hxxps://shrturl[.]net/64-RO5gx

Analysis

max time kernel
127s
max time network
134s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
01-07-2024 08:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shrturl.net/64-RO5gx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4368	msedge.exe
4368	msedge.exe
4852	msedge.exe
4852	msedge.exe
2088	msedge.exe
2088	msedge.exe
924	identity_helper.exe
924	identity_helper.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

4852 msedge.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe
4852 msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4852 wrote to memory of 2684	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 2684	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 240	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 4368	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 4368	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe
PID 4852 wrote to memory of 3532	4852	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shrturl.net/64-RO5gx
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbbb2c3cb8,0x7ffbbb2c3cc8,0x7ffbbb2c3cd8
2⤵
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
2⤵
PID:240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2400 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
2⤵
PID:3532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:2976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
2⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
2⤵
PID:768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
2⤵
PID:2516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
2⤵
PID:4716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
2⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2088

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,1804409726623086396,16898680765144606079,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4864 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2624

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
025a18efa56f906588aa594b06c01df2

SHA1
82bfa6874570c598b4b68ad00806f5e33e225fef

SHA256
6827e328d6a995458696741c82638d807e9b4741f83c5cf9257f2866b0e3249b

SHA512
95c749e7878a7cbb1bd5ec60c17692d512abfb08bccffa1b7337e52539090e7930c03f5a11222cab333438eedd7c2c4df46ab186bb014f0c020939f159dd6c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e4bf11ed97b6b312e938ca216cf30e

SHA1
ff6b0b475e552dc08a2c81c9eb9230821d3c8290

SHA256
296db8c9361efb62e23be1935fd172cfe9fbcd89a424f34f347ec3cc5ca5afad

SHA512
ce1a05df2619af419ed3058dcbd7254c7159d333356d9f1d5e2591c19e17ab0ac9b6d3e625e36246ad187256bee75b7011370220ef127c4f1171879014d0dd76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
23da8c216a7633c78c347cc80603cd99

SHA1
a378873c9d3484e0c57c1cb6c6895f34fee0ea61

SHA256
03dbdb03799f9e37c38f6d9d498ad09f7f0f9901430ff69d95aa26cae87504d3

SHA512
d34ae684e8462e3f2aba2260f2649dee01b4e2138b50283513c8c19c47faf039701854e1a9cbf21d7a20c28a6306f953b58ffb9144ead067f5f73650a759ff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\637406e9-7067-4fce-8f91-865ee8fd432c.tmp
Filesize
1KB

MD5
a742f4e4dd95050b435fed8aaf24410c

SHA1
4aa5f2d88b2d0a4cf1225a22ad2b1bbd41bef507

SHA256
a0a8dfe279d86a5bdff251dd480f9c30426e053a404d2b0f48167a1fa5d33513

SHA512
39282c642c3e3fd320874728b96bc2f1dcde507dab240f286027eb1a065391dde7b14a5ed089e5912997ccb68942b5855bd150ed64058279aefc38d2e7b49f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
0c18df0caedc9a8e46b009d6eb2a4055

SHA1
a64be172c00a1873fc665cd232ff89677ba5cf53

SHA256
e948a10ba25e3789e2b8434054ac214631ea252268c49ef83a34f5c5e4d83078

SHA512
e6328827feafb8b3c562f469c08589fd86616435b7771de43f4763e37d5467c1a488014ab9954ac5e59b6e64d3c3406a46098be1f17819361af86cd3d88a7593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
26cb4bf7c681feaaeefe467cdb8023a2

SHA1
ff8786b039a6f4d0deb9e2bda111362e83c3ba99

SHA256
8e8f48ac1d3ba94ee64c3b07be623522efb89fb268aed83ccf6ab4f553f95660

SHA512
84d09cf7838c7f66f059d7013821f71e51598f3dadfe01a2018f6a4cfae384c9548d3f2817a58500f7fa89d3fa54c60bcf5f60131d7259edf35a275cee58cb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
fdbcefeb3eb3818d3f86519b90389920

SHA1
1ce4a5ec135b22d285d8689a20d3eb99fe527a2d

SHA256
46976cddb307fbdcaf6fad8d148f3033309a4242af03a448bc4aa66f926997b3

SHA512
829dc9e91a57b2735fefd6589c6db5c9711dd00febe2d8830809408cf5930b70e6bd06ee8e19ba48dedf8705a65bd8f421bc44d81bf11c053631e3da2cda0806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
165d37be13d9da08c6e857226f89a765

SHA1
c48dc3a9f233ec6c936c6915d6b379652077ccfa

SHA256
5cee695b899cab35688d718868ab2ca0b93716a5d839f6ddc10fede0c9a4529b

SHA512
d0887b8006a30c91563282b16d80199416df85e06668ba55a2368e54f8f0776b4c3cce329c385d8c61f7f7d0b1aac3bf7c3e36ab114ac8ecd690998fd684504e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
06da027b169c1dbbf92f79ee01c4bf22

SHA1
35f6b849bbf7ba0dc078f0714066ae976e6e2698

SHA256
267368aea9b3a710f0c60d74d78eff19a2ee5b4f9c80782d715c9796501682db

SHA512
41f35c30f674af8c225a1cdf694362d26804a43719c7b7b76e4f535ab134a41b3c6fa3b900d20c43f65473763c737aa77ce27e4180b2947dfb3584e1fa782d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fa16f6f9946f775f02593ef7efe5c8f7

SHA1
cf83bb2ef0969b686368830419b6abde4c29b8f0

SHA256
0ed10d92444b33281af89427b9db90ecd3870c41c8cc87339d82ec939f0acdd5

SHA512
cd94e950e61f49d08476567b01ff2a07de298a1de1937150a5a11dcbc39aea97e1428c435973a3647d14740f3f2314de4ac92428d7320039279eed9f67fa515c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8ccb84d634c67ff9ae8797c00b8fa876

SHA1
77b36f6c103386998f82c51a26e245f7caeb31eb

SHA256
a8444af50fe5b89d5242a1d120de232992f685c6eaa44292f0575f724b76ce09

SHA512
fe00d61e3902bf9f8610066731cc7557194796c4c12d7d116a8210b57c90f9053784ba37af3a0170a38cb089f46e2fd3d2a56e060a6945f264b57390f1a2f59e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d3e3bb4c037793d2346a3fc12135956d

SHA1
0b980fd139a9d480f1333b8c88fe693d6f71994a

SHA256
88c02331d75fb0acb46d25766ade66023f90083cd3edc89ebb6bb9b5a45f773d

SHA512
8d9cecf54633a095d32466df64d7fc6044e36d4a511c5b2b30ca20e22b47254772995c27eab220d02db88504df9f7059c4e0c60dc9cc309710ff13ec1b83b6da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e98d5545a92d9aeccd9fdbc27784760a

SHA1
9597f41655abf9a08a613b39729eb8d46131dd9f

SHA256
31665e41f7ed6c2287bdb1146a4ee07d2856c321c3b0903745941a80c14bbbdb

SHA512
209d53139da1d054ccb1e1cd517bdbcad58cccfba349f7e7d4887c4e34b795bc2398633bb721c67317fdc79c0dbb02e3b971df6b12604de9e2ba2177fbc2ecd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
86d579f5564f40eee23ac62960c8a2a2

SHA1
3ca0731941a007eb10eb19dd762be6f19510bcd7

SHA256
a31058c66817f8956ac73873b4a73ffe5ecb43f279843a4eb5e74859af3d1418

SHA512
e9df8a63bfda1b270dc99769aea50e6d8b36cf9f4aa6798a85188fab993700b9f47271fcd8bca9b233694f5965f2db19c8c3a10e8d7d33d06e9c631a89f32e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
3e7e731610272984f4c4bef8efd7ee47

SHA1
1ee21773b5957c9b7ef92ece422233137ea612b1

SHA256
95c1100a2f336f75bc740b697f470cfbafa2540a2cbc46417cd997da1cc02b66

SHA512
34d9814bf64e1ee45cc3b7a66ed68c633382d03f3d7de3a9d34118a426ceb56e80dd6834f8e952b5041e6fada7c2ea4d9a01e171182cad8f74109f3f7ba14118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
32e6f24dc46239a1293a9b9efc65aba9

SHA1
e8f587d746b107e9fb8df97551db09d4b51abf7b

SHA256
1a8c0c0d9d90ed3e9ea079f65d498b51f8cec39ff59102def8939118f265b23c

SHA512
2edd77b59361b49a1410fd93af2e1d091eb81c265434023970bd90f781da5dc7af5d512c1326ae26b2853aadea7cef3d6ef6855041f7e484c624e9cd67b5fa90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
78e5620188ddf51f19394753a536b762

SHA1
b650fd9781e98d5c3f5b0092653aa6e35eebf89f

SHA256
8fd2e11d577dc434b42301d2ac3294f9f6ee5d7583faaf24f19b1b45dfa7c47a

SHA512
acd0b49847ecb50fe3fc14c1509a8cfb30b50d470a27eb5050b7a11385e6174f3225e3b7ef4d6414efd30d5a4172a4b206330d62ae904ad54817852c80088091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad28.TMP
Filesize
1KB

MD5
05794a590095bc97d5f8129c10486ede

SHA1
1c72ef3e9628d7a1717271f1ed5423d762130a8e

SHA256
69f1a1f6ac49deea02da1f7b69115e6cd198cfa43ef7c499c1ce4946d73ca8f4

SHA512
36db7a512bc3c08e1ac3df9b5274f63cb069673bbb518ccea5f26047713ab60035a5bde941244c7b556f0236806dd5be1172aff5211b0e8cd6471b710c54fffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6f17bce6480389de731a5353e0cb8505

SHA1
9f74a9c1f37ff784940cd98898c5f5bd2f52279c

SHA256
bf122ca4e376740b332ebe044e01849884a0727a275a3ace059fb2f62152b32f

SHA512
65fb324d0f1b05b1025583e09e74c72aa38449c133dcd9fbcd450981a32d38c04ec82d339ac9860677cc3d493bcf8a6c67c8293026252d0bb39119a6eff4c977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
f99c6fa6fbe9f680097315e09929dd5d

SHA1
5c02c2b7339f96d3eddcd9df1da1c67fa257c1ff

SHA256
923945498a54a1158720b9e8b50e6355ee59327e354fe56afb473b8c165f50aa

SHA512
9ef95293d69777a5e1e3841d9f91a244a35c959ac3943597eb0279f3b8986107fd79145ea4dfc4dfee0edbe263d5ac9b578a0c6c8ee2fd03f9da2ee547af2a1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8d6e7a8a767fb8492a91921896c1fefc

SHA1
1587ef2ec8d3b319425f835660096be114d0f733

SHA256
fffdc3027d3e93c245fdca34f545ee18f10393a7a1478cd8299c053b4581ae5e

SHA512
fffb2a38c1b6dfdb01cff831f6cd541b8eb8094a66b6a64d12a52e20c02c321ef5f89033406b3394c617abbeaa8c32e4a776b7e790caa243c7d2d14746c66ff1

Download Submit
\??\pipe\LOCAL\crashpad_4852_VVVFERRQUISTCMQE
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit