hxxps://ow[.]ly/jBjR50RklEe

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 09:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ow.ly/jBjR50RklEe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3664	msedge.exe
3664	msedge.exe
1788	msedge.exe
1788	msedge.exe
3448	identity_helper.exe
3448	identity_helper.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe
5344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe
3664 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe
3664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3664 wrote to memory of 1796	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 1796	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 5040	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 1788	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 1788	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe
PID 3664 wrote to memory of 636	3664	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ow.ly/jBjR50RklEe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff59d946f8,0x7fff59d94708,0x7fff59d94718
2⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
2⤵
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:3684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:2644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
2⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
2⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
2⤵
PID:5508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
2⤵
PID:5516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
2⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,987396207311594679,3022907069726223821,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
360B

MD5
55f6dba2698ab8c5f39b88b338676e1d

SHA1
07b50eda4a8819a41eeeef16439a8f20d89b3bbd

SHA256
b8043f5f59554d7abcb34475df9fbd88a2fa4828434c42bd59636596cac2b70f

SHA512
b4d9d3943ac4151ae65ddb4e80f586482fcf277b9478d7f25193a3ba54bb6e6953e80538f7c4929dcbfbd61d2d0ee1747ce6d325456134262b8bfecb38d3627f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
4aad3505d9731acb8716716c41f8ab74

SHA1
411124fe03deec314695bca48332078f7baac75a

SHA256
8c71624291cdb6ffeb37726b2d00b3e024f9712c392d911b7adb3543b8d54ad5

SHA512
7ba82013ae4545bd05ce17636b273b3069d13e83dba27a45812be749dab5710a76ab91e79b8fa1a6150112b57a1eb64db5e8b5a36be4728fd1d592cd53e5950a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
478B

MD5
100a4aa2072c4acf028c6669bf301483

SHA1
7af99a7355911708812d6d9539bf23f530d84b3f

SHA256
1a0b56b765b83ba4b8f4f063aec17d3c1c80546142ff55e4f281aa4dcfe86b0c

SHA512
6036d0e7e764976344cc7a07d207150baebca988c483295aa7ca1cf8ef84306d074b3d71257c0992499e03069950e0077150fa0204ba227335989185e682580b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
6a1bef88d70698deffc495826b97d171

SHA1
8739394c5391d5122930e74a2fa5e487391a0eae

SHA256
1ff85a96d6782497aea51c8bd528a2680dd58baa51bad7f43491814e8db83be0

SHA512
6251533a1212198bc2a2aad037352c8104409e1273e52d7bec50522a0ded261fa2669acf59a98d7c18294da60d867f6bd2c15537aab87c6c2cbcc245d6e65c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
76b10c96a73bcd096cb923407db8acc1

SHA1
12715eddfd43b070368efb50b8bedc02e2275c13

SHA256
b489a5f5d75a458edc11593db95eb5800a7b1c9ffa904032163dd5d3a2dab170

SHA512
f52fdfc566468828a33933737db18b7465f8c94b2fb0cf82519f8cafd888e07338b22f11664bce6740784517b7d42c95ba62efef31cbb03e38e477632cc33269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
33bf8c0491c1733b2bb107ba42ae5d39

SHA1
b4d2867633928ed5d7891d2d3cff0401757ac42e

SHA256
a89ac2a3310e9281cc48823830a7b2c0d4f1da6077fcf42b8be6e3f162580d66

SHA512
aa9048c098740e49a72dc4351f85a3032a7f0c6539eca89194def9c252ab025706b805fb1f6515ba1491a8c9b6de7529d6265672e387e3ec2fd2087a45c26690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
00caa800f7f07b048de7f68032b0619e

SHA1
f6023d48c95fe6f94c0e41130e8e4b9551fb6551

SHA256
c325be6e11b0a3b50ad000b1df839bba946ed6601e5033866d149d6f5320904d

SHA512
05ee372298c1e961141b4847d33658e6e7df0a3979f5ea1c2c41e42e790a2c1ef3df55b951937dd17e12f7299cb6727863b9e1a632f02d9969e9228a9957a25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
534B

MD5
a6ee408c77de90810cfcd2bac581e0f6

SHA1
3c9ff14b9fdae6296d19ad9120676f7840ff212c

SHA256
d834abc40343e18dad8144124459b9b4542eceab569df7472dc0637a2b432d5c

SHA512
6f01a26c858773fc3235ffdecb0c302c91e27ff1bb4433960ab8e047c3b3b5f862d780978c6314dc754101e5a4f5039da9cf052a2c7cd8712dbf6f7e347c8402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
534B

MD5
c1e8110310249f32dfb551421b655f05

SHA1
b11f97690369ba5c31b963dc3b85909f9dcbabf4

SHA256
36e0b095134e2ef8cf9fafe969e157c69ac4a768712401e0b7cff8422d5eb878

SHA512
dc5377465f9cbb8b449cb833a4fe6f191d74ec54eac621214b9101802934b5ea15964ec3ffbfa04af9d23f2da54c840f2168fd356cc7c50325050c2122ac5145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d774.TMP
Filesize
204B

MD5
bcf9c65cf82c6afc50e6f2081df2eec0

SHA1
3202862e01bf32b815bfefb03716c22bdbd2213d

SHA256
b8c20b95b620be4d90035e6d019cca575e1600efdfd199dbac00a051529aa313

SHA512
ea791a9123282eea1eee6174a9b88ad72eaf7c35d52bf7d8f4e2a2e328bf35d3345a2667299f587f26f9353daa2148bb323c57062be66a0084450baa220c9d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f99ade4ec2c7a28448b92f7b13b2850c

SHA1
661032104a6bcdfaf8d7689dbbec81a9d04e14f5

SHA256
0fc96e4257b711821deca1951aff63b321e44974b8d079c753430fbba86a882e

SHA512
8589995137c9122496ee3f4cb99495d325e78703050fcdc03cc4ce69b2c9d1b2dbaa160e738d365a0a8bc3262c8afdfa34fbb7691ab03866808d768ec5d0e7be

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3664_ZSISATAYAAOVAVVW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit