hxxps://bitly[.]cx/rgtW

Analysis

max time kernel
480s
max time network
509s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bitly.cx/rgtW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4084	msedge.exe
4084	msedge.exe
2812	msedge.exe
2812	msedge.exe
2172	identity_helper.exe
2172	identity_helper.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

2812 msedge.exe
2812 msedge.exe
2812 msedge.exe
2812 msedge.exe
2812 msedge.exe
2812 msedge.exe
2812 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2812 wrote to memory of 1624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 1624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3100	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 4084	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 4084	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3380	2812	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bitly.cx/rgtW
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa7cf46f8,0x7fffa7cf4708,0x7fffa7cf4718
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
2⤵
PID:3380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:3940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
2⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
2⤵
PID:3912

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
2⤵
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
2⤵
PID:884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
2⤵
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
2⤵
PID:1140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,12303517861311975695,4637428342664229557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2996 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\74414e8b-e430-4051-b8df-67b1384a270b.tmp
Filesize
6KB

MD5
f7cfde99ec0c8ed9122d0099da736629

SHA1
6488c34967ecf2ce551540d407b32a6037c78f30

SHA256
5672a12a5e0875078a080236d7708901a6462a8624b29def3bde5d58c8939c95

SHA512
ea659e0f9ce1c716e1f9eb50ed4edbf68878994c8898114dd0d932f02eb29d1db697026ece327d08910e1f7f238b020ff7bb9aa5a7874ee6c3e4175fdc6623c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
b26e146dda46868b69e9c3f879aafd0f

SHA1
cb5f94828ceb33f20203d7b81fa9036e80761aea

SHA256
1684c1e21256860ec0b5a8455ff14406d17e2284db5da43b0fd7a42a50c52e8a

SHA512
b58d6bfd37f7fd4699ff677a5cbaa20cd6efaaed48e69c09620814ecc6bdb612f79d4d02d12bfec522a2232aca75ba924c8bfbfecacb38af097070c5dfe69a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
552B

MD5
847668bd72e0d62569199eb21ef98ff8

SHA1
48f097e0b7ff018ad641a416bfe270a705e0af4a

SHA256
048cd20c96146645b111ddee1efeb5ec6176f22b673dc2376dc14b75f259d767

SHA512
4a667e4c744c4220fc20d250f1f85e93cc1679976033e1122ec88273216998967b97ad39ed70b4270fe2b2568cd701ca8b05dbfe8508cc829f5c20247ff4cb92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
8a1db2c662264cd3e6b31b60d0a40f6f

SHA1
71076e5e1c635575f067dcebfd64dfda0551934a

SHA256
f62b2a190c1da111328844d2665d553b1a7b58b6246690665904c174080088bb

SHA512
28ee37c23f356eb50b10d4b8527a7398341e1effb64946ae25d16666b208546d281e70569439dc01ecebd034f4140dbae7cd6c13c50eeeb641f2214f3a00e1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
96830a55d444be5adb97f16a53bf4054

SHA1
7f89f0ced227c70e2363cf3dcfc63cd2ecc998cd

SHA256
31f318e1e7a9d6caa50cc2177e950508b5170ddf15d54d0c473a4cc73c47fea7

SHA512
d2e3aa98d3f187748ec9be14c90886b00a155030fd316bd10d2571f46f292e62ec53f6e171592f400f051e6364654c46131f35d6c6e35ededf65bbaba41ea499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2b7e367b84db850ce2af1bea36b0f2f6

SHA1
69170c1c252cfb3a2f15dae6e986044e1029e3b4

SHA256
c3d2ea93aa6ccbee5481178925ab8384787bb03e874465a71b0acb2e24261eb9

SHA512
d9a4f8d299a4ce937b9a1fccd47d561ab521c7923c587244e825e10c477399f3ee7159376a31bbaf7e4f320c1d4a1a0068d75acac1ff72119709732224f9b7b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ea0ba4a29bdbc250893f7d872826c13d

SHA1
0c7fd0cecc4ed0c4c47a8ceb92b490dc348fa2bf

SHA256
3a180795b0fdd58e6c524f3a53e399a484ea030b006bc75dfb4335e89e45ae29

SHA512
6573e4cd2f98d1cb53fe2c7cc49d883206b90bfb437c6da67cc64ef4ac2b2f474df189b0ae9dbb0c20c9fa285bdd34d806a207b8883a92d5a175e232f9e8205f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c7614178536a9bb76227a90d1d14fd26

SHA1
937795fb1caf8f10826ae271522d0106b5be5b91

SHA256
ec82f1799699bba2163945eaec7f797cec968f0b274bc0404e196a02a24d5694

SHA512
2dad720ab0cd466145a97473b9801b3557c219620c58b080b04a00ee6a20d1a446c49582e3b12979246ce21add27ca00e3841d429fb1bb6b2c9fdbbe663fb027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c88668b4f80ce0a32979f6830c6b133b

SHA1
1793d72d632ce60d1c2290f925a7c4af4d79bce4

SHA256
c95c21539a1bda167f206f2e62a9205148a187e750587c591bc7108543e4114a

SHA512
ea7c6fc7c89a6592b9e442c92afea4794842ec40c8ce94a9e052e782a8685deecdc77f45386e71073f7be962438e2dc50b9d01a1273603bb7eadcd5fa2cda8d4

Download Submit
\??\pipe\LOCAL\crashpad_2812_FSJQTJRIKRAWTMCU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit