hxxp://us[.]redistributions-investvoyager[.]com

Analysis

max time kernel
584s
max time network
591s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://us.redistributions-investvoyager.com

Score

6^/10

motw phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

109 raw.githubusercontent.com
111 raw.githubusercontent.com
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

16 https://case.stretto.com/voyager/file-a-claim

flow	ioc
109	raw.githubusercontent.com
111	raw.githubusercontent.com

flow	ioc
16	https://case.stretto.com/voyager/file-a-claim

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2216	msedge.exe
2216	msedge.exe
1896	msedge.exe
1896	msedge.exe
4672	identity_helper.exe
4672	identity_helper.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe
1896 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1896 wrote to memory of 5084	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 5084	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 540	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2216	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 2216	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe
PID 1896 wrote to memory of 3192	1896	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://us.redistributions-investvoyager.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0ffb46f8,0x7ffd0ffb4708,0x7ffd0ffb4718
2⤵
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
2⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
2⤵
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
2⤵
PID:1336

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
2⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
2⤵
PID:728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
2⤵
PID:376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
2⤵
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:4196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7586185846713523540,16986367869390971353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5584 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2904

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8b2c0f8a-e558-487f-a0b7-9b5e09a40eff.tmp
Filesize
6KB

MD5
a024370a2fdd7b06c0036aff5c457a44

SHA1
712108b64267b8fca33dd12114bf27f170d30e51

SHA256
b648407a369aff4ca84b9eca2f65094529f0b32bec365c0a85b3d37cd22dd179

SHA512
b712acadde5479a0951c4f260c3450075a6cace62200e586b9fedf5fe7cc6a9898395e18b608f70084fae4c293ea2565b222b5d1bfc31be81e4cb3e37e55f09e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
4e3c90208042c898f568dda0c9860a76

SHA1
58ecad3180dd98d2878ba64dd6a783b94e0af052

SHA256
ba047a2d105db74a13b986d09a91b3dc9ae4b9009c2416ea80d69ef8eb11d481

SHA512
26669cda261af163dc24904909618b05d8ec4e624564315a95a08211ad3b323d71158094039852ed3ed1de96ae34585c8d838debfb3f252b917a5d7df89fd745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
67c1b05c4cc4880b9a20dcf721bdd0da

SHA1
f31d1ca60075b3d839c0fce9145d8a39e42f543c

SHA256
05f655141c76163d6cde47140ecfc12e21f3ce49ebd9843ab152ea7415c106b5

SHA512
a9c16caddc6de99333b5c9f0c9e3c9ba6f55a8179730dd9b2a7482194c50a0458f334ca67304cc36363572d375e24247b2bb170282b092c1bc67a622a211e89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
348B

MD5
fe6dce6f01193a685f9f3adc77067f98

SHA1
d50864a82623fc1f0728ea44820e33084e140a9b

SHA256
b3f37320865e3c635edc0dcff81b56d85302225d7bda19707550ebb698ce791e

SHA512
67bdf81115f52256c5d8ba6e0d95436c4adee545cb24a2241b0c6b3443489a3c65690e0582c1cfb8278347b1cfa219b3105e316e87db423898765b322759f351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
40dab0b4499ef0c3f54723c6702cb602

SHA1
3b4ca2663c1b3ea5310dc01a9229aebc35aaac3f

SHA256
430fbbe337a69685f1b4fd65a08d36ea626ebfece81dd3d31818abdc6fa046aa

SHA512
8cd74a97d65299b041e2762416703b7cd449fdfe05a7fd78ace586964d863d345c1904f2668ca2304337f52345382a8f1fa3f18aaef377545588b86266fd4c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
98e68fd4c406614ae80b33abd38d9da8

SHA1
6651b5e6c225441c2a31e2dd9aab5fb242931a06

SHA256
e02de6d137a1a80431e6d9dea8e44c45f8c2107e6c9e5acb463bbb2fab8c8f11

SHA512
92056e798d6807309005736d1b4b86ce0708709ce40f0a22b87987b7069aa174e7399c9f4c489d361bed4db89001b0d2a8dac5d3a38a50cdcf3fdd926429529e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
35297bfb77a4c824624209acc59744b2

SHA1
b86d6fa99319cdf9aae03e4e433c7582897d17bb

SHA256
ceb9f652ebc7addbd75e70067386a0100d5c6d97d861cdceec2c6d73b790ad05

SHA512
7723b88de1b62cc548b0df7ac47afcce67f461c61371a1355dc16b16a22f7121315bf181b0c819362468b86214fa730b2048924dd98126b014a0d0a5b23208e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9127a9c4c6df1a60e8ae973b9e93ae56

SHA1
e28531830924b02310ba400622011ca1ce9ce9ac

SHA256
c1c7da6ca78e19cf32bd8cb60676259679d24bf1b1b04e866fc229ef6330e425

SHA512
3876a12faf6d831d465b80483ba25cd8cd9945fcb1c484f6db97b9a0449194c637f34b66c9d8be973f6623bb82df11cbd2359473716e88ec3bf512b484c670a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
55b242f98c1f7c349ccae3cec97988c8

SHA1
f84857a234bafedfcee9db45f32981aeb9c2e279

SHA256
a1384e6353da6ce3ff8b5298b52b99c1be9b1ba0882ebc6dec7f5ca5a6d7d75b

SHA512
4aa0388f499679dcc6284b4bc5dbffa4c0ff565209375356196cbc650d1a2ab94037980201f25b07e81555f5b8efa326b9a256c826d329965d8dff6326a18218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
880b25dca0924c8361e6a77efc5ea8cd

SHA1
b3eb3a1358b156c8169a7e78f733e6a4750445a6

SHA256
81e219bb61edfa20bbfc38ed1af162eb199ec93c3c74af47b4039634e2931bc9

SHA512
f1ea71acff6efb879ce159521cce9afee67c30de2098688a5689e0aae820d2c53715c83a83cde88fbeda116b65bf57119ccce1274125aa1aa41cc0a163978fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
375a9dee25349e6db3c4a9f2d6e0dc32

SHA1
900f1e4af5efc70afc32a0c5d533e3fdf7b83a12

SHA256
ce6fc4101df86bb3a13c708a498eb0ada59bc87ac41fd9900c55d0fd8975d7a7

SHA512
842837a1aa7459704da625be6782460ef74d304c12d8822a4b0222d7cd2cb45e90ffc7fdde5c2597e2ad6b14aec74766492d826e064f8b2cb6b74b01475d135c

Download Submit
\??\pipe\LOCAL\crashpad_1896_QHUGWRZHVICKCKFB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit