hxxps://link[.]edgepilot[.]com/s/b231ad02/YBzE8VngNkqjoWJptcOw-Q?u=hxxps://accedersalud[.]com/

Analysis

max time kernel
147s
max time network
152s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
15-11-2024 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://link.edgepilot.com/s/b231ad02/YBzE8VngNkqjoWJptcOw-Q?u=https://accedersalud.com/

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\85135e6e-d340-43ad-8d27-f52d0e5cc941.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241115172745.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	Process
2792	msedge.exe
2792	msedge.exe
4696	msedge.exe
4696	msedge.exe
2716	identity_helper.exe
2716	identity_helper.exe
5852	msedge.exe
5852	msedge.exe
5852	msedge.exe
5852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 4696 wrote to memory of 3068	4696	msedge.exe	82
PID 4696 wrote to memory of 3068	4696	msedge.exe	82
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 3932	4696	msedge.exe	83
PID 4696 wrote to memory of 2792	4696	msedge.exe	84
PID 4696 wrote to memory of 2792	4696	msedge.exe	84
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85
PID 4696 wrote to memory of 4588	4696	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://link.edgepilot.com/s/b231ad02/YBzE8VngNkqjoWJptcOw-Q?u=https://accedersalud.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8ee8d46f8,0x7ff8ee8d4708,0x7ff8ee8d4718
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6c7925460,0x7ff6c7925470,0x7ff6c7925480
    3⤵
    PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,803923742861658636,13028269152147130560,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
63716c70d402b580d244ae24bf099add

SHA1
98a3babcd3a2ba832fe3acb311cd30a029606835

SHA256
464f0f2ca24510abc5b8d6ca8240336c2ed1ddf5018fbadb092e18b5bf209233

SHA512
dfe1a5831df6fa962b2be0a099afba87b1d7f78ce007d5a5f5d1c132104fdb0d4820220eb93267e0511bc61b77502f185f924022a5066f92137a7bb895249db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0f09e1f1a17ea290d00ebb4d78791730

SHA1
5a2e0a3a1d0611cba8c10c1c35ada221c65df720

SHA256
9f4c5a43f0998edeee742671e199555ae77c5bf7e0d4e0eb5f37a93a3122e167

SHA512
3a2a6c612efc21792e519374c989abec467c02e3f4deb2996c840fe14e5b50d997b446ff8311bf1819fbd0be20a3f9843ce7c9a0151a6712003201853638f09d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
215KB

MD5
75835062e88449cf484abc227462ed5d

SHA1
c5c8a396694588df46d1a1bc6121a8c31b9f1802

SHA256
6d3c90c3d210e037228afd88a1953438bd683175f9d5f8fe294aaf6233c071b2

SHA512
c13cc21016316931f9290422a3a3876cfc21711e29a26f3557f72e240eef27216f429a228d9f17bcc2324ee1e0148f198615febc1fffe5a71f74cd9eecdbf265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
5ef5bded016ce732e1d85bf0d2e1d63c

SHA1
7757efadd9fe3e830fd8166b8d196c4446eb217b

SHA256
d0546bed7a6251f43ac2da93ed0e1ed17d2005d45b0a587ac8d2db2a1946538a

SHA512
d1bd0ab3fb044bf3ffa1a819e3b918082c063f9f81c09b2a6e51500204e8604e3fdf1b48abc98a51cd7c227a9e58663d939bb30f9bbc390289d865c00a991b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
17c2642d31f796b4bf55122e530e9239

SHA1
90c1cd58a51478c8d41c97a0cad5bd83a4742a11

SHA256
413397978e06468723d522730e8f2b2a4c7829e787209d22a17a6db21df46d9b

SHA512
738ae9ac991ff6f5bb542ddfc92f22b4e9ac9d84d48041facbf0d316d889f0aee63f9378f61ae64feadfa7236feaa6eaa27b17435a421841a488de740b72fdc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
698f2e41ba33d26a8c483ae62526d847

SHA1
d723a40b15452e32625a00cd942b6c0352adb748

SHA256
0707d22e5422ee70b7cd1fb5d90e9f3b86bbca85f0fd1bf328cde41deb5c48ff

SHA512
624afe85600b44b0f470ef117c1b653fe95a4da09d521c1050026faa0b40aa20f12f2a96589ebed250b626ca37605251c6ab1856c890432cd90c93f37d6af37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dc5fe52a36749d348285156a6bdad3b9

SHA1
a66e6b0d2c84186ec38c49b69cced70e1f83dccc

SHA256
6fcfd489e154a46240f3df6ed2d74c12c864f58b0771147e5e83643571a0b9dc

SHA512
6103367300756f11c593be46e39b5d9bf3522aacef204f30e49fcdc0c36d62dc5cf191cf02b8aa2898c7830b13a8276f7fa71957153002e1d57bb9c0e7e65168

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58dabb.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c77f223e51c5fd1779c2e58f2077b368

SHA1
9668bef723f1534fc530f54e6bc606bc51a4603b

SHA256
c4eda8859ee842e6717cde94d03b318d4f14b65d2f827c406ca74e88f6efc0fd

SHA512
fd1ba4d72176c36b0686ea9450f88e07e2d90457f43e0d35ec1cf2b4191982961e70c3d3c61ddab4fed2eaef187a5dc907a593c57bb1573284144d7b48eb3a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e1a1b71a1a87d6712ba959397c3d6c3f

SHA1
3a37a4704649a5023ba062ff6cd61879399bfabf

SHA256
8962d6a183e992e5dc37233dab1d091e512841392034736c983714ea59fd0a3d

SHA512
7b00974ace81df09a23835103ece5435559ac5211f759132eed9ae639d58b92ff6c4703ad90bcad9dc0f10f397161e6e43a324716cc2da63e57a4645150e998a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
40ccc827367d1f5c78bb1bad5fd2f93d

SHA1
114b36995379b3a9de63a2f3c05f5b9fb0a5f442

SHA256
fbdc4861d56b794cc7b76e46fe4b5475d234d39bc2e3ca494daf2af75e39d8f4

SHA512
dd5d1eecef71f05eac9e7d3276f6cda26fe783823087e0c9ff81cb098f9f9af7d76dd60c72d36763ce2a4a4aef39869558a8848794c479d6de4d05de7baed7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
aa10f656cc16d036a580048ba0bdac0b

SHA1
52c15a55cc3b56bd1bf5dd0efcd2b66413b7044c

SHA256
166d97573db5472f64c5d066f2b07e6fbff2f1f9d5858fd7757548e334e9220d

SHA512
748fc7d5155285784ecea52d01af8168213210231a698073945b30b4989ae28463a7fee01e24792fd33b17744cd54587f801c5e836c926d700724171bb0000e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ee8e616a03201ab31e032c60a6d81b15

SHA1
4fa72ee1a3ed74f7798b3b58cabe174c675adc12

SHA256
2d77f4c62538359ca9c795a3be97c3817adb7954e004fe4b85cfffbf216f64c7

SHA512
97640f1aec0c917ca0bdda6f0228eff1d4274d2d681c73206be660697d3a7fefbdeeda23d6e3fa853228be633b4988e543a41f84bd027493c7d633089c863151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7556eae0ad94df843d3dc39d121f8544

SHA1
d4b2371b1eed0527e9214e95ce116d863dbf2916

SHA256
0b87cf0b6d1ef308f6a6409f713da47e63d3933d11438805074b32f0f40dbd57

SHA512
27f7b248bd5c6ecf6fb14395a9127703d4d6c396372b8d23125db239a65c6602105e561bb74bc7ecb632b441dff0d5f6e608d0891fe97e207be0ca70339decfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed724a47b0c8f77a755f8a1e39f056ec

SHA1
1944c473ceadeeb5fce79f8c2a5ca75f5444f9f9

SHA256
dbd2f8a1f2b740a93a15146fb0cac182ce7993ee937061a2fbbd4515408fe071

SHA512
e0fb7bda923618e23722140bd7d22f5410560b0021d99508d754b52361dc58ffbadd11c6c87084ca50ffbb6cef9d495ee3515ad6df4f166c5bf491f9662c03c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581c2e.TMP

Filesize
1KB

MD5
98802c1d2b4a52274bc1f66208e03de1

SHA1
573634712a4c7575e4c469c6cfcc2b5ca6e97088

SHA256
50d0982fcb18859e6d811eb38c474063374a38bb822bc2079c060a71d8a65bda

SHA512
4779cb13af409511103795924d393becc4acfef701ecd547a7cbbc6e3d2cd65f4b22f4c65b93b985afc01164acb951828f2152d05c3de4effb95227498b730fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
85f1dfccdad28d260002170bc0350794

SHA1
dcf5eddc03d3593b2728e5afe1f172cb6918cd79

SHA256
f22bf5429786d65f064a3f57a71ee6b729854b72fa39f260f80606c49f99ce59

SHA512
6e1186d256662eb211f867ea22bbac1874b40d729c2ee367e9a96b403f38a339f036d0da90a71bf95bfc9494949499300f3d376a0c01a78622341aaa403f7b48

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b625684ebda53962f32fb3265a794ff7

SHA1
c6ea92379e15cb03dc0194dbaf38841b62c26d1e

SHA256
79ce58a6ea26d864a46a6d84dbfa63f75c8f5e2083e37b253850e9eab067af22

SHA512
9e2d5a569df18615dd8903522f4a6ccd31650b587db68abe4a5968c1da7b91a43a2c58ee8dcfebd0f2141b9123e7d97796a5ed1221d7e732aa9438ac012bcfd5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f5f264dc214c39facba6a42aa9140e6b

SHA1
e5a021a2fdcddfe33727758356d20ff639193fec

SHA256
7067ab82ff10836693088aceb26eb4a4edc38e4e1cd35c406f9d0814305132fd

SHA512
1d1ccb2cb61dedc661f5e228622859fdb2e58b4b31e6e88edad3346b39483ecb2a39b76647252226b9d0179f9e74ef951ce6f8eb5ee05693d2184e2c59b6fb20

Download Submit
\??\pipe\LOCAL\crashpad_4696_LIMCXHPRGLFEMYCQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit