hxxp://tracking[.]collegefindme[.]com/?xtl=6hv6zn9vst2fohe13har8pke275w0114svdf6mz8sh7wyv9gtc2alsmhtuhy3vmqnq3n85wxpohoss4679kjhykirnvb6jv1pb4wq65agx5u3cby50evalfjm208giv4pq3yomik54u3b659vbjowmmavizyc2fpff823g7hepaj53zuktwnq91tl98gkht06p84vur5alrhrvw1rtlqiu82wp6eql5x7f8czjf9l8swd08iwlpw58lxih6g3oswvfbzwlytuoqprg5t&eih=1l5wnyt7mvmj0rn8kf13pz70crct&__stmp=sccssz&email=rcolwell1@ewu[.]edu&first_name=Reynard&last_name=Colwell&newestsource=&Source=&YearAdded=2023

Resubmissions

22-04-2024 22:08

240422-12b63aha6s 8

22-04-2024 22:03

22-04-2024 22:00

22-04-2024 21:59

22-04-2024 21:57

22-04-2024 19:29

22-04-2024 19:26

22-04-2024 19:24

Analysis

max time kernel
23s
max time network
24s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
22-04-2024 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tracking.collegefindme.com/?xtl=6hv6zn9vst2fohe13har8pke275w0114svdf6mz8sh7wyv9gtc2alsmhtuhy3vmqnq3n85wxpohoss4679kjhykirnvb6jv1pb4wq65agx5u3cby50evalfjm208giv4pq3yomik54u3b659vbjowmmavizyc2fpff823g7hepaj53zuktwnq91tl98gkht06p84vur5alrhrvw1rtlqiu82wp6eql5x7f8czjf9l8swd08iwlpw58lxih6g3oswvfbzwlytuoqprg5t&eih=1l5wnyt7mvmj0rn8kf13pz70crct&__stmp=sccssz&[email protected]&first_name=Reynard&last_name=Colwell&newestsource=&Source=&YearAdded=2023

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2968 msedge.exe
2968 msedge.exe
2180 msedge.exe
2180 msedge.exe
3144 identity_helper.exe
3144 identity_helper.exe
2060 msedge.exe
2060 msedge.exe

pid	process
2968	msedge.exe
2968	msedge.exe
2180	msedge.exe
2180	msedge.exe
3144	identity_helper.exe
3144	identity_helper.exe
2060	msedge.exe
2060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe
2180	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2180 wrote to memory of 2752	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 2752	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 916	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 2968	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 2968	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe
PID 2180 wrote to memory of 4240	2180	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://tracking.collegefindme.com/?xtl=6hv6zn9vst2fohe13har8pke275w0114svdf6mz8sh7wyv9gtc2alsmhtuhy3vmqnq3n85wxpohoss4679kjhykirnvb6jv1pb4wq65agx5u3cby50evalfjm208giv4pq3yomik54u3b659vbjowmmavizyc2fpff823g7hepaj53zuktwnq91tl98gkht06p84vur5alrhrvw1rtlqiu82wp6eql5x7f8czjf9l8swd08iwlpw58lxih6g3oswvfbzwlytuoqprg5t&eih=1l5wnyt7mvmj0rn8kf13pz70crct&__stmp=sccssz&[email protected]&first_name=Reynard&last_name=Colwell&newestsource=&Source=&YearAdded=2023
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xc8,0x10c,0x7ffe71b23cb8,0x7ffe71b23cc8,0x7ffe71b23cd8
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
2⤵
PID:916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:8
2⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
2⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
2⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
2⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
2⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
2⤵
PID:3136

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6724 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6388 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:4300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
2⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,789273513383854376,9558763287940380973,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
2⤵
PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2828

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0fcda4fac8ec713700f95299a89bc126

SHA1
576a818957f882dc0b892a29da15c4bb71b93455

SHA256
f7a257742d3a6e6edd16ac8c4c4696d4bdf653041868329461444a0973e71430

SHA512
ab350ca508c412ff860f82d25ac7492afb3baf4a2827249ebc7ec9632ee444f8f0716389f0623afc0756f395cf00d7a90a0f89b360acdf72b1befe34eecb5986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
21986fa2280bae3957498a58adf62fc2

SHA1
d01ad69975b7dc46eba6806783450f987fa2b48d

SHA256
c91d76b0f27ccea28c4f5f872dee6a98f2d37424ef0b5f188af8c6757090cbb5

SHA512
ae9ba1abe7def7f6924d486a58427f04a02af7dd82aa3a36c1ed527a23ec7897f00b0e30f22529e9599ae2db88e8abc7ba8013b426885aa3c961ee74678455f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f8ce0fe16e8a72e4a17a71ffa20a6f48

SHA1
ac595db35e52d46f90403593498a1849375849e6

SHA256
7e635877ecf8ce15d0ddf13a50ec5da737a5e640623cdbc20f915ad9f4bc4748

SHA512
9b41b6f3a36a320ae1e97a7637eab2e02ff7bf79ba4a2e5d22e3f70a34fd7418549624ee387d9edfdd228f4c328dc547f8275346f7b560c4c5f91af3c1edd7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
258b57d138f63a3632bc4297f7e6222e

SHA1
a061e12ce561d0054e2899d0a41c5eb61afaee79

SHA256
7cc6adbbc04d039401f81ed75fc9dd1eb5273fa63ab0e89a73eb109003070e2b

SHA512
e138286d96c583cfd55522b120ea08911cc274827878c3384e70ab767febf8f874f0262a809f0f172d4e17a4eb9e05228cda85d98660c394e2601e6034db7d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
c5eb9e5d392612b0f3b39f37d163f9f9

SHA1
1168c403dacbba9b4a7af7f0d097f56d15a615b5

SHA256
5cd8516b24188a77d2c85515760cdea379f3d50ab5cff8af25ae03e584334b5d

SHA512
9ee5edb20d17fb1631a2bbe0b3a3e25fefa16d2396035921f944f2be9856d48b9cf7f108c7973d0b3739f5080a3bb3b8c45adf71628933b387f777ae2663afb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579f6c.TMP
Filesize
2KB

MD5
ace571cdfb3623d8409c3558791c2892

SHA1
164ed12636964aa5626ee1eb3a1a8e5d42d18c73

SHA256
087ba8c10c4ca8c21cf1719c7c879ad098f2638a06ef55f5f26f91c0d7a2cc19

SHA512
4884c32ce3633464a8c87adb7e47c4b2080f3abde176ef59be4459937d44e7cc003785e0da46e15bfa53607b259941888bdddb6281f18b24bfaa52ee466f2a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
23d417ad1a69b5c8556fd221ac4e1ab2

SHA1
82aeab361a1c450d7afb9bde9603d3e647b9cd46

SHA256
94ad6ca9c18ed5d782509b3a0b5761deb07da838fdebec99bde3086a94321c89

SHA512
4a73e4e24c54a02be0cd554baad585c27faa781f0568ff9a63e5c810c85a43474b5c453d2fa58c8b9413b28a12e0d60c9856e3a72933735e1db19e0df9b04641

Download Submit
\??\pipe\LOCAL\crashpad_2180_NMYGBZETKMDRIGYR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit