hxxps://tryingto[.]takeyoutoyourdomain[.]com/mary[.]barra@gm[.]com

Analysis

max time kernel
141s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2024 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tryingto.takeyoutoyourdomain.com/[email protected]

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1796	msedge.exe
1796	msedge.exe
1116	msedge.exe
1116	msedge.exe
4920	identity_helper.exe
4920	identity_helper.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe
1424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe
1116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1116 wrote to memory of 1624	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 1624	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 4372	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 1796	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 1796	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe
PID 1116 wrote to memory of 3748	1116	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tryingto.takeyoutoyourdomain.com/[email protected]
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbf5946f8,0x7ffcbf594708,0x7ffcbf594718
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
2⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:2336

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
2⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5572 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
2⤵
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
2⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
2⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
2⤵
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
2⤵
PID:492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
2⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,14487787573579085999,11652299429059818009,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1308

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
43ee6844a82949ea602ff49f5f6c9965

SHA1
33aebcc872723a9285f117a4523cb7746eba7a9e

SHA256
0525b37619eb18cac94369883713a036887f340717fca8b6c685be3eb7798fee

SHA512
1bd3cc7cbacc36555049e6a349df59a43d6db4b6940137188e84db3aa8e5ec2d3c8dfd74c39cf09f2288f2923a0b1dcb95c7c06b48d88be9f91dc2e97febf8b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
5d0f890622e6958ca4b29d5686bfa26f

SHA1
c9cf8386816a7ae91ebae952a27c5c702fd14114

SHA256
07f32c9b9c0a0654b3828c83868afd66667f9a3894e9f1b8881bb17ae3295b35

SHA512
ed18dcbef0764d006d2c6dc2b20914bca5c0152ffa684148adf6f63acf29efec3c486b9126d61c49c949adcd617568ba387dd2c15651f959e6e6723d793f281e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
356B

MD5
49df47cab70ae338ab151f8e4db5fec8

SHA1
89f8cf0498ba068bfe01aea11f5871d9d91073e3

SHA256
1337581703440eb14619824853a5543b8e14f71db203b29eaf363e09d67dc5b6

SHA512
9168e762f2e933c2a3027fe9fd1ab2779b604fa40ca1145e4cd3aa1b2fdbe056487caa041e59cadbe4827fdb783cd56665fb6280f4556730dd6288466f3b0c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
109edb4ad7ffb840a8a0a7f3750d59ed

SHA1
3c054bc5b06a959370e2ad399e48641d490f5e79

SHA256
bdfc0832aacd990fe8632ac9743b278755af79141682d2dcc25af3ff5d7ea49f

SHA512
79c52f44c455a0cd12a32a7b8d877be75ffc02ba7884a9d11f72a194c5fd555634dcee9b6a9a6e02c9add3817c62395d1c388b2654e0d1cf32dd762243dd2257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
c01363de7d793fa7f3a0103b0f79cfff

SHA1
74a498711fcd75c1b2a88dace01a0e61dbdbd35d

SHA256
064d24a418bd2f2d23d9163efa5107d5c3b80d652600c2f8d39782efa8e8e931

SHA512
8f0605a19d0ddb04f087b4fa8f3ee3700a0903e86f316ed1941ea7a42fc70237e75ee0bf9754658e9b044074a83569b51e6b0afadcc4ebec4fe216f904714f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cf16904a4a3cb9e19de88d4332edc04c

SHA1
6551ee90dd88927d21e43f581a1fbfc8eb5be07f

SHA256
f25344b317cfe4231942d548f1c013a888f70552587cb3c182796cc2736de998

SHA512
78b991a7b6563355689cb8fc47ebf6458d5768d8be7f3490905cce7d5c9deb7e08d1e06771714012ef7159edd1dd5e9254561f1195d02a5e3eeee58fec264977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
e34097c23a2b151ce317c20a0c7b0665

SHA1
e73062e80eb9a39e06d55effccf58b67c2d8bb9b

SHA256
6e3c9d719434f36ce56519366239b50fcc2df2b913ab6227483d798fc9430191

SHA512
8c175cf7bb2eb18e4e8ac411a10ec4d17a07700d1bcf1d76e363b9467c18ecd1cb217cd451aad709cefff5505014f31b612fbd0a72c8954dff682be3469dc6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
74a222c673939e6bc3bbc167b28c40ae

SHA1
b865b2c0a64bde82fc9e59e13f2ce7fefbfa7f51

SHA256
db0ecafd793832957130bdbaf15a268e5c868072b52aed2bcb4ad94ece44a436

SHA512
8be020423d49402becc3f9654d454dac3c40e433e8dca085395674b167328849d622fae8f3c379554e74dd99b179f66a7c1ae1346eb4f5ce4329bdb785c615ae

Download Submit
\??\pipe\LOCAL\crashpad_1116_OIOVOLYKGBBIEZEC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit