hxxps://shrturl[.]nl/e/DCWE55-v

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16-06-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shrturl.nl/e/DCWE55-v

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1400	msedge.exe
1400	msedge.exe
1716	msedge.exe
1716	msedge.exe
4400	identity_helper.exe
4400	identity_helper.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1716 msedge.exe
1716 msedge.exe
1716 msedge.exe
1716 msedge.exe
1716 msedge.exe
1716 msedge.exe
1716 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1716 wrote to memory of 4532	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4532	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3572	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1400	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1400	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 3760	1716	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shrturl.nl/e/DCWE55-v
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb186d46f8,0x7ffb186d4708,0x7ffb186d4718
2⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2488 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:4520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
2⤵
PID:3800

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
2⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
2⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
2⤵
PID:2428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,12489095077798176937,14864009966780701882,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1924 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2756

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
257c0005d0c4d0bb282cb470925e4376

SHA1
f9b8efb511ed64292568977c9f2ec255509e8f7d

SHA256
8185c36aaacfc71e42f94fad8e198fe7fb2d868398ceabb89261cae94341cb22

SHA512
2f3e8f352ed3ef88e8c28650390f93f98c92174d268330b886f3ebd1ba0163999051298ee12a054606b4986005452a241c6864cd292e69492d79c37d500556f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4819fbc4513c82d92618f50a379ee232

SHA1
ab618827ff269655283bf771fc957c8798ab51ee

SHA256
05e479e8ec96b7505e01e5ec757ccfe35cb73cd46b27ff4746dce90d43d9237c

SHA512
bc24fb972d04b55505101300e268f91b11e5833f1a18e925b5ded7e758b5e3e08bee1aa8f3a0b65514d6df981d0cbfa8798344db7f2a3675307df8de12ae475b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
52768380885067f5796a170b315b2fc2

SHA1
f4f9bcef41934fcb53eb3b46b6482a55d3ea1cc6

SHA256
de54c6002af27a5fc3de2cb3d38c6c8ab1a4681d2b00c770129e90a929f0b15a

SHA512
81860aa1df968da264f342d20b7eec90979014a9c419e56495cde1dc64b0889e92bdc1f65824819acbf2271c11ccdf93785c69bf25002263e5b893af7d3ce25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
0cac43e46872e1b4454bf9459ad6cd38

SHA1
bbe9595930c05f2fed685a96378511752d7b41fc

SHA256
b57622e5724cfa3a392e6fa765d58e8de0fb07acb127e67bc85bb65493c13fb7

SHA512
13dcedb49fb4b01a5f247696b9d61e2e2bea3a881f080fd972b9692af404d661f63778bcdace9b8a35288ae33b4c48748d18b20370a575bdd74271237c3b7495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
1d470863dd5e6b66ebdab6628917d880

SHA1
5ac4ebd06e749534d68f4e2a994d14d6bbad7785

SHA256
559d8337eff558edcff2eafdc95c084ed472bead1ff68459ac6073fc5ea5b314

SHA512
10c3a93e4c5422f2bb71129f9718b0121295544b2cda0b1f5f3413864260c0ce79adc4331e95c90cdab4e50e2367bd7333f31df953dd918252971f1e5f65d726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
78f89329748348bc9412a8eccce2f8b7

SHA1
b4ef1beea238f6f153fd02f060eb6bab44de9596

SHA256
d1618d620213e948e88919175d38795f89030a92ce7bdd32339e770f21bb1629

SHA512
f3ec13ce701135dbfafe850ad0f54b3cc4f1e401086b4cb919fc1dc05d4bcdf782178152009eaf0db6c2756aa689dec5e76f8cd10b864178999b6c7a6b50e39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
517318b8b1c9c2ca69721a4d92c3f88d

SHA1
a5b54247d462b0c84e2b767a25d3e52bcd24dfc9

SHA256
62f25ab2e64c69c21f3865112c8b85055ea18b538614fded872544142d76d613

SHA512
f1cfb35b3c77767fcb168235cdffffc019ebde31dc40de597a590c71fc826a56509a1072e5bd3465ad274c3a46eaedf361685411ec9b230d19ade5e7d5b0a20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
95cd1581c30a5c26f698a8210bcab430

SHA1
5e8e551a47dd682ec51a7d6808fe8e0f2af39e86

SHA256
d58162c5ae5e18fc06604c285e024c01686093d70994dc93b4ae9d85b4c3f7b9

SHA512
e49403df10177053634c431203a91d26df5dfb23cbbb88847459ecdf4b6107040d0944a3e84ee6bb26cb4e8017a35c8c31b658387cd1b6938ba4cb9f59606ece

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
6c2cc5d44f4db245ba749de489a6ae5f

SHA1
44b93bb641bbfffced3d810d57a79df16d3783dd

SHA256
3b70cd903e4f26460f259ff924718b5c131e9b6909f5e640e15c79272913d17d

SHA512
4456104d9ce87f9729c864172c979b7a466a468c60dabd87b298a4f2f3127b3394eb7683aa9ac29441b8588081fd2e98bd5af20d8b33e4e17da28005a1f9c109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
5695008d1b3f9c3f01fef4f347212edf

SHA1
61a911575ae1c1284e8851c43796bbb8eaf702d4

SHA256
dce0707ecc610878a33d58f67826f647e7baf38020d89e33b69e36fc14a83c24

SHA512
6c6ba9f31cbbe6bb71ae0325725d4ce5ea316332e0ca18d61cefe67487832a91bb59ca951fc58324d0aa4428fa7f91284cc7c8e6f2c8441489cb2a22d9723cc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a1402bf39c498fb9987cbe8457da1ce9

SHA1
9f8e3cf39652f2cffb4b268a2667277ee7d58ab2

SHA256
85febbb4f35e3cc29ada36a9216c81c3905fb8c8526472847fac550c671640d9

SHA512
0de8ffb2bc134b3e6e111baf7729a903061dcf5d1fbf910107af9f381b600ecf01fabe94857daf0875e088bbda013724383798acc8769f6c97b3e7d370fae915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58555e.TMP
Filesize
1KB

MD5
96618f23cb76ec34065860dd324da89f

SHA1
41d813f7d206607b844731b96e499e874647c237

SHA256
5ff7fb87b96b422adbaa4849d0d1369040c0479200c890609b56a1f9a945f469

SHA512
b5570bdde74dce7644b1b30eb777d1e56cc615033ada58e63d7ddfefe54563d22fe0561dd0d523f6466f32d07d8ebded9c680c8759b7e28ef2dd5d447b8085c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
542fb14e08eb6283a605e308abf0c11c

SHA1
ccb6a95d9f37618d735d068469c8a89b1c5829cb

SHA256
c76e8d63d833bb828cd801452acb8d2dc0891150b9254cae2f34388fe3363805

SHA512
423fc6e3c1780a45d3fa394aba1ee777014bcd2b7d096550e73806f5c9411018eba1cdb1ec5a07330119f62db78988024adc1ba4f24340a02c2c93310119c767

Download Submit
\??\pipe\LOCAL\crashpad_1716_DSUONQYEPBBHHYFC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit