9308037bd84e3d4a990641262d3018c31e01838f9150482393250a

SHA512
0e06e7691583147b7e4d2cf39428a1dd582292630f9893a6884413df4e881aed0348635bc78f28db6d8cab656cdc02dc997e14b1ac63bae02c3bd2529d6965b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f594ba3374bf223ffb303be476cf4186

SHA1
f442a552b47fb0446675f3bb20e145925fb5fd60

SHA256
adc76091549084b8dd41854dd72b62f0c8dbe45f5e449e30a7498b599dc170d8

SHA512
5139226da71367bf4da09533849daa549f4a03d5df21051faab2b2df2912c296bb28b23dc1f2a86da617bb7583203b88657f5d6ed1348e06fad2a4a8dc0968ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4da815862b760decbe060835db78f38f

SHA1
528d4f55455e0c3a491894d46c8b52bc34b2d136

SHA256
6537830ea2daac4e71f12b32da94de2fd0e89eca2c4e7481a1344c991d15e9e0

SHA512
bdbd66b704d1efc14441a7682e630d2317d14904009df5387a6c27decea7795bdc48d336d47a4fe6aadee30d2aa3c1d4ebea0a6f0579a0d829730040f2125cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a15b749404d6187af174d74582d0787d

SHA1
bced623280d1fe1a1a81ef428f537249e176c9e7

SHA256
4bf9bb1727443953951a42f5df6267657c98e10b19d6511e0d480c0e4d7b504e

SHA512
a7b46cadd05193a134c3a40ac47dd80c7c05bc4dd4aecfcc7b80d32f861bf3edcc81d4d18985370e30083524e7850f2ffa2e8925195bd9ab877931f0f25df700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
66677578524d1bd1c9d415cb50626224

SHA1
7f1935417f0e15f2b03ffe3c75bdd0d5f24a53fa

SHA256
251d44ab29b9c229741c7a8df2c11c53aa0562fcdd76c2f9234b847f160c4876

SHA512
4cde69057bf1c4ab85e3e0742c0888096ede47c765860c3fd6d6f545dd33d4d2aecfebdec7893ece7fcbbcde020ff1ab63b34324962d819cca8832c3f74b1166

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ac975a5848a98b3691b6bc2cd45a892b

SHA1
cebf04e9581a73636c6768e143b1820df0d9d2c7

SHA256
c577d80cda129d2d535399f27e3892c0e3e97710c16d185d1705c578174ce25a

SHA512
9b755440513d4eeb9e9e5f4f2777ddbde32c3210d773265efbd8fd2d493f69b0ce2cfea7d6a7d1adaf2502cf690a744c392867f19fc73ef7dfce9b9d3f0eedf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
389f494b1777f6b5b751edae0c9cebfc

SHA1
93adc3a9537570ebdc1ecf3403083ecd4a25eb47

SHA256
e7c648f333c7b18808910ce312d5aeaca7d30d4c5f17d649d7867d712e50521b

SHA512
15eaf5d9611963551c9b54d8b9be7baaba4d0c1798c73132a5377738c44d9fb834559e7f8a85a326140e5b41ef166d17bfbf316444016e6a7788bb3a291917aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a642.TMP

Filesize
203B

MD5
fb1729b844d1be42deadaf77a3f984d8

SHA1
36420d38116e0ea292f2938dba496285232b5115

SHA256
10c1880c7d15e7d27be6eb9d988ec8bc9efa1284a1343e5974c2c08bae3cf80e

SHA512
23c88022b61bb51c6a0c0d5fb9a56a9dcbab1114a109fc53a67ce9c4e65b932bd672a29793383b40bb2f417f33af327e5f15f340e979687ebde4c6becae3b26e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
6e43fe8268c8ddad047705903ea4c9de

SHA1
d3ef7a79f30cca7f3c21636e180c6e61d59f13df

SHA256
b290e8f90995a97de86b6c8c746b4da05619c6875cfccabe2af16f4ac336e35c

SHA512
86e02dece8f1dfddd41a63c7ca8aaf3f710022b9a7dd4371b51fcf3945ce46f3d48275973c27db08f2af33090dfcc125c0bc6bb565bc59a0dc688b3d0115d93e

Download Submit
\??\pipe\LOCAL\crashpad_1384_IZYXKEVZQEAEBJIZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit