f620912e569a10111eddaa60269dc43c16a9ae1cb83469f89d7eddc6742b5791

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 19:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

forums320,321,626,662678674565756965921000.html
Size

48KB
MD5

1b8d70156190b99e4d91df2035faf7f2
SHA1

3d1bc327b94cec200af23900efa5ec22e48d4d92
SHA256

f620912e569a10111eddaa60269dc43c16a9ae1cb83469f89d7eddc6742b5791
SHA512

5c833ee5821df5bc2142ad7db0aa3dcd6a5b22f32b39194917720de9c8422fa2efd0c50b9344ffb8af7bea0d4a42555b99f94af7527ef2cbe3b0c232a00d9611
SSDEEP

768:Pjp0sOBApG4te20OkSLsZzT2jgY9zmaFV/x:7p0FBApGN20OkSLWzTAgY9zmaFV/x

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

37 https://consentcdn.cookiebot.com/sdk/bc-v4.min.html

flow	ioc
37	https://consentcdn.cookiebot.com/sdk/bc-v4.min.html

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1268	msedge.exe
1268	msedge.exe
888	msedge.exe
888	msedge.exe
1272	identity_helper.exe
1272	identity_helper.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

888 msedge.exe
888 msedge.exe
888 msedge.exe
888 msedge.exe
888 msedge.exe
888 msedge.exe
888 msedge.exe
888 msedge.exe
888 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe
888	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 888 wrote to memory of 4668	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4668	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 4636	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 1268	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 1268	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe
PID 888 wrote to memory of 3552	888	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\forums320,321,626,662678674565756965921000.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6a6b46f8,0x7ffb6a6b4708,0x7ffb6a6b4718
2⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
2⤵
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:1520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2088 /prefetch:1
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
2⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
2⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
2⤵
PID:216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
2⤵
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,2694076455741773111,1092745683248888481,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5864 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4224

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
60e73e291e5d4aa0a074701030c40474

SHA1
755bd763402c395caa3a99ef40ea5a4411e1a404

SHA256
fb9cd4dd6a3012a7aa647a024d2aead6ff03aa3ada33cdc8d831620bfee26441

SHA512
cd8015d34f7789743e58031cb064acd28306af06f47775aae73a04f182a41a32582f1b96553dcb66e83312743bd6c3d4a72dc9be93cf330f6394eb7cb515bd83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
922B

MD5
b53110f479072703accdd7ca48cc3011

SHA1
6afc7c2d158c87eb93a49beead71229bb8c944fc

SHA256
f86b4af581c2a99d3bf036451fe16905da2a469fdb9968f9253f5e66f56b5499

SHA512
c904a526393de1ce57c2d4c1aae75b44a1bb80bfc9697d3fe637f24cc2a84d7bb4a819aafd76e46cd99462df11d706107cc0526cdb86ac3bd181349ebd5116cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
721B

MD5
59bc043cdbdc5e1d7a43b6de9f4e57a7

SHA1
2a50da87903f6847ee0f59deae79006cd06fc9e2

SHA256
e5c909f7a2ba4e52f5753b8568783d955461cb1e9ecd55825b83fe386fe2fb3f

SHA512
78f142f17183f4819c19db0a5dcc85f27c12df9c46de50cbabbc1d5bbbffa5e34228054283a86329de3deeddbbb8108d60d2bf26008073a9b034643e9b42a1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
5993d17dccf1bcf9ac8ac0ffa19a0860

SHA1
d54db3515f57e2efb759e173bf9f42406cbc6e61

SHA256
e7da37954a5fdaeb40172e14d558274ac27545c90fae0cd689e52486c14bf747

SHA512
a00629e9374c15197bb43fea177441a1a558df26798dcc4eadfd60534c242bcd2467a59e06194f43758d3508372bb621749c02ef9883e4f31ba64bf3f954a89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0f1cd9ed89b178db2b0aac1906fc25cc

SHA1
713d3a75ee5d8e8630be1bb126b293c550edbb56

SHA256
1cd3c22a032bc3671c01c040b16dfb9c2eb93a7421b072b6380add80bb4f02dd

SHA512
42128247cf77f4d2682262e94095b519b57bbe2acd462f15bdf89063d82df66134d8f51a7419d2006fc6a6708ffd5acdb9d8a5f73768f8c9baccb04e4211d5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
714ded5a20a67461703bc9df603b655c

SHA1
57b00c786b9d8aaed306363c6873679bde9b1389

SHA256
fb00eb55563853f891d09dcb69b2c300305e8cf82a6849e42cdfa963b4486827

SHA512
432d3575fc1b35368533ebfd40b622781a8a98a862f5906eb2186d20aa19b1cdd2fafc4a67aa1c167cbd441d14f5310d8a697e39fbd8468ee32a43a607177e2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
3406944d7e9bcb0bf2544aa48406f4e7

SHA1
611c98cc7e83571e7cf9acc27925285e227d2f0a

SHA256
7bce5aabbc9071937b5d2f5f2a8f424ce1b5fb1284d6fe419a6fd9e1341d680c

SHA512
ff699e1ecb6996402e7ed78787fe6d6c2c66db2538b707e30afb4398d01937795329bb5c8ea46bab902c15b5b9f9d8d6408c1d9b34452246b784811507187840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5892a6.TMP
Filesize
370B

MD5
aab8d221600237bdce4c59180d372ff5

SHA1
797dec6735a88032859372ac74f0d09465088bcd

SHA256
5977562f34c36d29c8381c40afa0f97d8552b4a52c3c167d697d748371f02303

SHA512
0582fcfa206a3496ce28c7f4f3b91f978cc1df5973f61034ef8367b766c30ac9213d4009b16563a101c38bde1c5e4df016cfdf7f050529db4fa596a2e88190dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\aed8be67-8dda-450a-9e34-95db9c68f228.tmp
Filesize
6KB

MD5
7b1e05da78e3685eb99d14bdd7dee7c6

SHA1
0694ab5ed69a9c00db92580c402f2b8aaae5db07

SHA256
ad76141f30537dab0cbca1e3bfd7d89a6ea6687776dca4db93c632d73c66dc8a

SHA512
32c5e02861ff0b73b544a6bc3b19ee876bac9c7ceff8c69972475dc5e51ce72a5e2b84827cb2e786644152fc88c088319989c4e54cb219b00b6288e7ceb54f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9d0879bf2f226ec44f8ad250856cd968

SHA1
f3ce1f071efdba5aaa21b4beb661e25a0029d156

SHA256
8311bc7fc0ed190f35d1ce1226590d02c79207ac31fba7e30d98aa3c05305a2e

SHA512
5dfae681787406b868bef46d0a6ac71eb5ac2eedbf93689bcf04c189c90d86d64dcd8585ae678257406a547bcd2a68679f7d3366f593f47507c115b5de7c8daa

Download Submit
\??\pipe\LOCAL\crashpad_888_QVHOUVPZCGRSUFSR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit