hxxps://chromedino[.]com/

Resubmissions

23-04-2024 14:22

240423-rpz8paha2s 1

23-04-2024 14:08

240423-rfvlvagh98 10

Analysis

max time kernel
51s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 14:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://chromedino.com/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

3008 msedge.exe
3008 msedge.exe
2736 msedge.exe
2736 msedge.exe
5424 identity_helper.exe
5424 identity_helper.exe

pid	process
3008	msedge.exe
3008	msedge.exe
2736	msedge.exe
2736	msedge.exe
5424	identity_helper.exe
5424	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 5836 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 5836 AUDIODG.EXE

description	pid	process
Token: 33	5836	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5836	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

msedge.exe

pid	process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

msedge.exe

pid	process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2736 wrote to memory of 1104	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 1104	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 2852	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 3008	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 3008	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe
PID 2736 wrote to memory of 4328	2736	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://chromedino.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb2f1546f8,0x7ffb2f154708,0x7ffb2f154718
2⤵
PID:1104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
2⤵
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
2⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
2⤵
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
2⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
2⤵
PID:1676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
2⤵
PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
2⤵
PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4968 /prefetch:8
2⤵
PID:5784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
2⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
2⤵
PID:5704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:5256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
2⤵
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6560 /prefetch:8
2⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,4292206002278358629,12174851966705445830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:1
2⤵
PID:5768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x4b0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
d12860258f9dc1bf5b16842b5d844017

SHA1
2da90cf6d336e67982f8d356ba32dd92f4ccaab7

SHA256
8f1a1061f22c7c17bdfaf2c99cb143d810686259e9f343458c3f49f7e67a462e

SHA512
8a9efa32498d16a191659e66120645f6255a08583e0e573b04036a361dfac8c0394bd4eaf1bf9a5cf144933329a81a126b02c4982bf872df487b88093e864ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
388aa7af53c8659e723cb64936dab9b0

SHA1
486aae97142a008f9627d816624153168de592a5

SHA256
8debe6aa32d67f183f66a85955574cf83440a566f56451e7eafa4f17b63ec6f5

SHA512
f04206ec190b9c6c6a42383d36fbd15b6efa2437cc414e074b4789593de0adec3372def8603b6a946ea6665b7633e1680dbdddcc6ad6e8f2c39afa2271cd8935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6f0d34a8fd8cb5bcb27b6103b9b5a65a

SHA1
9a8d55b511cde0979aeb093177095b6e26cc645a

SHA256
56384b35c49c7ba883bf0be6c696a9c06b8f0724de97f4ebc07d3800a44a062d

SHA512
b5eace29abd154a86eca52aec365c992509e329164ec3f6a4a35c517022ffc127561e9a6fc2b64f8f7c231def71a27b5e0ff5630aeca46ce351453052bcc4757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
bc22c243718a573a1da4a9d7b578bb89

SHA1
ebd49be3f46cc90468aecd5a597a56a1a68499de

SHA256
8dac5606639b6b4dc594517238cc1170da0461b6a11cdbce78a23f7c40d65072

SHA512
1abc1ce42013fb56ea0c80a3cb57d5fad3e6705e539966d3681128db699eef22e7c5a39a56e3774f3f2df3f11fbc549fe83ae30c4d36d5c509129a408cbf97d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
8bfcef82a0dcf20dc6c5bca0d66082e2

SHA1
84efa0b34a34d5cf2a1b7876e07bc85eb1d370b8

SHA256
8d8559c08d95a47fdd33347ad50ce688900473a71b006ad853bcda8451e9dcf6

SHA512
c5c73164946136b11e2c23dd2079b7aad4ef8d816f87b5ae66b8e4f08acace21cf7c6b991c0d23f22e1ca42405b7135150555f5fce9dc8db86d586b841f53816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
30a4ae13530ea084ec93e6cf1938fb7f

SHA1
075c21a331c2b78f7fb9954c4b3ded81e891216e

SHA256
0470d1c111dd2fc396deef6cc1123bc9193f91ecc3ebab192fec2ced30ad7176

SHA512
285ab573707330d7e2c2df61a0c31bdfd49ebef4255ddebfeb472b56bc2b86627396f6f87282c57a95595462178a6e305bd2202f901a166310145da6a8ec8808

Download Submit
\??\pipe\LOCAL\crashpad_2736_YXEBTPCFKKSQMYLO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit