hxxp://p5[.]music[.]126[.]net/UFvPnLIfdYE_RFE_WO_JbA==/109951169560994308?/qz3t

Analysis

max time kernel
149s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://p5.music.126.net/UFvPnLIfdYE_RFE_WO_JbA==/109951169560994308?/qz3t

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

52 https://3.swiper.com.cn/demo/02-responsive.html

flow	ioc
52	https://3.swiper.com.cn/demo/02-responsive.html

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3312	msedge.exe
3312	msedge.exe
5032	msedge.exe
5032	msedge.exe
2716	identity_helper.exe
2716	identity_helper.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5032 wrote to memory of 5080	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 5080	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 2680	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3312	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3312	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe
PID 5032 wrote to memory of 3336	5032	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://p5.music.126.net/UFvPnLIfdYE_RFE_WO_JbA==/109951169560994308?/qz3t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff091646f8,0x7fff09164708,0x7fff09164718
2⤵
PID:5080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
2⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
2⤵
PID:2068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:1612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
2⤵
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
2⤵
PID:5100

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5412 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:1708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
2⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2924 /prefetch:1
2⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:1684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11796844468541345363,1370634602318991016,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6224 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
863KB

MD5
8f1ba77d776583ebe52415eed0abf678

SHA1
1e63b5a473c784f999a9957c96b472d9847d6205

SHA256
c8f040e02884df23e7c70598097098fa3374846c58777366fa4658733f721036

SHA512
1ecead80c23ad4db4c8f9b7ad5c74c4e771b0c56145a061e732960fbd3abbf1bf5b9611fe7311466b596761563ff96ad44be4797388cd6af39b9e6d9c2cb92a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
e9fff40c15223c57f644e8a05161ba59

SHA1
30e7766dd3f2e1a939e31409235b34025e66d92b

SHA256
aa451ef9c9d9c611226917ca9df14ac53ba28aea70f305a91e716681881841c2

SHA512
6862344335af73bd91e686068eac9342dc864b8215af55c621e190a11d553d40e3a47626c4bfc42895bbaa294ca026a2ee807fc1258035317b7d632abc0bef8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
1e76dbbadf3b65a28a2ab9e2d00fa4c0

SHA1
49a76366e203eb1bb4e3d3d46d2989c7afd0b784

SHA256
77043622545b16fb95ffe1015deaf27f3949cec20637994016c681d0a91b35f1

SHA512
163477c0e587ea207acc3f3cb630a5d6f496a868c8ff9ee8fc04cc39d08cb013d316075a4bb33358c546f3b204ba32c183b84996b65b4def2d192aef6a4d4b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
416B

MD5
c6dd7c1deecb0a386acc8b80036a7d7d

SHA1
e2885d4f649f6e7b2603468b620925f90f89bdd1

SHA256
c3a045fa66380ad09b009094a75e32afa912821d22129db847c0b9ea57f796fe

SHA512
2f7f030858b8892c8e5599d116ea4f7f3f15afa63772384dc966b87b8be9600f2357be29e5d4ea95f238bdb95a1b4458fba92e97d99955d1b109e2a760af6553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cb3fbc6bbba928142dca6f9fb426fe0d

SHA1
b0778a8c7c52fe1d0e6628f9549f30d6c222ffbe

SHA256
29fc90610b653f607d896a2571b5955823e037033b0e15ac50bb600f489109c0

SHA512
9dc518e8e2d50fdb35f64b33eacfbf2babab892c4a26ced4353788a2a236152f094cb38e1c597cee5cf21fef1dae22b5e1b5d8f7366829c6395bd082e8525436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
72723b73c1f673fab9679eb7e6097240

SHA1
f369be6b1bffd91fcc035d250a7d127995db89b8

SHA256
024c9d43752ecd8424cfee9997e6dcdccd661433304bbe6e8bf94fcf2c5a3f84

SHA512
3eb2a8bef3ded082667a0eade8ced73e242bc95e3883ad3fbc097eabf88ded798c1bd7c717df54f262af2741eb08f69db77be83b65138dde3623888dd7b7eda9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
ebef79673795e75c2d4ad90635a6eaf5

SHA1
ad3c00e760f68218f6008b1db12206bc7f6cb56a

SHA256
7d88eee1142d7c8445423ba11725faa3b76e9ccd1b31201664de22116d0601b5

SHA512
86da8329552ba224aa8f46ea381fe4951c63e753fb84a83f8b027cfce2dd0e20911da61cda6c9bbda69048dd51c857b6844a571ab055c2995e581f7de5fe7a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
38KB

MD5
2dbd26410e6abb88bce313f5bf61f29d

SHA1
fb1e901b92aa6f07925c73b2fe41e4bf1166d012

SHA256
0f0d7f5a89c521c24d2ff565fccea46efba929ec7b755509d007750a96b9a47e

SHA512
bd9f0de445714433c243c37558a7b8641a9dc34e6a5eaf47773501573f877bd1d6d4216e3bdeeb0f646934774bc4df781b20102d24c13db1a694751a0afac668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cbe6afeb47d531465e5ebb29563cfc1e

SHA1
54b459ffe870fc1ba4347777922088855a4cbec3

SHA256
f5121e6b00901402478819601f2cbbebac5d35b0588861427787b7a17fde469b

SHA512
230392337464fc4d7c58f6d4b73b48412cbfa5e53fdb916b88fe4bf91db785b2545c4b5e9ea749977ddf757a98fbbb81dd6b59f8a6d15e4fcb48623f20025678

Download Submit
\??\pipe\LOCAL\crashpad_5032_NDSULQIJKYVJPNRI
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit