hxxps://bitly[.]cx/oQ9k

Analysis

max time kernel
148s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
04-05-2024 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bitly.cx/oQ9k

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2944	msedge.exe
2944	msedge.exe
3864	msedge.exe
3864	msedge.exe
1764	msedge.exe
1764	msedge.exe
3988	identity_helper.exe
3988	identity_helper.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Processes:

msedge.exe

pid	process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

msedge.exe

pid	process
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe
3864	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3864 wrote to memory of 1100	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 1100	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 4476	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 2944	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 2944	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe
PID 3864 wrote to memory of 3624	3864	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bitly.cx/oQ9k
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffefc073cb8,0x7ffefc073cc8,0x7ffefc073cd8
2⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
2⤵
PID:4476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
2⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:3792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
2⤵
PID:1120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
2⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
2⤵
PID:2096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
2⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5236 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1764

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4476 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2972 /prefetch:8
2⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
2⤵
PID:3188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,7491597820599819914,15688497171804106221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1124

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6e498afe43878690d3c18fab2dd375a5

SHA1
b53f3ccbfe03a300e6b76a7c453bacb8ca9e13bd

SHA256
beb39e9a246495e9dd2971224d23c511b565a72a6f02315c9f9bf1dcfae7df78

SHA512
3bf8a2dd797e7f41377267ad26bde717b5b3839b835fe7b196e748fec775ffd39346dba154bb5d8bda4e6568133daaa7fefa3a0d2a05e035c7210bb3c60041a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8b53ef336be1e3589ad68ef93bbe3a7

SHA1
dec5c310225cab7d871fe036a6ed0e7fc323cf56

SHA256
fe5c2fb328310d7621d8f5af5af142c9ce10c80f127c4ab63171738ad34749e1

SHA512
a9081a5a909d9608adfc2177d304950b700b654e397cf648ed90ecac8ac44b860b2cf55a6d65e4dfa84ef79811543abf7cb7f6368fd3914e138dfdd7a9c09537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
4a5a2b254536f0446facd167d8823be7

SHA1
970c5efcb77b6608ff369cdb94f3e55d10378c19

SHA256
71fc7dd0903afef85014f3c6de0e1beb3b8da9ee14d3ed6d17ba79f20d262ee4

SHA512
e3f7ad8740ecbab4a64a14f548ad11ac4bb8acb1a298f583f695706891f8c4fe0ba187074687d395493fb821a4ca5ca1eb19209d71ac536426db3b8755d5f991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
517f91306472a74c550bc0c58adc1f46

SHA1
4dbfd883adcf0c66c744a839a16bce03637d117c

SHA256
89c54a0eaf07539a8c2e8e7cee2672755dae5fa50e1b6feb40a4cac57d888079

SHA512
02390e312a16cca578cba766c456a532255e1f373d1aa31f60188f8ba34773535f9038762753bac6193f699fdce9ea7e8dc4c01db6bdfd9b5bb4fe77dd95271e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
004c753459fb1ed4f669d0f1a34621b9

SHA1
1f9f178ec9e8b95119c0a48770b811ec48949a62

SHA256
21f43af3568b7fbdcab21e1b7eecab3a0da5cbe8c5f577a3d50be42e43c4d853

SHA512
d4082edf5e4b91533b9dd6fb5a38757a3ecf2191b6468347b8bb22b6e920d8abb9f27bcd715ed4fb3b9a8ac42c53c59dc441e76c247ccb8de86dc924b617fc37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
566eef603da1fa06a62209171352e1b3

SHA1
3fd37f706717a743792a86c352462354d702ba83

SHA256
46daac1cd9031468ff1ab32b60bb35c2292ef0705a91735224a826cdeb0a17b5

SHA512
d70f15b7ef021e70208654a155fb70064a6bfb14fc135df029a6069fffc8c24c63fe1481f43e75ed7893a3bf9a08b1cb212783ae3ee4ecaade3521cd636a0e53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f9bd56d5176928b6461eda8a922b931a

SHA1
63176dcd2f4006becfb1192f25ad8cc314eb7a6e

SHA256
686d46ef27b268b0ac1bd1b03ec7e831434e72e5319bc7b9a0042bcba6afcda9

SHA512
41911bbdc6c3230df058313f9db24d5449c6dccd3a9baad500cd2648da45a670d943fd9a1e15e798d2c1d2fa5f326b61a5728cf55d71769009f892fc18c658d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8017fef18bbea005eb875429885500f5

SHA1
a341468d77c83f666d7b708ce4cf3c5b9fd4e450

SHA256
02ca77936698be2fbd7880a34b7883466a327d2f5e70b7c1ae0b511e6297d896

SHA512
dd8130819b2933bf09e16f48f8065d73295b98430b1c4bbd36525bab3703d4f6dcb3e3ed9b6ec89f8e097441d5c573300c2e404d2fcd0ffd0a2cfa2e042b226f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
1aec74f317d9a7bd9fbfbddaf1de38b0

SHA1
f4619e2ab27acc4b3a3683446e7ca706cdb6da06

SHA256
10c86c17f6bd1df2becdfe2660490d8c75c3b8283fd49661654f8cd6e51ff398

SHA512
2ca349ed0e0d3d4bdb491b2395e1fc016b455f13d8cebbe7253c39182a93720eaf02c010fb224f901a7e00f937e6b96a3035fb4755dcd166e9ffb797740b2de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f52d7d1c924aefec57b47510c9a9c1f6

SHA1
f977af038d8ddbdda879a87c9b1c5820f08cf854

SHA256
7e19edd74852504c1902eed6b1430a4a1a7920997bee3647e70148d583d6faa0

SHA512
aada031aa41fb0e88d8c1b73b8b2a691e5511e4d4979f342de3a8c9819f74adbca7008f8bf9a226498c0de821a0509941ba9ca4d312a2de7c3eeae573b28f8c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9ee74534e0d592322d9ae8ba3676912d

SHA1
9d36c5f079a37ca4b2239b39f76665eb32b12550

SHA256
5f78518e7c7349ca9b83b79bb557420b8c27e26fcf0a0f5df15204d9dc0859c4

SHA512
5f9107850f5ac24440eaaf1ebf35de3b09b38ef021c9af90ada10e2c4529dbe1edf7f559fa8180249abda42d4dc47aa15977c49dfdce264e07d4d46727eae427

Download Submit
\??\pipe\LOCAL\crashpad_3864_QTCTBVAYNYWWCUXG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit