hxxps://souq-deals[.]website/6uh4

Analysis

max time kernel
961s
max time network
970s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30-03-2024 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://souq-deals.website/6uh4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3936	msedge.exe
3936	msedge.exe
924	msedge.exe
924	msedge.exe
4844	identity_helper.exe
4844	identity_helper.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe
4240	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

924 msedge.exe
924 msedge.exe
924 msedge.exe
924 msedge.exe
924 msedge.exe
924 msedge.exe
924 msedge.exe
924 msedge.exe
924 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe
924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 924 wrote to memory of 2884	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 2884	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 4460	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 3936	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 3936	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe
PID 924 wrote to memory of 1112	924	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://souq-deals.website/6uh4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffd4e7546f8,0x7ffd4e754708,0x7ffd4e754718
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
2⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
2⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4716 /prefetch:8
2⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
2⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
2⤵
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2240 /prefetch:1
2⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6602937431818391416,572606710675539636,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
290B

MD5
5d6ba029f455f617b69d5621d92adfef

SHA1
b8175b95d846c64d90233217036c6d53e041cf13

SHA256
c265598880327acac22030c546e2fac4c41731459cbf98f8c4041cc5f46510d4

SHA512
5fa5355219ba295794447ea9f8fc046bd42297227194452fe9397104a917173008cefb0a7971c7b94387f2b478f33e7b48304049075db5ddb6c05b5a41f3d4b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
b54411d7ceaee01d1a217a90ea09b129

SHA1
ceba547fcde0f1b093e55d348eb3d5029bdfc52e

SHA256
ac17e638bd51ea1b4ef5c693504adc97c0a8dc58647cc75fd63b013926fb152e

SHA512
69289e6a6c6c50d93c6192a3ba1e5a085414ac688b98b1d54cb55cf956e75e27919be7d81f9d490a19e3406b77f082feec9e7689e22c3df2eece38dac5c20fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
c52550389aa8fc9f315e0859a7bb7edc

SHA1
0ebe8c58b6d7bab6e1e12354d2ecb46d94cec399

SHA256
408e80076a08ff8146aa039d463817e1a879e21151f77ad5904704f545130663

SHA512
9c9ca30bbd2c038a2a15617257c7a0ecff2de5abbf53df3e7a06c1a2143257bb1e8e8848804ec88c1ca9539f4ba2ade568a33f5d7d265c9a069f3d65b56ee5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
edd3efb11957ac8f1e7e784428e9258f

SHA1
e0eb87076361cb9324d31760abcf9163441a6fab

SHA256
86fc19d2085b3ca9fbc2f5b64f54c47bf6685d20c44405693b8dacf5d4dcc1a2

SHA512
10a0f8b059cd96751c8d921dc62bf2f239b19be2a6b811b961c6a32bf17d90f081640cafe3c245ec586b5e8d4f7d2e6feaba7ae7c405528aa5542d5ce0783a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
874B

MD5
af9b0a07f5d8622abbf82c55e9f25e75

SHA1
af890a584931835671e01acb91017394e4d2cb28

SHA256
f97204dc7e5257c561889679223e36640623d1c29cd85f37198d0e59bf08ac8f

SHA512
115c714399027efee653620fadd465a4b4057fdceb477012336ecd282c5def6a8fbf7ea1aa78080ee86ae365bd506abe1b566af85879bb861afeb6f211413b98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
874B

MD5
feeb5f57f3da7efac73e151d833df956

SHA1
61125fba87f0debd4b561e167efa897e9da229dc

SHA256
f1f6cd21d38963398fde07ac7b540531105e773d7e25ed5cebce061e19c2c406

SHA512
e6d958bfee42dc611a5831cb333dd663909efbc67d6d1733591c2922ed2ba937553b9612bec75e67f7a77c2997b9e0c62e144f4900ccf381d083dc0aee2ada12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
874B

MD5
472bf11ba510e5d6fb87b49960e642d9

SHA1
4f78cd816ca626052f2c0b66c69fa4a22a9a53e6

SHA256
501cf08b0c9c01ed7d850be1e2110a06f4f2b7afee08050db8c3ee53e667f1c3

SHA512
77c4b43be9667965224fdf4aba3541f0dfaf49630e81f714d050c1ff7693bbf353cb867387427d50ef0146c0b7741eca1c236c062f5cc2e73396356d70bc40c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3e3cdcf24ef4d91d253334616cc9c860

SHA1
218e5bac313388cce34a4020a0459da3734b8369

SHA256
1e3a6e5bdff8b598f3e5ce11a0999614d039848d252eda70f83f0f3a11e97cfc

SHA512
fe7214d2ec89cab6573def1d9a1bd27ad45aeaae5192aebe2692378a604324976bda18deb4e3bc3a79e183b9e4a556a3a3bcf9b59552f18fec5346ea259b2520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fdf5cb9c35ff1b1f6f8aad7d0d277667

SHA1
1b7a4956eb1948d69f790ee6a3719127894f7cf7

SHA256
460b9e3ec5c75bc725547145ac591ef81482e0b27a56ddd45f5fbe2e8a8e41d5

SHA512
38e2c70ef4fa67a305c69b2d5d671dd96da0f4882c6990737c9adfdd05a53dcc729346bebd1851cb4bf8cf2d7653262736de379c392266fb17223709d09a10a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4a67a159aaeee576077c7a4eb4e69a02

SHA1
f7feec4ae41bcdbd3471a27797b254df47525eb9

SHA256
7ca0f8e5cabc8ec0ccce7aa451d43bf467c808e17f0bdbc88fc65a7cb15723dd

SHA512
1c8b1052fffd88b649951ac8883ac1ebe2d180b15b6f1d6c9254458d94eabae2faabcc1c23a8fe2b90678988528a7b4647755837022db667ab3e01fda061e2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4cf477fc0c1db0bde2f1ff6a4f6217b1

SHA1
f9851b9aabca061f33a36393d8d618a683584928

SHA256
4caceb6d7655ef73f12770abc2dc0ed28c2312b74d48925ef69bc0c73de222d7

SHA512
39922930c0b3604e3c171830be1b978e4d58736ec4f33ed1ac55df3eb24dd01c48ccafba8d33905677731b823fd13438d2ae496ecd8f5c715d928a3b509513d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
540B

MD5
f1622611bfcb48980bc3d571acdc9016

SHA1
40d63742d2ba9711b6f0697348fb9a5028224f21

SHA256
c808d7eb7e2b94121857f95896eb27df6e68b0230cb3953b39cfca284d85f4f2

SHA512
e4e59619d1983d536a056ca2bba678db3afc179416463c974ea969b9b66f26c4be74d5bc237998b6087ba8ccb8dbd95d142d276c31b8c917effd7021f7181b72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe593e09.TMP
Filesize
540B

MD5
b2f73af223cbeacae219fe63e6a745a8

SHA1
57deec95e2e4f85bc206447a44412658ead9f551

SHA256
5ae0020b5533cdc2c4c58a134a220028d9eb6a79d1c3d90b94969daf90469428

SHA512
af576498fe465d777fadcfd0535db36a964b1c8532062d40d5177e9bc32657c85d7403aa7407b70395a34a788166c0882d1bc9f019733e36ebc4fca3c27acb28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
41fb76098394259451053b0749af9d19

SHA1
c7fd9ac5c0604abcc0624a206c967269b598b1ae

SHA256
54d1439451fbcb10c633f8f46416ee12c5047b3705a3671f519a652cc719afe7

SHA512
8ff08f6114d793c9a64d5c1833d170928fc1080bdd50f690b632ef72856a5be51acaaed17be5a808791c3fa8db44c16b65761b6ae5c9db656078cdc55aca3bcf

Download Submit
\??\pipe\LOCAL\crashpad_924_BJJBGXARSZWOIBFU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit