hxxps://sc[.]link/HpZNj

Analysis

max time kernel
153s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sc.link/HpZNj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4268	msedge.exe
4268	msedge.exe
2032	msedge.exe
2032	msedge.exe
3344	identity_helper.exe
3344	identity_helper.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2032 msedge.exe
2032 msedge.exe
2032 msedge.exe
2032 msedge.exe
2032 msedge.exe
2032 msedge.exe
2032 msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

msedge.exe

pid	process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe
2032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2032 wrote to memory of 3932	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3932	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 3520	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 4268	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 4268	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe
PID 2032 wrote to memory of 2248	2032	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sc.link/HpZNj
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff8688046f8,0x7ff868804708,0x7ff868804718
2⤵
PID:3932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
2⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
2⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:1004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
2⤵
PID:444

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 /prefetch:8
2⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1700 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
2⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,16375015118187684611,9335272044470973885,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5640 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1184

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1900,i,16991692861564704808,1796992724676592803,131072 /prefetch:8
1⤵
PID:5092

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1900,i,16991692861564704808,1796992724676592803,131072 /prefetch:8
1⤵
PID:3296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4764 --field-trial-handle=1900,i,16991692861564704808,1796992724676592803,131072 /prefetch:8
1⤵
PID:1824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1900,i,16991692861564704808,1796992724676592803,131072 /prefetch:8
1⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1900,i,16991692861564704808,1796992724676592803,131072 /prefetch:8
1⤵
PID:5144

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e2ece0fcb9f6256efba522462a9a9288

SHA1
ccc599f64d30e15833b45c7e52924d4bd2f54acb

SHA256
0eff6f3011208a312a1010db0620bb6680fe49d4fa3344930302e950b74ad005

SHA512
ead68dd972cfb1eccc194572279ae3e4ac989546bfb9e8d511c6bc178fc12aaebd20b49860d2b70ac1f5d4236b0df1b484a979b926edbe23f281b8139ff1a9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
864aa9768ef47143c455b31fd314d660

SHA1
09d879e0e77698f28b435ed0e7d8e166e28fafa2

SHA256
3118d55d1f04ecdd849971d8c49896b5c874bdbea63e5288547b9812c0640e10

SHA512
75dce411fce8166c8905ed8da910adb1dd08ab1c9d7cd5431ef905531f2f0374caf73dedd5d238b457ece61273f6c81e632d23eb8409efbb6bf0d01442008488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
99ba638dcc91fb7cf723a4e8f1a81f20

SHA1
44d2cc1724400af9b14791cc8dfcd3478d5390bf

SHA256
9e2d7bcf160e06d11eff124e87689e84690bc39144399139a1527cfde058960e

SHA512
e521a7b4d823a901aaa0a788ba93c48e5031d555d38fd1cbacee106d7471f65b84c6b83ab569c57db82b1b7e28b5843325a7717d275a417c3e3ddf53d20172c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
39d04bd0ef07a318adae24a9c24c0df9

SHA1
1e3ed0b286607a298565a4d482eecdbf80578e5e

SHA256
45d4969311ab9414942b59e4f845976f573da5b9c87431059b970d5ec626e040

SHA512
a8611d4085ad426c748dbbb16727f45c2862eb494dc2d1fa60ab44365d60212fb9e4c2dd93833f5a0a31148f2b297f88e0e90985c6725c45c1a70fcb3b02abfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
626B

MD5
12388b6a4654ed5795dad04444f0daad

SHA1
ef3739cec8a5d37b46e3f03b82c4f608a28b3cd5

SHA256
7bbd62f320966cb15748e9041a8b8de9ec634d093147ad98f35d0c4a9ed304cb

SHA512
ccef0484611d0d3c091f81788cd40eafdab0bd0a931e3d8293194cf8028d5a6294a33f3ccd230b32745cac0ba5f06d1c452a53ebebf60f268f92537f353024ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1c42561f0751dee39b3ace4d9ad4cad2

SHA1
89afaad0190a9699ed6f4e89bdfee3c2bd0ea44c

SHA256
9bb36f33ab6d7649eb78ffea1070d0c3f32528f0c2f5e861a5079bc56589fbe2

SHA512
be0401e18e26c7ca80eff1f2f77acfe66f0031a8b185ffdc2246b4d998792a7a84f4f5ae5225a2366be7aa3064902bd07c8b3b3375074d0a4c34ae4a16094078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f0ef5ec85414f4a3d7a720ee50da1ad3

SHA1
27acbb486ff7e83029174b23cd4a038f882d88a9

SHA256
5d191132e4d630d5ab043353904efd0ef7ac83b15d3806a33be2ed4ca02e6493

SHA512
7e3e062fa879f4b0fb94ced75999d347bdaf542e5a8f93ca56e34b46d4ce2e3b1762da6ef52db42cb0333556a430891820bac06183f9ff1388c9874bf1b8a4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a957f59e6a309c67d69957b65e800c8f

SHA1
9787fe60143f59b664df4194695ea26520548be3

SHA256
da73f8af18c9fac2379544bf31e68f28b4983fa88ac56865d7551653163fc5ff

SHA512
b75dc38c2b77674ec2f10c39c5c346993d5d6a00be4839f6672163f3268cc62213166321d67e0128794f824c2e52b74677480736c78897ce3ac93b3244ff0d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
283220166f6a8b89730b13cd7d330e58

SHA1
b003369f115233c8592fa3ea6fe544b24e380917

SHA256
3b16f6045c1f1a8a3a3813fcce5204cae85f3a7d33a8f7f5ac8a72771497a1a7

SHA512
a70f0ea2687c9af252f383ca7592d23132c4a0fd29ace9b7a88abbd686c96db231ca81ee0bc942fe5a8d9339ea216f13db993a6d6bcc520baf4ec232e2b3432b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
de013820476d6383551379b46625aae4

SHA1
cca78747405f1ca131259b764e2490faf88247e7

SHA256
1b2d3d9c44d40532f9997a6bb78c1d47a5b600cb1a1bef68a78642b0a6f5c8df

SHA512
93b29f62bbd70fe6f18728697a4a097da39234ee5ea8731d2cbd203bb52c78fed97181a224bd990dd410f36b54df3ed52da06810355de3d9327213056773865d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d3e5d97a40b61e2ee3bd791bf52e5c29

SHA1
aa868f31f4a8d1837b3d0d315d19faf6b1fb07cd

SHA256
3756fc09fbaa1889a0838846602a6910836348acea5609fe7d4d02917a110a34

SHA512
abd3f617aa9fd3732ae06673c4e3ff3aedd9ae299b4ce7595e6818055e05f0f1f131dbfdf2ae510394289922d9582c22031215d80b81fd534aa4c3a89430c8bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
837384422dc8546f6f35a6ed5b25d7be

SHA1
660c04fa83f3dfb24daefec453deb39348854081

SHA256
a17f449b4e8f6eaf15491a6b6c06d0c29777113411996f05836c986f1c337b2d

SHA512
ea311766d057f3bdf195c960374cf16680818ef89529c9a8deeb5e71a2d7d09c82832026930af0b7e1ad43b65765c76a7c501a99470379704b2d45e210b25a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
7e0d4c079b698ead2aab9769e73d8f70

SHA1
8e532103318550ec4121c16a9b40972fdab96d01

SHA256
d11467f67e7b04f0451bdca360c9da6159acba0e937e2363de8b13d1bca4079b

SHA512
47bd3b1d629409b7099cde531c8544a6e2172166ba74f0bbd1ecbbfb3f9d96fdb6c7cf1a055efdebc7ff405176afbe89e6bd45f03cbe7a81ad3620860700be4f

Download Submit
\??\pipe\LOCAL\crashpad_2032_BYQBFYMIAXSVCCTG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit