hxxps://cutt[.]ly/www-roblox-com-games-17017769292-Anime-Defenders-RAIDS-privateServerLinkCode-745395155984188812252697112654

Analysis

max time kernel
273s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05-06-2024 16:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cutt.ly/www-roblox-com-games-17017769292-Anime-Defenders-RAIDS-privateServerLinkCode-745395155984188812252697112654

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3756	msedge.exe
3756	msedge.exe
2912	msedge.exe
2912	msedge.exe
4888	identity_helper.exe
4888	identity_helper.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2912 wrote to memory of 2972	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 2972	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 1528	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3756	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3756	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe
PID 2912 wrote to memory of 3628	2912	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cutt.ly/www-roblox-com-games-17017769292-Anime-Defenders-RAIDS-privateServerLinkCode-745395155984188812252697112654
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc074f46f8,0x7ffc074f4708,0x7ffc074f4718
2⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
2⤵
PID:1528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
2⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
2⤵
PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
2⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
2⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7092 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
2⤵
PID:1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
2⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
2⤵
PID:2968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
2⤵
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7036571868667409243,4116617330651665486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5816 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
dfd838d8550ed2c4036f388d27fea295

SHA1
1bf05d6b0b6d91236edd586b845c939bf62028d3

SHA256
f10321d350657dc653f3fc49193948c34e7c9331ee41d9de48fe1eef6cdd87ce

SHA512
08ee8be546ed7058c35b84e5f9c0de0c8bfc54920ef98af650c5892ae24875bdd3353e8a1a63966ba03e3b96289f62232b603c0c1f2f2c7d8d70719d20d84992

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
ae7e43fbb259d0e466e9b9d9dda29ad3

SHA1
86a333dc47059723f4085e3a5b2ab5e6bdbcc024

SHA256
c003522167ca8de1937c73c067d760dd66bfe54079761eea7674bfd5a31759ff

SHA512
7a81b705daae963e5bb6f0943c2fd3f4bed7ad6bbf45466726766c9985aaa9567fc820e2445f162ae0a93e1260134ac194387fdb96cc93a6a4d27e78ee33fd67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
ffa87ce68029e6b93107782fed9e9672

SHA1
bc73f70c2d02b20b77ab94839b2d0162bcf56d26

SHA256
f9cb1f7e843c05fd605ef608288c8798be5a35704c91bfbb5570417a7f55e647

SHA512
4d0e75500f21572b8c3b6c2fd4db0815aac00210d67f1964d6e19794d7ece27aa6d277c1bec6ce87bf4be8200cdafc7743ad77f7623486ae8da99a688727f245

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
a4cab0e3969ef62b1c3f53b36a6ce932

SHA1
6ccb9ac7d008c30beeb5fbefff57576b33e45404

SHA256
392bb7296593b93b952661436d769410273b9934a1a156019e6ef5c177fe42ff

SHA512
3d28453546b1e8a63b292d15a1ab4fe8bf6b522004a13c2726c5e380bca6962cb4507a29e9a1d153a319971fe2ac6938f8192c2320da8f27a19a2b217d2a6937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
ee09675889325a27c3a48036fba40644

SHA1
021c1c5442f956ed83472626b7b2e8864000dd22

SHA256
faeb332dc3b6527100fdd79f0b6f8e48a41e6eb5b405458aaef95d2003e3e410

SHA512
28e94aac1ac8acca1827dff37e221939db39e613bce1f6ca65d29bf3363816099d4995908da24d3a854e83941741c04c7c7d0ba6c220681f6e90fd86795381cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
42534749436a19146144868b5ed46ef9

SHA1
bc5b6431e147a573b6b831c1f9307eed094bd2ee

SHA256
b01ac4d113a625298feefff1f1075597d1ef13da2cd9ea19cf2a5db72d3d608e

SHA512
7c3af85da2408f857bb5897c7938fd195921a4ce2aa25aaf669b02d8931522420454744703018b4bbfd3f198950201e2f009b4f5356cf5179b51dda040cb8708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
70107cdf0f5e216420b2885902abd7dc

SHA1
a4458e0f11dbe03f584cd071cd7870e9d983d0ff

SHA256
459d6e7c78940380c1ec04a5d87a020592a523736da80cd1e3ccc62caace8a6a

SHA512
70878ec05d474dd7520a4d9e66bf23e572048fedf32a2ff6c127a197f9a31903775bb59f604254b26a559fcce54b6be8652aeb20269de5bfe7e981188d42da3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
0dcef16c15482e0721fcdf0cf53e0e5d

SHA1
ba66be512fd9549e58f5cfe630e3383a4162e817

SHA256
6581f0fea49bd68b0da9fd29c9ab00ae0c5fdc6856d6f20f836243c18e507acc

SHA512
30cd30a55c67a0d57cfa3008e246589df68eb38110b55c78155a3d3a45faa94698aea3abaad21b2b583600fd19638912b3c931c1b87fb9136d7b37f2c17df773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5ffd2900ca5350ad21709423e36eaf8f

SHA1
cfdd8d7e0eeee35e52b73b6926025753f96d7f82

SHA256
178f1ef95a66baf0effc6a7eeb85cfb887fff32b98cfc21f0061cd55e13ea55a

SHA512
2bf6a99f6b8df47757f775f16f2d85f07b89334c8e4ec776ab0d470235a3f7e701105500d245ce7f32170fe62ddc0c500995c1316714c56836798f6f0b35758c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
6b6b5969f9236e0fa3b91186049bda85

SHA1
376b7ad4325fdff55ece620e6316d42f8eaeca37

SHA256
28255b1b4832034e869098a9ba110c0a5d5a1d06c7ff2d195b13d2cf8796734c

SHA512
f5e7218c98375cca0e54754f27e5ccfc57bb51eb47a44e5555a160739367838840587a4c3d05fab90723604c64940cd8243828386fc8d10751305997017d3957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9f3ff2da5c946b1effc335cd0a58799f

SHA1
9dce8b0a67d5c815c2676480c28d260717a1663a

SHA256
e0bead7b7ac0287e0c2ef2b371c1cf2016b8e833f627f851827caeb25ccd078b

SHA512
e85eb767a84023d76e44ae731bf08f5e72f18c0290b5fc9b6a1ba3c66eea56734236428eeaaff2ff7a9bb09a4006d3cb7194cad2e0a3350fbbe9c34aaa027813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
93878c0e8680e266dc7c5b91e3b1fb45

SHA1
e213c1607e50d7b4a41435c150fa58306e28ea8f

SHA256
8d137ad2db58fee934153ad09c7aba998bf08affc7a2b0364c2c67eed21a85b5

SHA512
3c9ab902f8f58ae2bb21636e584d240d49b59d575355af8b18cc5f86464e4b581931d08d40a3d6979aa2ca9708be0bb9d8d714205bc174af112f82267e9d4f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5796c2.TMP
Filesize
1KB

MD5
c8cb7e944a19e0674067941026c1ee48

SHA1
84ff7acc1e691c0641f8272f105cfd1442b79be2

SHA256
7a0e599a1e1233b8e4c37c847acbf56eebec88c14c82a796c4f53d1045e8400b

SHA512
6f1cf753e81f6655353946e445e3cfcad89ab4c43c59d052554890200b80527e9eb33cc3c2413b1b4615f43d01343e3d8ab64dafb8a53703f2d0df8beacfe804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c876493d-082f-4379-b903-618edc3ad29c.tmp
Filesize
6KB

MD5
1031a9d4281fac814801b323e345dbdf

SHA1
2d46c06511334b3d45bb9310d4551b046f8bec11

SHA256
4ec33602ee5f3900284b088a763cc95dce99ebfe063449c389fbf1c4c978d315

SHA512
f02912bcf0c254e47c14ed22b5d8e8e6e67e558460cb508091b0a654c30723323728cf69ac5140dcfe7779587f22a913f2f7d66284e2b3ea9fdd26c70a30057d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
5cabb356b3ec89da5eb24f5cf2102872

SHA1
d8fb92cd8aaaca0764ae679bb5ee3461f888d016

SHA256
71ea01d81931e32c9aee96ee1d145d342843170c69f4ebb7d66c82d7b72a53ec

SHA512
0ab03b8ad2df669fffc163c289243bf16c4c279a0340f0f44408a74c606d8856fe01e7f1bbcee53028bf83c28c3f716fb36de61fe56de256b63383b147238fe4

Download Submit
\??\pipe\LOCAL\crashpad_2912_CZJVQVUORQTQQUVZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit