hxxps://io50s[.]com/c

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
13-04-2024 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://io50s.com/c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2236	msedge.exe
2236	msedge.exe
4604	msedge.exe
4604	msedge.exe
468	identity_helper.exe
468	identity_helper.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

msedge.exe

pid	process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4604 wrote to memory of 2728	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 2728	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 1944	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 2236	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 2236	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe
PID 4604 wrote to memory of 4384	4604	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://io50s.com/c
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2b4046f8,0x7ffe2b404708,0x7ffe2b404718
2⤵
PID:2728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
2⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:3988

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
2⤵
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5848 /prefetch:8
2⤵
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
2⤵
PID:1452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
2⤵
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1932 /prefetch:8
2⤵
PID:3780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
2⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
2⤵
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
2⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
2⤵
PID:3352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17474659960541012785,1948817008859512193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4788 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
0ff45a1e51f726ca2605c24c3efff802

SHA1
55512d8b751ee9cf8570846f1af1bf8a16dcfee4

SHA256
d88a235cadca6c986cf3be1cd034732a337fc839ee2e36714d3d0bb1ed07fad1

SHA512
70d7f8ad50ff50ba75ef67712a6be7e1118bce96677fd5214e40032cae8f2eda0c9dcb826c4d608e7ef0532be939896fbfe6ffd9b3201b22a3762d85d85fc6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
792B

MD5
9aef505152e3ae49eeb8cd419309a700

SHA1
41dded87798e0f1b6ed16c93ef9eb855fdce9ec7

SHA256
082da4aba087198b027cde177913be962b642e17565b3c30421223c5314f6685

SHA512
445a76fe6bbe28235ff717517128ae1eaa137d9bb4b5baf7f5a6fd9f984d4de32cfe0aa9827e9d6b1f18964eb12456da75e34ccf3dca37e90448b20b0267512a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
576670daa5d1bb13a47c492d28fbfbc2

SHA1
7ff2fd7135b85defc5493e96f4963cf0a381b788

SHA256
b950420a46f98d8d923b5d0c0c2660fb3f86344e5c721eb71fa7ba96b1b256db

SHA512
5b10289b25b27e62e3fc8b48776e4954c9e0e7c0e11f38af7adebee32d36f997d1b6a0cf4e3e096fb31e21b9f092f805877f18a2f4088d5b6e69f98b8cc0b44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
72973dfcf91529496be4f5dfa67fdc45

SHA1
8e36768a241de4c931058a74076ac0c2bacca394

SHA256
0a04b8a962a497fe537c2238ce8e395d48ff78a06cbd60f2bc397f34dbe0580a

SHA512
a4383a9a8b92a813c766c16723c592da42d556f1bc9340cff871c001c923bd3490cdb7c32bf324ad7b8e2bc005d81f3ff7a26dc9dc6ca470c7d9f9c061846c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
9e4aa793b01b0b2e7f074cdfafb62e61

SHA1
970e8b446cbc29916cde73a81103d5491f13fb2d

SHA256
b323fe5e189a3dc89c13c596f2cf8dc3bb0eec9731173ba73908297c1c9e7c00

SHA512
014f7d7f8c388e9e558f7106cb7a5919c625a6b6162c592b70d19b65869617aaf5909d323601b7f0dd55aa07bbdcb0e657a984412dac913e4ddb6252a8e452f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
234e55b0dcf35c58aa71bd221dcdd401

SHA1
829d610c51e3f6197caebfadb07c55d5d1d2d710

SHA256
3a12ae961596ed79a604013d1d9f18d7bbe8d548d34ff058b3af68d04009b4ab

SHA512
3c79665def2dff0ca2a1a3d157ab60694afecc0a6a191f5c4e33f0b0bd080b7bcc8763f19f37d32c8f69d967203a1a43b12d7632b5679d9ca60eee1f32435e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
73f785e9b3e3129aef0561ab2a9472e7

SHA1
215970e848b7c41c21214ca486fd3bc4099b7db7

SHA256
f2edfeee43594a9272076e978bc017a1b817fe2ff4ba7c3e2dc39242c53e6968

SHA512
2c3436887db8d3581e5bf67d8ec9be4b8a0033da4f57e07569ef76c1ba235ca357a083e1e57ae21eef036afd76964ec4008c9dde18fd665f7bc2e91053bdd604

Download Submit
\??\pipe\LOCAL\crashpad_4604_TFJMBTXSDWGJCAXX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit