hxxps://d2hmxl04[.]na1[.]hs-sales-engage[.]com/Ctc/W4+23284/d2HmxL04/Jl22-6qcW7lCdLW6lZ3nMN3hnR8T-5MmbW2XQZ774g8RpWW6j_JlL8xKgwmW8H9F118PTrkyW7m9_Dz3b5F3qW4dHJP99hZ1mQW1SQBkJ4N3S81W2q6qVG4HGSDSW2cWRB188pkNbW4pn_y888_JGgW5ly24g8mpBd6N9jJZgm531l8VqCQYK3JyjMgW6j3YwJ6jK-k3W3N7sCZ4QyfrMW6gB2Ph7TD99hW5Qrk0T47wHd4W76dfK06YrhLCW2m-WJF159Vt4W1tF5dF2-QQRNVVBWCh5Z6ndqW1Wrrq414WY3tW8TqJ9G1vdC2WW5nKQW69jyVxcf183ZJz04

Analysis

max time kernel
103s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://d2hmxl04.na1.hs-sales-engage.com/Ctc/W4+23284/d2HmxL04/Jl22-6qcW7lCdLW6lZ3nMN3hnR8T-5MmbW2XQZ774g8RpWW6j_JlL8xKgwmW8H9F118PTrkyW7m9_Dz3b5F3qW4dHJP99hZ1mQW1SQBkJ4N3S81W2q6qVG4HGSDSW2cWRB188pkNbW4pn_y888_JGgW5ly24g8mpBd6N9jJZgm531l8VqCQYK3JyjMgW6j3YwJ6jK-k3W3N7sCZ4QyfrMW6gB2Ph7TD99hW5Qrk0T47wHd4W76dfK06YrhLCW2m-WJF159Vt4W1tF5dF2-QQRNVVBWCh5Z6ndqW1Wrrq414WY3tW8TqJ9G1vdC2WW5nKQW69jyVxcf183ZJz04

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

2732 msedge.exe
2732 msedge.exe
816 msedge.exe
816 msedge.exe
3124 identity_helper.exe
3124 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

816 msedge.exe
816 msedge.exe
816 msedge.exe
816 msedge.exe
816 msedge.exe
816 msedge.exe
816 msedge.exe

pid	process
2732	msedge.exe
2732	msedge.exe
816	msedge.exe
816	msedge.exe
3124	identity_helper.exe
3124	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe
816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 816 wrote to memory of 2260	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 2260	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 620	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 2732	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 2732	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe
PID 816 wrote to memory of 5008	816	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d2hmxl04.na1.hs-sales-engage.com/Ctc/W4+23284/d2HmxL04/Jl22-6qcW7lCdLW6lZ3nMN3hnR8T-5MmbW2XQZ774g8RpWW6j_JlL8xKgwmW8H9F118PTrkyW7m9_Dz3b5F3qW4dHJP99hZ1mQW1SQBkJ4N3S81W2q6qVG4HGSDSW2cWRB188pkNbW4pn_y888_JGgW5ly24g8mpBd6N9jJZgm531l8VqCQYK3JyjMgW6j3YwJ6jK-k3W3N7sCZ4QyfrMW6gB2Ph7TD99hW5Qrk0T47wHd4W76dfK06YrhLCW2m-WJF159Vt4W1tF5dF2-QQRNVVBWCh5Z6ndqW1Wrrq414WY3tW8TqJ9G1vdC2WW5nKQW69jyVxcf183ZJz04
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3fa246f8,0x7ffd3fa24708,0x7ffd3fa24718
2⤵
PID:2260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
2⤵
PID:620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
2⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:3040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:3868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
2⤵
PID:3440

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:1420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
2⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
2⤵
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,7585446892285427981,14724561787612130580,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
2⤵
PID:852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
897ba60bf4d9305c1de93f2f828c6843

SHA1
7ec16a678062b9487683049dd1bca01a857a7de0

SHA256
38b8b5c84740ae6eae02f3c807a1963b64bee6a3ca85aadeccc9a58337ee5929

SHA512
c82f407e8b5e4b911e2ac755678299deebaf57f810480ccf32a478a76edff177457fd4a7207f08db6ef969fa20f19b5ad576f73ca7880af5b6ad82c2441d86a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
e51e9f23ab7c1f62f8547fd7767654d7

SHA1
068c63ae9c05efea896c0d43434d5a67ce5935e4

SHA256
1e7072eec7ec39f1679b6ed4d82a11184a8ee1aa8c9b39acf542d212bbfa4b59

SHA512
17b2dd791005198feaac35601909bc266a012ef34691633400617d5e828a59ab5246fa829fc346e72fbb632fcaef16c78ed3223c657ee52c2972a10304c3db4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
910B

MD5
27e9d0284dc2f18f53b93825ab5e0e8b

SHA1
f3acded5253e700d5ca4fb4daa52caafb7377841

SHA256
379ccbfdfd178bd03709825364827f75ac171d7574b01195ad80afab5db33a03

SHA512
51cae130a24a0ce6cdb90e3581f314ae220eac3be6e5ded8a834df6b8a4e265bdbfe390a9e0cb49dc891b06d5728acf6f6b03d80ab81e1c3743fdd747874ff4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a0f96d469e110b7a79046f74a1809c26

SHA1
868acadf4c101f8eabfd17224ae4b2afcc9f8581

SHA256
ffc6bd099a45dd6f4e9cf76cbcba1ebf613692fa107c4935ff440ee55dd113e1

SHA512
232a31dfc24c6d8152fdd6ce7b39bbacb0176788697857901312d0d2b0acd0c793950c70a6fc78dd9c1625a28b5057ad7c3845a04db46df7414f6e777a4b3764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0f1e43b160d4c57e108fedc0159a07cb

SHA1
fde1444c9b08f4385df5acbe414446b67f93aa3f

SHA256
a485f76ea233dd565e4624bae54292c40379e721a13ea5b43a53bf35b05999f3

SHA512
3652ad199492d893196aacaf03e31f694bfca93c8f518d74325bd645ae71c16654abc860b5731d033fd96deb362e7bbe621545dd552a7a5326a80173c143b89a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
79022f56b53b9897c57372b85c8b6e6f

SHA1
d4d801c413e3bfb29b44549d3bb6e90fc8e77ee3

SHA256
8783260b3195b864203643ce93cf5c8c39dff4c31de6b3463b9573a35aa464dc

SHA512
54c0b629578eef5df9a129e7c30b0681b6732d9f405626b8e080142d7cf7bb9cf89eef4c6b7d5c80ed94b3b228f01574d9f1d64903acd287505e6163075cc513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
966b255fb12d7c0826b724674613eb4c

SHA1
fdd6789eefa38b9873a1d51ced93bd6b28b9e787

SHA256
f93ac3ec20422777d41f049077842617bbb790a662fa0cf41ecc603e3b7bf821

SHA512
f19b9c01ee70c3c0d7a82b87235168fc2d4688f394c9ba73ff4412acdfdd7e296fd3e5caaa6eb848a11b79ab450eda077ba98e07b5480ebd9e361ae7440b897f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd030a4d7e0a783a148a70ebd1b8a44d

SHA1
8d4d30ff5f28a7bf487a1d4f3b9aaa545d61933c

SHA256
cb6bb0b536914199f29c882b64e58ffc7df6d82820d4838aab399c0b72e528d8

SHA512
e50bc15932977cac0706b49fefaf601d27f584c0b3f694b2c408cc42ce89fbf5e3915f8dbd5e65d466bcfec59a29df997e3f03119851a60114ef402221780194

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
4d857d2556ff03356f4ab821751d5ca3

SHA1
73bd4e75ae709770581f09d7fbbe3e18b3874dc6

SHA256
2ebfdc1473a4f1d97734553d7775d223077d441dfae27163ca48f5236c0e7871

SHA512
2e19dc0da1a3dc0d6da197bf3766d2c99fbcc50b95f1ea716f4d07579496cf1d4272786b8a973dd2a10fc85c4cedb802d545c65e581da73c824555f1e3087743

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581d76.TMP

Filesize
872B

MD5
a4ab9ba23ac39ed05a2e9bd97f3b2474

SHA1
ea7f3860315063691fc5a1a820d372dc3b10f3d0

SHA256
b41df95e9e9e281657b99e5fe482e825cafd5e676cfa5872fd7a54aa2a8e0058

SHA512
678dfb920a04a871fe42270c0488b13b9d3c01ae2b09fd5ac44646bd80271073672902fee9fc30a46cdce89b32ea7cce94bb12ba4b2379f00bf2160ed2eb7a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c0b0dfb3-84a8-490e-8f88-d5dc909e9ff5.tmp

Filesize
1KB

MD5
3539723f3d486bfca6e8b0130360299e

SHA1
44f1e4e987662b74a1f6287620d362046295a08a

SHA256
2d756b705c58fae947adcaf15d2a6a36c5be27a0e8fdf0ad87db9a111bbdd923

SHA512
7503cc05f33206a39f7571743d16cb3b12d1a9b1509b10b55e32d2eb9323a2fbc83f950bf52db53168df33d8952878d9a3994c7037fad4f11c6999aefcd29a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a2f86830eebd7113d7df59b4dc2e8949

SHA1
e12521dfb5f6b02a0907066473ba246fae359abc

SHA256
38f04425d2dc6562e270d955d5b350457f7727e2b8dd9f0bea696a172220f4bc

SHA512
d3d5e31d6be002a8bb2d370fe9d3c7d43159b6c521aeed3b07a2cc3840b15df537d4c14bbcc9cd5b3ab9a35198eb7d9482e363d6e6f2a59c97dea1d86d15dbf4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_816_KFFFXJUKWTRSVUFP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit