hxxps://taxationaus[.]dazeai[.]eu[.]org/

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://taxationaus.dazeai.eu.org/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1012	msedge.exe
1012	msedge.exe
1828	msedge.exe
1828	msedge.exe
2208	identity_helper.exe
2208	identity_helper.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe
1828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1828 wrote to memory of 3148	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 3148	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2368	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 1012	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 1012	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe
PID 1828 wrote to memory of 2928	1828	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://taxationaus.dazeai.eu.org/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdf3346f8,0x7ffcdf334708,0x7ffcdf334718
2⤵
PID:3148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
2⤵
PID:2368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
2⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
2⤵
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
2⤵
PID:4728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
2⤵
PID:4376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
2⤵
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
2⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
2⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
2⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
2⤵
PID:2516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,13512126941554612866,8767490522211628199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4868 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
3c0f7185db5f363d7b8348baff5c591e

SHA1
cfef3135058c6018551cfeac4295bf3533257fc5

SHA256
26ce21d4e8a3968c42ccf9f8e20d11ae0163025bf67fcb3aa1d99a4b15f7a5bb

SHA512
1861b0224dd2a5f6df1b66f7d2cfc08cdeef86863e920a193a255a5fa01639b38953ccca71d66b8b8aff09db5af6c415f8625e09a233301470e97707ad6b6f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
71a3b5a743d2fd57ff9f4d03bc0324da

SHA1
935ed9b15316b54dca07b27da71dbffe3dcbd3ee

SHA256
71ae64afb37803663519e0bff4a6eae17161885ff87fd80c38bfe4d745b86214

SHA512
b8e0e241440f0329e4cdb701b766eed4a553b28cfbe9d95762b2db24532c5d7c7107a9a58e627852273ecaee62494763fd08657a6ad8c32a338ac778df54d0be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5612a1e98132769a8992503b358a98ed

SHA1
2c683975833049e0d3d428adb803406f915d8ec4

SHA256
2997fbd964bed0e6dc21c689841d38c6178f88ad0ef3d7b5335b9a8b59f456cc

SHA512
7728b9004c8348d19b0327ce448036d80b23ffcfea2a6e94b830de9d878f314e0fd294d04b3da72d4a7baa3fa9076a36732df8943fb1a2073d455dea06d45583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0199b22513e80a405a32fe9ea47dc5a2

SHA1
0492ff1a29a1d9408ee7ef0940985c744ca43b88

SHA256
ce255eadff88ae65d75f1a3cd523fd2c48d47d95c94fae263e9b4be516bcf8da

SHA512
054a1de1e60909f0c21beda758ed9cfed8ada7b6e4e41a98f2a4f5acd4d7baff8b85caf60360206f738a9c1bd8339b4ce4d02e4bda84d93f86e6042c8865aa28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1883d2a432bfa53ab6dad402e65eb56b

SHA1
716e676f0e2d9c2f8a77c1caec4461a908d1e258

SHA256
597ea4a182ab66872337ea1bedd1e6ee689fcdcfcd10dd80d010636a21034d1b

SHA512
4a16719bf91bdfe011bc75f50cf66c5ca8d634dd0c60d3319da999acfcf0ba1827bae0a45a37c7ae0edf0d036f15f8f0f286a24a09cfae571e01846e43be0e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2518ee71817bd59382c25c5305820080

SHA1
814be3075287da8a4f880973431b3d1887ae7567

SHA256
1e081267aa45c74a6adccb97d0dcde638fb768eab072b5938f0c13dbd6d82d16

SHA512
b2dee388c74430741b441deaa95306c0444eda016027e8c340df46799cd91732829c1e25e8cd2ff9aa00d825b233345883d81a1dd001da1e621b115ceef450db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
53126679e3d8d580a4beb7a2c5af7958

SHA1
6d65328dfefa025ce346d9e9ce9dec9b9599016b

SHA256
7fb7e0ce192c4131028db521e79f15de7ae7cc9161143aaf74455630f8ecd9ea

SHA512
0ec7cf486f88f9b4fb0c1ddb2072b659c6eb730471cab839b8b3bc5f0f22764adbca3d9f24d60985e6eb820fd8724bfc2fbd173603552fb2814e6b2b0599dc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2e7a28cd3944cbd086094a3acccbba4a

SHA1
47ceff399c2f76837baaa30e30bb5f9d08dfc5e3

SHA256
c9ff704996d4a263acab59262c3d2ae84956ad25581b56acc6d78fe396086dbd

SHA512
65393c74a5699fe265f382f9dd0fa4ad7c860aa051e4c8161d9ab92f5e24be86107105a7716095cff0007693ac581561f9d363849a79c3d0da328d97a13a5db9

Download Submit
\??\pipe\LOCAL\crashpad_1828_UOKBEVXVEXPIYHOT
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit