hxxp://catfacts[.]com

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 22:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://catfacts.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

3056 msedge.exe
3056 msedge.exe
1892 msedge.exe
1892 msedge.exe
3844 identity_helper.exe
3844 identity_helper.exe
3548 msedge.exe
3548 msedge.exe
3548 msedge.exe
3548 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1892 msedge.exe
1892 msedge.exe
1892 msedge.exe
1892 msedge.exe
1892 msedge.exe
1892 msedge.exe
1892 msedge.exe
1892 msedge.exe

pid	process
3056	msedge.exe
3056	msedge.exe
1892	msedge.exe
1892	msedge.exe
3844	identity_helper.exe
3844	identity_helper.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe
1892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1892 wrote to memory of 1884	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 1884	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3544	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3056	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 3056	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe
PID 1892 wrote to memory of 2264	1892	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://catfacts.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb1f3c46f8,0x7ffb1f3c4708,0x7ffb1f3c4718
2⤵
PID:1884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
2⤵
PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:2228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
2⤵
PID:2396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
2⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
2⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
2⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
2⤵
PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,12343385077821749778,552022828762067441,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1696 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2536

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\031cf0c5-2d65-4674-9724-cdad08590e86.tmp
Filesize
1KB

MD5
1884c52b3cb0f05d4a258e5e3d2c3da2

SHA1
b26b6412a481e541ed3cdf546615f300c7316cfe

SHA256
2edab9e3f08d1f0f3c461ffe718237e6078527c0df4dd374198fcd6fb0829590

SHA512
ea6d1388ea054eeb4f8b407e15f9f465a32d5a135b3ac258ba5938dbcb9f96beefcaca5b8eebce9706160f9a30f49f1306c4e55add5effb15f8e60b294541705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\212b8b9a-3d24-46a4-b4d4-f212da4ecc8d.tmp
Filesize
7KB

MD5
a2c6f692ca495c16cddee7b86dae6731

SHA1
582ec6d054992ad96948f868a6d6c6ae545b1714

SHA256
31bc1f3d0bc2859e9e95feebbbe277224bd4803ada283fde1b05e11eccd0153c

SHA512
3a0f1d87503491b3345780ebc4b6b875c7469dbeb8a8179bda282b1305122caa40d0724a15b31b0ba56c8fb1a4848936e3e572bfe9f7cd1b7b05d46c6b7ecf68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
504B

MD5
64fb5842cebbf7be6d05e8c673597fec

SHA1
3dc1beb1ed321f2c9f9e1c527fb74a5d5a0e7f34

SHA256
01ec369818e558dd19845abad0d9e4fce76c79ef4cad80924123bc17fd8bf9af

SHA512
2bef8a27f51145aba0cbdc37028dd71ad8b7338cdfaab5d9755d14649cf791181b76fbac998b0a8ce6a89a8aff71e9d386835ee9168f3e287baf2272ca9ab886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
888B

MD5
10037c5cd460a04454623b704cb7693f

SHA1
be4744472c833c5d4160e518856dc43b7d64f10e

SHA256
0654b6dc43e0c6f3840576058590c90c373e1f724855cee6e83a62188d40c8b8

SHA512
28c3afd4f3a2e201edc89534f8f8d01538dd7a0d3e93e287bb7308591bce80585da8720b83b1815659c422644c0346089595f13645c7439dd927ce5ef7cfcf4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
01ced7aabdf0057f2ee15e8428053a88

SHA1
b17a5d2e3a4fc38dd1e096ce6844ef1eb38c947b

SHA256
17efa001b1bc1fe823927de97773af29523140363306d44f09488a4fa5fb2678

SHA512
06975235dd933e4edbb5433e110f0902b02fa9849311644048d49b791318638eea16d7180f40ad6c3bc5983fbd2ddc78b0ed1fab723a96ef8b322c2c75d36231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ba81ddd9e02b311224218c604727b457

SHA1
f92fd4248146467f71508fc5d15a28c8fe3c0285

SHA256
d66b8618986f7acf82c6c97cf4202776162934b47d4b1c5bf503b0549cb950de

SHA512
4f316cc31508d0374a66584e836515223bdb1af2e8030cdf89355cecf279687327ddf43e5fbcb6a2459071e73f07cee137754ca768f007aedfe9b2a65205383c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1c38e9f5abbb0badfd43c93a87d0f7fa

SHA1
d97dc1c9f80c7837dfa41530c50368017746f19e

SHA256
499ea4f5cb82134bb8e2dd974ab546af0182778c8bf00ba362b12347c26fde8d

SHA512
bc28a0276fc997c3ff30fef601da3f9f8c1ef58f8ad418d30ab1aeb925d19bb4349bcdf63428a9229d946a04b98f1546660426db820ac92232ff68074f87af3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
b41018d1a6ba815dd18b0c2e4cbb85f4

SHA1
3fc5c13e5d9b7d42748b22a5c47354b617187c29

SHA256
52f0e003b0420c02f97e0280c1624eb84c903ddf58781a499e17d85bb1014e98

SHA512
af6c3c1e1cde681dfd08a9493b2aa0de6d43b892c38bb98f6a1b8f59401896b9493d3001b35f89491368e7ef1684d6e85b66c3e038f5d52dd8588d97f549ef10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
fb1aebcdf6179e668b384a8c1d95bc7e

SHA1
07fbabadbd0974651b4a71e01636d3e5bf9ffc23

SHA256
a14ec855f7794a1f3978b7ace6df6e69a1d416f8b319040065f8959c09eb645c

SHA512
32994eddfec81867b64778946a4f307d4ca1f254b3be84e18f15e1b87aa5111baa1034a45721af907bb0acf5d0429b53a0235196cebaedf647ed079775c640ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579606.TMP
Filesize
1KB

MD5
b69a58ec62a099705f2e39f41b67933f

SHA1
d281e3e400f457cfd7cff4482648b9e7fa084d90

SHA256
66fb13e78711357f199b2074b96b627292ef76b7e995a3e3f74b412a9521b848

SHA512
a47db539aef0c6cb1e4e005f64d547551ab9e21232aa50a805a38e5dbc064a4efe1fc1b9b2f70828cc33285964e12e333db3a5fd0a25ec4a66cb4a89e7897bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cef93f7f-a180-42b1-beed-946807768e4f.tmp
Filesize
11KB

MD5
ab4947e87b839c1e7d43864ce7bfcfad

SHA1
7c293ac9b1b8ba06c99a41a172c368cf54cbadf4

SHA256
424e7b36102596d71625205cf728b12ed97915fe862a17182a9361e791601b9e

SHA512
72e4eedbe92f6a3231067a8dc4601958f1ba126a62820b17179e632c15ff4eb43b5e21de3258c10a08b803ea438eba32fdcb2a321eea89bfe826433c244910a8

Download Submit
\??\pipe\LOCAL\crashpad_1892_FLIIFPLECLXVMMLV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit