hxxps://ce50s[.]ru/50

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-04-2024 18:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ce50s.ru/50

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3204	msedge.exe
3204	msedge.exe
3092	msedge.exe
3092	msedge.exe
4324	identity_helper.exe
4324	identity_helper.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

msedge.exe

pid	process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3092 wrote to memory of 3788	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 3788	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 4640	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 3204	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 3204	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe
PID 3092 wrote to memory of 916	3092	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ce50s.ru/50
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb18f946f8,0x7ffb18f94708,0x7ffb18f94718
2⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
2⤵
PID:916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
PID:4244

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:4160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
2⤵
PID:1580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
2⤵
PID:2436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5984 /prefetch:8
2⤵
PID:1864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
2⤵
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,15676606508035667680,4114872939952261775,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5972 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6d04496b-e32e-4cc3-9021-2eec5b0f3e6b.tmp
Filesize
8KB

MD5
e63c891d36d2e59f07fac2fce3769a23

SHA1
e7640cb90a0819c1f253fbe7102cf9c3cfba6043

SHA256
6854f3b170240b87d2a899d7754e113d988add3f2848c56f040ac07dc7a10f88

SHA512
955956ea281b8945c06d68fa2d9107c1abb132014a080cef3a34f14d205a3461aa7f5732f5f6986f9da1d9aba63d3a77c53ae1a531736c119af313cb2449c984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
5c809594b2a6bb0e547c11b22d56419e

SHA1
0a7a9ea953e7ae7aab5d3c4ecb1a9161f4b926e9

SHA256
a3d88091d5400b682757feafa4f05ef91085252fd7aeecd5dea663cc21f4a7ea

SHA512
53b21c42921daf9d0323b7fb6c51346f478ddc283739dd4443c9c439a8b72682f1eaff5bbcf54cf3d8d71a88b893c3f0b27269b5df417c6820981ee4b8d4fd61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
8b2b78d9c2f85fc058ce05fb773e926c

SHA1
d928ed3bed5dbaf00bb1e3d9405aa8ce93f4dadc

SHA256
17b73a996055f74a23e4118e637152843377a3a4cd4e7dae538724f306f18299

SHA512
b588d160f3fd19d7138244960fac385f58af51bd88ad30545031bda261fa35673a4b27879ea142814e5cf454d3779accd67022ddc752abb692b6225abc6f0b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
679B

MD5
bb3c927bd4ca20c33526c434eb7163bf

SHA1
89fe9607f3f97184980b2e152fca136ff7720df5

SHA256
54337429e4a1d46f9a7199dedc27b122d12ad0deb62026953a92ea6178c7c39d

SHA512
219942e6d27d748f0a6d22b77739be8bf4f8e8aff6fddb9852ca5254c1d19228ba40ee559fe895f34b7c005a55c6413a6520b1ef71326395dd32f3ad8be55941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
790B

MD5
9068e5dc724a6ee00a84820314e9cf96

SHA1
e76ecd7ae84aad3f43a71378f2999361012acff0

SHA256
6ba01193942e19cdef3bba4e9f651c783985d18e7ebd038e39743a69e341b5b5

SHA512
89a653c2b0b559a8baf7150fd187fc8a3cc6c166c58fdb1a7ed4423b7fb5d2a59eed7c04d8d32c2fde8302df075d9ef7dcb276095f94ee4c3c6eab4f360d3c87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
9201c86392e71771fd5c272dfd2a1280

SHA1
54505356f2da18906921906379b184ee7484b199

SHA256
10329cb8755ff019bcc8a7f96f58c4e09b2995c8907a82bc6d2423bb48c356d7

SHA512
124d25cbab8b60c60f529a95595341e5f31e3a761e6068e05a5ccde71d33ab59184d81dd0b832222c4605b09ebff370c8d7cc3fb8db12e840b7e5cc9b2630be0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
220d64ab39da9c4549ee311b4ef3652e

SHA1
9371b248516a38e29b82cb4304140bc64911ef99

SHA256
7439c885820e0215a3ff274f94e032172c0dffdd715f5717c3d8856a6ba2477a

SHA512
a7e93cd7d6a9aa5ccbdb5ae22a8eb02ff3c4fed106402bb885bcf0c4ab109fe2f9e2bf323f5083921953d5e8d5651328ba56c0a24df81336391765553e630901

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5b5c97dcc0025b376dadb35a4396e04d

SHA1
1689a6e6d7d52fd9e88ba94081cf07f977ff48f1

SHA256
bfa3e22bb8ba14aab397e6f27acb92278cefa11202d9da1a4c8a26b497d1f90b

SHA512
158669608fff6b7a29a71b04dc192c18c9affb537dea3a4af122bc8e3c3b633b9676d482b750ac053480a63df188e007dee278311ae5575853178ec63999a549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9f495f5055f976a0f63d9c14a47fcdef

SHA1
dd005584fb05ba2465cac8ad8f75448aaf561c47

SHA256
56d92244374dab90402de7bc7af341ef929eb80db06e6542cf21f574a137b6da

SHA512
7eea57b1c3e71385366777aaf95de069dbc1432822c01b67702fb27f93b32a6ebe3c2149c46f119a30d6eec1dcaacdad69c07d55c06ffa369cf83d905eeea899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
066a28d418f81e605d8a3cd9c788eba7

SHA1
3af450f47100dd757b9817966f7ae70ea617e738

SHA256
d4b618ca03d786294ec3b90c58eaeb7bcb415e993edf717b45a9c6b22175d421

SHA512
05b2625ab98d8d28e4b3c77fc3aa52a65a3f1b9ce27cf3b95a456ffd5c3a89d525dcae67108fca2433b654b52b6af48584afb95db008526224c09a76292f80ff

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3092_VGJUBMNDFBCEMFQA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit