hxxps://bit[.]ly/3Jn9tO9

Analysis

max time kernel
149s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
19-04-2024 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bit.ly/3Jn9tO9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1336	msedge.exe
1336	msedge.exe
2112	msedge.exe
2112	msedge.exe
5108	identity_helper.exe
5108	identity_helper.exe
4556	msedge.exe
4556	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe
2112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2112 wrote to memory of 32	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 32	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1160	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1336	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 1336	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe
PID 2112 wrote to memory of 4028	2112	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bit.ly/3Jn9tO9
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffba003cb8,0x7fffba003cc8,0x7fffba003cd8
2⤵
PID:32

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
2⤵
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2332 /prefetch:8
2⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5596 /prefetch:8
2⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
2⤵
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
2⤵
PID:3516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
2⤵
PID:5016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
2⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
2⤵
PID:4944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
2⤵
PID:4024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
2⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,3734421098626082986,8388694947320726473,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2616 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3004

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6e15af8f29dec1e606c7774ef749eaf2

SHA1
15fbec608e4aa6ddd0e7fd8ea64c2e8197345e97

SHA256
de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c

SHA512
1c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3e5a2dac1f49835cf442fde4b7f74b88

SHA1
7b2cf4e2820f304adf533d43e6d75b3008941f72

SHA256
30bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce

SHA512
933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
4f10028bf9aabcdf38df6d867874c7da

SHA1
ffb0006a3df3fc494ac85e95266f96fc1f84c557

SHA256
06bb1c0ef2cb21aaa66a782059204cefdc9024844a9d06ab3919b0ef3e3da8c2

SHA512
a3891713a4968b0d55d7cec2ea419d0289a08fb74fd088fea2ea50e879ba43ec62a0d5bcb18eaffd211a81703f8cbc9c1bacd9dd49a76b0d8209ae981e575572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
6061ae477864c3d7d0c223894af8ec9b

SHA1
adbf5472d78c8320e38f43dd730af1115386b7c4

SHA256
b1126a4d831acff4370ff106fab7d21aac8610e476473e276e00489ce0660ede

SHA512
6a0ea8ec87b7698b1b91d9c58fae0094f89df39669cb64baa39d07c833c392c9ffa2fe8df29b9fc7c23569a6195527a5419f7660360fb3b901f1332dfab583b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
5def88c2e0122084ded4c94fda64dbeb

SHA1
30925f55a28196e695db38f0c4c733371617e85c

SHA256
e85f4bedaf45a526831632370de2879be6c40ffa10d6bc644d98e5928f069702

SHA512
9a506553c6c1ea6e944372d0938c70f994486c107371b77c8e24de7c8e14f6bac6c89feb151d75f73378a85d06fdcdcbea9341bf0786323229d3b4f6fa9fc769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3e966ed30eea93e4d3618baf023a2c92

SHA1
25f3997c3b92bdeae210b1d86a53a54994a1fb06

SHA256
95555be629e0dd24d0b4542f0248039d5de1e28613623d011cdd39ac8e484dd8

SHA512
b04a14318dc8bc446fa4d2d145f6fba06a7f564ff6810bcee249d276645028b1fc342f834ad8467c83f1026a75571e94a1e7fcc96b97a4079d1bd4328c3b0180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
31d596de469b6b85a6ce58c7ca138e68

SHA1
38db7e4974774b0b2487c8e3b215d5f3842f4d80

SHA256
fc1bbdff9cf51f38cb71cd95eab0029cffb45a5043d55171c2ca83fc6a3a01f1

SHA512
cdc2b791ba72e25025e92d44e9ab2d14f4e502fef8f1ca596250ffa94155966435957d8266d9c427dcbf14d7275e254c36a324aa7fba7bf67fd18a451c5af5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
dc7af8a5052e09724944daee44dbfab1

SHA1
c1164adf60efbf0f15bc53a1f24958d432d7651a

SHA256
f023e59607f86514200f0cc215e23aa7101d3f10e2d867b4de37f62fcbff843e

SHA512
9ee01e0faf66b142efef421e0bcf9fd328602eceb96b9be0b55c313fd677a889b15eb09aafe6fe36118646ca89bfeff8326eb68845a5706dd02ecd56d73a2d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
95e85653913f4063cf096b4cb0df415f

SHA1
d8921c7e05d5c1a51fe575281b70ead95cb2969a

SHA256
1f930637b5ad30b5bde4d8b528e3b9d762817b911571acdd094f838906e3fe01

SHA512
35d163aff370b02fd43306fc3ae6cdaa44a82b57eb7fafdd8718606e9f71effd7612e6f5a5e0b128de572b9bbcd36c8dcabb1ae8222245e68befb1c2f49623e6

Download Submit
\??\pipe\LOCAL\crashpad_2112_SBNAGNYOEAVPERLL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit