hxxps://u[.]to/4wihIA

Analysis

max time kernel
141s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/4wihIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4988	msedge.exe
4988	msedge.exe
3756	msedge.exe
3756	msedge.exe
4204	identity_helper.exe
4204	identity_helper.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe
5596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

3756 msedge.exe
3756 msedge.exe
3756 msedge.exe
3756 msedge.exe
3756 msedge.exe
3756 msedge.exe
3756 msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

Processes:

msedge.exe

pid	process
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe
3756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3756 wrote to memory of 4420	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 4420	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 2544	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 4988	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 4988	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe
PID 3756 wrote to memory of 3776	3756	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/4wihIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e95b46f8,0x7ff8e95b4708,0x7ff8e95b4718
2⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:2544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:1996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:3360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
2⤵
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
2⤵
PID:3992

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5616 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
2⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
2⤵
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
2⤵
PID:5164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
2⤵
PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10542851822143447623,12296529177346098098,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5820 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
0bf67d8afeb073ced0498f94f596bfad

SHA1
d6940850ae1537f275d09fdd2b5fcb1f31ec0e44

SHA256
efcb32c352d106771189fa25a0f06e39ebbe754ecdb1b3591e286879cd9abdae

SHA512
1bbc41b65e6f24a0f9945f55046fe117169255d17ad203a361c3437fbe8871c509b9ee7f08e78c6fd501028ccff2403043425f457c359476e7e3cc7165ea4533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
216B

MD5
4f9f6716c4987aaf79dcb11da2814dd2

SHA1
446e74a671ebe1d9d4725fedebba4bc8b0fb08cb

SHA256
166f1a484f59834d36db371c1ea8b5809041b5a2601a4f043e9777a12baa0de3

SHA512
3f4a3e8ebf0a4f7275107f15bac7bfe460863611524bef556352543a21f65d7121d69a0115cc0f402b1d8f9441285530dfe60ca6f2b32a0cd3ed26d2e76fd25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
bbecc71299d7e49d2faf0aeab1c59fad

SHA1
ffe5d69c0fde3fb4464073680837fa8263e9d0ff

SHA256
e756e2cbf4912f37ca19f51bf2cc8c3e72ece853f9329ccf0b3006be50dbb45e

SHA512
5fa1a9ca5804557b1831bc33b0c15030cb3ab52aa28d0fca3371f31d547a97eb7956876f692aad8c646ae4adda64bf83b2880e63f5e3a2ddf24c05c87cac3fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
861bc8c25386b44407d43d9108c8f9c5

SHA1
73a9a4da5d2572280954ef87852b3ea1eed9c149

SHA256
ea05d2de92b4f396b8d67ffb9d84b1d39c15b4e85a9747eb7e662be3a3986545

SHA512
5bb7b2ef45f9d7ac2eb26cac29269000af83ca945e5d9a072664ef01053ad799337f5a6df5aee9dd0323360e6dcb4ac17e5dba12b8d0600679b13377df167d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3879dfe3e5a2ca4b63a9aa8953d20f86

SHA1
bb63687ac077b174e1105cd9dc68a2605dec3769

SHA256
d929c86bdd1187dd4fdf272c81273e0bfe52fba5d01f698ab8eb1c3409534a0b

SHA512
e025019c23383dc51c6f5b6e600d61e469435c38dd33ce01bb1b277ed903d9d42a84676233942743b12557034cdfbea96be50ed6e6f18e5c915ec5c43fab620d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
484fe13c15bffd114a51dbb99b31d3db

SHA1
cd09ff49fed755d51bc202401169074d45ea2390

SHA256
5ee8ebc32211f6833707b7a33c474f4fe09c0a9318bf2b8cdf942abeca54c03a

SHA512
95f319d3257673bd4bf79c0e8c489f871871536b6bc12e9fb0f307d4b17dc7562e9530d365de60ac2d498c9564247e21e2f160d16d7b24b56c89e3a02e7d2654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c813b48b6400cb4d0efd7e0a8c473fd3

SHA1
32fcecf7cedcac4712c4d521b46aa457803871c8

SHA256
8b039b99aad689dd95164c977be777982d1fac9be8a627cfff0e934dcadddaa1

SHA512
69d55975932bab97d0f8f421dfc8094588386a4794072df23a1ca52c5ddabeb3169d52bdc2697ed4e14902e7bc68b661ec58bc56bb326d1a9f2f2dfe78551064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c7ec5a4e-ff74-45e9-8ae5-4ff877bf1091.tmp
Filesize
788B

MD5
56efe6086de7cb37432884dd22be19ac

SHA1
c0f7098c13d2b7e09b0e5bd27dc03229571a9d34

SHA256
e08c57c4a10140b355aec5238718a494b2ccbc61c4b34afec9a8a89637bdce26

SHA512
d1147a3e31443f1aa9f06ac5b94cf0e6cc50cd8d49a18aa88e3446ec5472bf422f7b45e2031746555a8a87d773de57b1dd5f9cc3df4db721abda7b04e363a5f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8efcdf041f59c7def7b36f3b657b2bd9

SHA1
4ddad4b10f872fc21ebc63a52a3dabda026b8625

SHA256
932ef052e1a254a60c4fb1d989918ab8c5f8a3c58e3cbcb8596e8a83da994ab4

SHA512
e196e4bedefc97bf3751aee1da47270b95565bf6add2a472ac71be1f1333c55a0bae2d6f293890030e09cf4560fb727fc36ccfe1e6e55a0e1677a3e6fca07a9a

Download Submit
\??\pipe\LOCAL\crashpad_3756_FRDHWERXQFXGLNQF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit