fc6c872dbddcc79224df2aa1dc2c085cd54b8cfb364de3eaa9dc9d3212b44f60

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd29a658cd39afb20d949aa90794a582.html
Size

45KB
MD5

dd29a658cd39afb20d949aa90794a582
SHA1

7d815a4dacf3087e7536e50d786b446ae9fcee24
SHA256

fc6c872dbddcc79224df2aa1dc2c085cd54b8cfb364de3eaa9dc9d3212b44f60
SHA512

64b471922b36aa69e13f842178a8b5cfe275f04e1f0aca9e2c4d8466a1186cf5257ba34bf9305c82c206c57d323b8bca40fc0061aca08a4ac3fedfbf84184824
SSDEEP

768:FYqjV1uY+evlrb15f984gJTb2HO6zQgh0dGH:ZjV1jvlrZlgJTb2HO6zQgh0dGH

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

92 https://jira.ops.aol.com/secure/attachment/688199/failwhale.html

flow	ioc
92	https://jira.ops.aol.com/secure/attachment/688199/failwhale.html

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2952	msedge.exe
2952	msedge.exe
2376	msedge.exe
2376	msedge.exe
5708	identity_helper.exe
5708	identity_helper.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe
4672	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2376 wrote to memory of 4332	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 4332	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 920	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 2952	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 2952	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe
PID 2376 wrote to memory of 3480	2376	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\dd29a658cd39afb20d949aa90794a582.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa72b646f8,0x7ffa72b64708,0x7ffa72b64718
2⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
2⤵
PID:920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
2⤵
PID:3480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
2⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
2⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:8
2⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
2⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
2⤵
PID:5732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
2⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
2⤵
PID:6028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,5996619813114269442,17158445128218823669,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1292 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
11b2c9ec944e47c86cd1f1678c81d75c

SHA1
9d55de6a4be79441210924dd5ac120c593605f25

SHA256
31b6562cd0c74fcaa73df5f635934b52e0517a365db1f32272e8d39e3fee82b4

SHA512
7472378412d55a637399d50005897ddc65cb1a28eb4f663d1a30b162106141d25ff9b56299efa38967c2d8fca76349c5cee17f3d2b47dddb43cdd171dcfabd3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
288d5e383fc492466626a049b30a489a

SHA1
a5c2e03041f399c3a9e21cad3de8d637a163be6d

SHA256
a18b9f6519e548231a38d1e2218e25efaeaad616a3e192b7854a07022b43e86c

SHA512
a435a959248bfa33b8383fe52e80b559e982c15e55e4359c216d0ddb388a28558d07375cfc1baa4d832c1892dbb3b2aa2f144510ac4136f1ffc1e697dbf6e032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c408f32edd263fa0ff34f01a321fb97e

SHA1
6a52ecd9baa296ac5cba8bb7244da928b04305c0

SHA256
644f92c6fc222ea1d2077c316a4c469892e9c1694868306f5209035954d9f064

SHA512
17a54eecc68f00c2b34d49ada3a65af2be893d36e88e3ec32bbd7937edee6d9215f61b344abb8fe4a56caed9497b19d3d246703ef6dc1878358fd9f13d968e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
c4b93925d99fe8b3c7a5b143cc5e1837

SHA1
71ea18a52bdfdc73670885f84f1683cf1b6fae32

SHA256
36349a5c21978ff772a020e18fb0c7ee0602e2e4131885222569b2479561213f

SHA512
dac6bf2ae936abefcdde8f7144dae9ae81f6ed1b3ec589f6f29c123f44c6797ef80f695262d527f892684eb48ef6a9210c22a33fb87bd0610d860b9cb611cac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9d3c78cebe2a2d02e4d663258f66100d

SHA1
5e39d0311bee8cb6eb0617ec144e42ef6619f5f3

SHA256
3b800e2b6ffa34e762030ecb4bdb6c5d8d6ea1689b1c92d4b9e0c9cd202201b3

SHA512
d22a8b9dcd5ce2ef7d5ae9786ef9832927cad32cd22f3bf25e7f687881cdb8328a064d92c89cb6fa4c2825a406068eb43400fe7df8b3896689c822523e6a1550

Download Submit
\??\pipe\LOCAL\crashpad_2376_BREIXJGHVQEANAXC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit