hxxps://url12[.]mailanyone[.]net/scanner?m=1s9PCz-0000cD-4j&d=4%7Cmail%2F90%2F1716296400%2F1s9PCz-0000cD-4j%7Cin12g%7C57e1b682%7C11949542%7C14589158%7C664C9C811D87B03FE2E6472997A0C22E&o=%2Fphtl%3A%2Fatsnhtaageeteoilogt[.]rgsigc%2Faz[.]&s=1YKQiaLIfHH0tTbjCAvEAnTGAIU

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url12.mailanyone.net/scanner?m=1s9PCz-0000cD-4j&d=4%7Cmail%2F90%2F1716296400%2F1s9PCz-0000cD-4j%7Cin12g%7C57e1b682%7C11949542%7C14589158%7C664C9C811D87B03FE2E6472997A0C22E&o=%2Fphtl%3A%2Fatsnhtaageeteoilogt.rgsigc%2Faz.&s=1YKQiaLIfHH0tTbjCAvEAnTGAIU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1000	msedge.exe
1000	msedge.exe
4236	msedge.exe
4236	msedge.exe
4480	identity_helper.exe
4480	identity_helper.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4236 wrote to memory of 4436	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4436	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4248	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1000	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 1000	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe
PID 4236 wrote to memory of 4868	4236	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url12.mailanyone.net/scanner?m=1s9PCz-0000cD-4j&d=4%7Cmail%2F90%2F1716296400%2F1s9PCz-0000cD-4j%7Cin12g%7C57e1b682%7C11949542%7C14589158%7C664C9C811D87B03FE2E6472997A0C22E&o=%2Fphtl%3A%2Fatsnhtaageeteoilogt.rgsigc%2Faz.&s=1YKQiaLIfHH0tTbjCAvEAnTGAIU
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7d46f8,0x7ffd6b7d4708,0x7ffd6b7d4718
2⤵
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
2⤵
PID:4248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
2⤵
PID:4868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
2⤵
PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
2⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
2⤵
PID:2964

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
2⤵
PID:4712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:1712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
2⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
2⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
2⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5648 /prefetch:8
2⤵
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17641961653616409306,6735072358096409648,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5264 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\924acf14-fd00-4528-bbfd-60a162f767dd.tmp

Filesize
5KB

MD5
abaef4e23192f3ada6143eeb6022a672

SHA1
d4b095459489b34a172201762e715aa361a84bb9

SHA256
49bd276fcbc9a0b9b632e4d6fc904064c41e56e4d028b3af91395ba5f14ca18b

SHA512
b5a25e82ba7da45e2fecac4ded4ffd4a1fcc754b226996135552c45e34a886217aaf10417fb5c180aa964e4fdaa0a03d19273325541397f1a1e9b04b1b3b84f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
cd1e680ab6dbfeb5a365de32ba21a6db

SHA1
565dd1117d61a3650e5aa2fe2d5568def6bbdb99

SHA256
7f59cc730c1a95ee363db90d563a4399a4285b7e87d2fe602aef32805e41ecbb

SHA512
7b154b890a012a9116bba827e8ba6ccc693a5ada3463e027a725dcc49a0ec8773aa08d21061ceb14efeafcdc8c85bd687d1f5409ee5907aa1e1cb05109b6ede8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
caed3b416d296a40c036556b4de25f37

SHA1
0abc347daa624f6dc030e5408240209421b6eab2

SHA256
50f074c5e8360970d2a20cca141c9fed5dd3841ff0a80a6ff8b16d52359f4f79

SHA512
c99c24187e666cc48624e4b682fd54ad569d063ca75e6560e2e35981eed98966d3df50bffb3af83c771c6f0c5ac28f3ab98b97ba1726603cd4ff923ef8c78b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
949a00412fae036ae6f129395123cdc2

SHA1
569f45ee6af1233f445ae47bc8f35dec8618fc40

SHA256
8bc607eecb6e0a5b603890d5a92b40e36aa3da4ec531daf438457fcbefdd59e1

SHA512
ae20724b91f08ab80aa97f7de346021c67b8ba93e08b8f0a1688fe9b8f51b954a4cfd62678069ef8360b12a6ddc99151bcd0e0c5f50e088ab2800a2bbc95033c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dcd21ff3153bc10ffc2c82e495a64645

SHA1
54e6237f077843efee9b94bbe20010bff0396848

SHA256
ec7d7365aa0452063096678973e33b22acc339d96be25a8debe56a4bbd4f9aef

SHA512
5f7e0d73cd87feb87ce95fa93c6d6ff2fa1d943ca84cff7181c206208a9e316f23a7a522a10711cf92c9320c52db8000e87822a44d58a2a3fd67908ff3c9a876

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f1e1a5ed136e2a79184903a43025344c

SHA1
3e800b2d515936257e643d6d865dacc6e64f8155

SHA256
dfce87657a119223cd05ddcac6077b107fb01e57526552738cdd96a93ff5b45c

SHA512
6fda26efd5261919ae45f9fc0e9addf578eb0f476441f599f1d29b2e004724a0119c402aa64e7d898b8185f62632246faea67076d34aeeede73b3f0b86c8768b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed299b5056359a66aa9b6faac122208a

SHA1
da0f7af9d1953e36e566e02a10676440d9499cfb

SHA256
d373a6de04ca40850b67514b48a94fde3226d6ac48d5c99f9981d6e88cacfa51

SHA512
4843199659e8dcd77b00fd3aecb0a892306d9ecf8873fb8e8ce07cbb8811a8c93219bd3c60c934a4ecb33bd71b83411010e034f10cb7962cd1d30b7fae1bd6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
d7f5e3c61770cbec83b41f776523d228

SHA1
2a12c04009334234ff5f3ff88621f9fce85e0e9d

SHA256
db9f8ff7879a718491e63e0b39881d48592793750331109c45dda5208c481d88

SHA512
cb5090e4116390a2b00292fe456aa50ef6572d050db5a4ea55df63d5de05eb8dcaedc760dd6719677dfbcc7276d0a930d4a39a84b5a17c8247d7b1adee7570e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
edd688cf3d8dce9ed8f1d40a7fc52a58

SHA1
753ab18deb6fa3d5a36f149bb118caabf1b87e29

SHA256
5f7d515ded859f3404c2d1dd05c8906866718bdf3e64418322890bc29956e142

SHA512
3def39b552ccd85095aea8c479e9d2abdb63062ea8d5da1d7f52aaa58aa6e1f3267d426d8819128db6385189f23898db465a2c30633e3995a9df4a54cdab95ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591ddf.TMP

Filesize
533B

MD5
f0771f876f58f32197730b8732b52689

SHA1
8b47a071233dfc0cbe1a2903279384b05d811b5b

SHA256
d67285ede73fc90e8f527705c530165cb22608cf81dcb62fa9edeb8ca92978f8

SHA512
4ccd57c3db266d2915cb080fb0bf23e6e6750bafe05f3d4bae57830aa9951fae33463301036a6be2512857608461e24848dd4d24174fc51858d3d788598a3a67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f2accf36b8b6611b43119527279847d8

SHA1
46f9b3f488af43e23e4d62ac62a36eae26defbfa

SHA256
eeb328b3e35fb2ea973b09e425399ec1dd9c80d4619145d74f91f89054aafdd4

SHA512
02155442953ed1a9372c38332b07b52d90f03ee5c557e65f673a2ab2ca50271b7ec3f07d0f67579c004a37c363ee1301956d1c476c37bf33cbdb2a6320464193

Download Submit
\??\pipe\LOCAL\crashpad_4236_YUSRZQMBJSHBWYKU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit