hxxps://tinylinks[.]ru/3cfbc

Resubmissions

09-06-2024 17:33

240609-v4tk8sdf84 10

09-06-2024 17:25

240609-vzss5sde89 10

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinylinks.ru/3cfbc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2936	msedge.exe
2936	msedge.exe
2196	msedge.exe
2196	msedge.exe
3104	identity_helper.exe
3104	identity_helper.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe
3300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe
2196	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2196 wrote to memory of 2648	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2648	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 1696	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2936	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2936	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe
PID 2196 wrote to memory of 2720	2196	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinylinks.ru/3cfbc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda88e46f8,0x7ffda88e4708,0x7ffda88e4718
2⤵
PID:2648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:1696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
2⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
2⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5256 /prefetch:8
2⤵
PID:1276

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
2⤵
PID:3928

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
2⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3652 /prefetch:1
2⤵
PID:3408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
2⤵
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
2⤵
PID:2164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
2⤵
PID:760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
2⤵
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
2⤵
PID:4872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,5330678852547159426,583729022987415531,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4644 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x45c 0x338
1⤵
PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
4c102dee3d8be4253ec8bde43c15a4b6

SHA1
e3010cfe8f8dd6c5142e0bd9cdb49c721db11e63

SHA256
8b951e4c7a838295089e0d24e5f4e1e0b0e5184044d48e76efafe4dba336ea1a

SHA512
9eacfa07cc369ab263e332a557615678b8a5af4fcc5c776d35b9b4e114b78a246605a83bc574c95711e8a82467054406bc8ccaa118abfe423937547f6bc2e8ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
2e0f91bc9326dfb4dc6f3e10931a8ae9

SHA1
6f23a50a50f650fd3555f9ec7dc6f223cc688ea6

SHA256
e289a7228287413fc29a510bbaed0b92948a4456ef7c12cfc21296f01af2d83e

SHA512
8abdee9b4b3ecf87238efc3d214ce04c7b29b846e2580fbf13b3c422027452939ffcfcdecd552c3db1538cd9c1c12d066dde2b40a732ed3a0c9f549ea1758b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
b6c771162a743caa53cf1fcf23f59c1d

SHA1
6f678eb564e49b4d6f9a5e2b4e2e218f23b504dd

SHA256
763019066e769f03c533cfbab0454d6d7f453d83e4bb341de0a17aa99b01d8c4

SHA512
aeca912352e89b3d363c13b4a09728167ea235def2bb82c2a789e25e002d762cce2c9935d43b98bc9329893427cb1f734bb683fdf8645e7ab0c7f39b0728b67a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
46c6a4fb7e2e9c8a6646ec914498065a

SHA1
839a0d5d0755da0af898c16276fe6370cf6a43e1

SHA256
0099d41d1cd7a077981b39599dd3966211fa8f7134b5ec400a207a01c7fb568c

SHA512
48f654905f39f2c55c0986d2d5d4ef91a7a72ec84a76cbd395f112b62b91f4663d4d8fc990ef028bf20e0a6f3cf7f25337ad0e193a38c959ef2382eaf63ea875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
08fef1953fea3ed7fef18e6d245561b8

SHA1
820e8f8e59696f66c03e82afeedd604b29ea5a9a

SHA256
7ef7830d0f6ab5e5dee79bbefbc4de57fb170f8e1f1ddcdb42f36b99f8c64047

SHA512
9a3ab7735f020f1a0f41bdb7965e937654d351847ebca1b02efbb85290404a4edf42de456b0153faf4f748793ad2e6acdaf892ec1a8fa4deb2fdf21cd03fca7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
413d4443a376c436b94075d519ff0376

SHA1
fbe50cbfba0833195b7be40fb31bb640ab19ac15

SHA256
f461a795cad3a88c13bda23acfc39eccf75b88d7c25581f6f288e48d41b5347b

SHA512
a7986fe8978745a38059e0a19de27d7db597b0e560565eaceac74b3195b669f99bf1160a0a4546c3116842b9660157088317e393104d64f95331ffe5225d0d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
254d644edf08a5c506315b18ea395fa7

SHA1
ea0d8d1307d070619ed1ece523ff8b14c80e557e

SHA256
382220b967feb3b30d069c5f4fe95d4e3ce5dfe3092f824d8e044485e698695b

SHA512
765d7dc1ee066e0e7025de85e6830287e82c8c4e234f014deb86572c528d8da7bfb60403a781400b327e079d2d94e6731c383e8a0d3b8ba80a056d4d6709cbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
28e2a55681768f9165439b81258265fa

SHA1
3f9d5b3abdaa128c09e4dc473a89fccb250bc840

SHA256
3cb002ed30a15ff0aed8ba4cd623c294bdaaac0b28352659e23a690fb4bbe687

SHA512
f6b3eb1764680f8498f3ca07470b665bcbcef20728b0d52202f927235d52157eccec07abbf2554674a11ae54f5cf77098e9cfad34339bf64a1ad41641b9774b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
706B

MD5
c04711cabd82322bb6ec1ad38383934e

SHA1
605f3ada7896ca78ce11cf9bed4162e4664212cc

SHA256
4851a31c5e4bcd0c622cfb2fb32d78a377df90bd2a2c2703dca84c97e5beca1c

SHA512
73632e64840113aad92c0cdeaec4c8ef52e497f3c0d29a16415b9948bb8d4d75455854d935578e5e6e8a79755f420d00d201b9754ec28210fd5fd195ead47b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a50a.TMP
Filesize
539B

MD5
cd0c812733b0c9b737ecaf474fad3015

SHA1
7e1805203a8dd1aa35cf07c433c02017b0b1ec1f

SHA256
6fcb6602515e648aea2afcd1ed69f6c835115115d56d1c49c30f19b54dbf2e38

SHA512
564b7f5793da877e7b3c3ef4113111be53b658e7733c7c1f0474dbead1bafeedb32d248e93e5fb67a441a8ee9eaa1f66a16f703f0205b2d1c33bbc615e2d14b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\de112ff4-033c-4da4-8faf-24b593da9bf6.tmp
Filesize
539B

MD5
d37c0b11130389310327569f6ae9e201

SHA1
fd0801a0b5e4ae5042ea6fea59de1677f54703ca

SHA256
c7eb36a7dfe487828de65135d953abf384a956844e5ee8047e6a98f020562305

SHA512
279e74ce79795d6ebc998be62024a7c45020fc96b65dadd0ff1e538f90c5d2133fb51987e671f96e53f68d465cc80b82340fd7096d84b3e351415c69f6cd7fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
01e8e08c2199f5faa05ff54b44154ebd

SHA1
5d0e3ad96f9e8d71b63d820afd8853ae1daf0bc0

SHA256
814a56b9d182c6fc909ad5a77b4b39e18ef25e3c3988bff709972dfc5d8cc5ba

SHA512
b5328637e9ccab86047d6ea8cc0521fe7db8e7554930f18f7836f8f2bc80e271ee2762f2ceea643d0ba50ea25c5cf260f41fc7b8cc16149b8038acec91df1eec

Download Submit
\??\pipe\LOCAL\crashpad_2196_YKUUIARLDYXGQPTC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit