hxxps://envs[.]sh/hzj

Resubmissions

28-04-2024 03:02

240428-dje4nsfa4z 10

28-04-2024 03:01

28-04-2024 03:00

28-04-2024 02:57

28-04-2024 02:56

Analysis

max time kernel
1680s
max time network
1684s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28-04-2024 03:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://envs.sh/hzj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

384 msedge.exe
384 msedge.exe
3760 msedge.exe
3760 msedge.exe
1412 msedge.exe
1412 msedge.exe
1876 identity_helper.exe
1876 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

3760 msedge.exe
3760 msedge.exe
3760 msedge.exe
3760 msedge.exe
3760 msedge.exe
3760 msedge.exe
3760 msedge.exe
3760 msedge.exe
3760 msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-891789021-684472942-1795878712-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

pid	process
384	msedge.exe
384	msedge.exe
3760	msedge.exe
3760	msedge.exe
1412	msedge.exe
1412	msedge.exe
1876	identity_helper.exe
1876	identity_helper.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

msedge.exe

pid	process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

msedge.exe

pid	process
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe
3760	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

4428 MiniSearchHost.exe

pid	process
4428	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3760 wrote to memory of 4088	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 4088	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 2932	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 384	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 384	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe
PID 3760 wrote to memory of 3192	3760	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://envs.sh/hzj
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe71233cb8,0x7ffe71233cc8,0x7ffe71233cd8
2⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:2
2⤵
PID:2932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
2⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4264 /prefetch:1
2⤵
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
2⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1412

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
2⤵
PID:836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
2⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
2⤵
PID:240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4038828447402164300,1460418813456989004,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1336 /prefetch:2
2⤵
PID:440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:1684

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4428

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6e498afe43878690d3c18fab2dd375a5

SHA1
b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd

SHA256
beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78

SHA512
3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8b53ef336be1e3589ad68ef93bbe3a7

SHA1
dec5c310225cab7d871fe036a6ed0e7fc323cf56

SHA256
fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1

SHA512
a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1d5b6bd59e6fb7ebd54d67aaf23afb69

SHA1
3f9980a5ddcdec4c8f76dfbc6121cffff9cf8883

SHA256
85ff6fd4b7c3841df3e2a2dc8dd546efbf5ba6f5b22c7e9595ae57d707b8f74f

SHA512
fb046b5919027599acab3e04a7555d6931cce4d09ec1fe1eb210bdc641b094ac4ac3908c38271e1b4fa330c9d7b413a0f9f3841de554e0ffb2d666779f26fd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b9ba87c44c849018248bdfe0607c7f9e

SHA1
cebeed35a3e0e0fd37fb8cfce804cc7180b25b25

SHA256
918e7c4287bda7f8f2a3c78eee48b2e66df3610fa0f4b62c718ed4717ef5c7d1

SHA512
a92cdae68287081faf608c0dbd9a2752b2bc062b75aecbf77d7ff258da875511ad9e55cc723250f9978452294f84c8962b00b55e0a697b6ff9629fe199b84d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
2a21554e5b118188b697c7154f9d45c6

SHA1
91f476ae30194e38020bff4261a9aff414896b07

SHA256
4d8228e322c74aaa13391603f46522d36575207c31d9a0cdbe61b49ca5c92bea

SHA512
b1194fb313e324ee88d82667ce16d3565c7f67b77a4a63b985aea1c84e3b859bbd35645e9d2279e7b18ed9225af19a5cd9123900da6a1d120f6cacfd93b43d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
3b54ac6ce0925f0eb62719ae787e356f

SHA1
0d9cbb340491f158730e9444f9c33e386be24e50

SHA256
cd80464e0174dfb6363d09f510f36dada50a3bf6670e16d682125b0c5f5068a6

SHA512
580db3bf2ffdc4a375e8db5fa68a9400a92eaf407373940901234033f664ae4c0954f642bf1dcd522782f32dea2f1ed24060020babc5c0243ecb24c7d3f09e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
8KB

MD5
2c82e3741c5c1367815769cd5b119762

SHA1
975c558a8dd907deece1febd3a22b08d26be0342

SHA256
8167677c4c9cf07968169a313b411add9049c94f30043853b4c055e462d94088

SHA512
323559df0a089f8fce3df88da1f7164499a8e854894436a74451e7c8e9db747e138f171e29d3c41186dc28c8cd4656165e50c317836453d349dce6bbc03e4ece

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
2f686552f463dacb3a39e97d1a410c9d

SHA1
e4fe9947c26763394b6cd14fa1df940c9af7de73

SHA256
6cad84b8c5018d81884c058a9c3482291eaed55fe439371ccf677519652b51b6

SHA512
9eb4a075437e51691420c8c25c32a905735c686f6ae2206a852405a3eae902fb6f66e23b8b817e724505257a78c8f174481bdd4b6f229d2c899983c77826a449

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
52b2c896bd2592cfba6006c70afb9c33

SHA1
85b5af5a859462eb5b9db12e9bdaf60063a098cf

SHA256
899500eb02c81213d25e4d0b76cd212b00d1c846cc28e49d2817871bbd41f4b7

SHA512
aa2e60992dcbe782d185517369e8dbc440d84b3f4ba098125907eaa416bfadf7fb5f0fdf72dcfaa2860756a6d861e4459245f87b6b02b37218bf19caf5d36bb8

Download Submit
\??\pipe\LOCAL\crashpad_3760_HONVYNMIOQEDUDSD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit