hxxps://sites[.]google[.]com/view/adobacrobatreader/home

Analysis

max time kernel
45s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sites.google.com/view/adobacrobatreader/home

Score

6^/10

microsoft discovery phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

6 sites.google.com
9 sites.google.com
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
6	sites.google.com
9	sites.google.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

3600 msedge.exe
3600 msedge.exe
3836 msedge.exe
3836 msedge.exe
4592 identity_helper.exe
4592 identity_helper.exe

pid	process
3600	msedge.exe
3600	msedge.exe
3836	msedge.exe
3836	msedge.exe
4592	identity_helper.exe
4592	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe
3836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3836 wrote to memory of 2764	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2764	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 2780	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 3600	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 3600	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe
PID 3836 wrote to memory of 4224	3836	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://sites.google.com/view/adobacrobatreader/home
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafe1146f8,0x7ffafe114708,0x7ffafe114718
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8777814468055035661,2470158114939959498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4301527348642cbbf09fe7ade2cfec9

SHA1
b6e518bb8f474e5166defd3efb7f99a00689280a

SHA256
a55fa4465782542480760e3b3c780adef1682b38615b151980e4d0638446c2c4

SHA512
860e9361f61c28abfd20184bf06d7bf11383b28da558fb84e55929ef1fd5079a5422bd953631c3738790d2b4bb2aeda964cf171d60ce784454862344ed8fbd30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aab10d1924b9a2fc054dd8f56ca866ce

SHA1
32592ec04f571c0e855cf60d923f04e994f01a60

SHA256
9cbcd9801bb116e8c5910d9b49591d902ea3e646adbe651bab6fcb8bd16be9a9

SHA512
192d45e455a6ce76efb663be1437f6b594baeb22a5155be03839fa776fab11d82aa0ecc0afbe6b98d414c375a86fe8e081ca890939aaf2ccc5b16c82a3355e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
10c3c395339ea5ccde05daefcb8306b8

SHA1
338e9ed3ced96b5b615e7a3cabb6da26170ec98e

SHA256
c0ef3a6189d75dc74a25163d3da5bc874fa9a0a43cf5d9fd220ac909fa24d865

SHA512
19bc59f5ad5c914890e5bb25b847b3e29e4b9c3fc836d05bb8557fe3a4ceab5e5670a21f7dd6ccd9184660cbf4f01a448a7b2b9e089345af5495affaa154519d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fd9706e28208ad5645bc1acd26ed04b8

SHA1
84e57ec274e36764c289ab745e18ee17751088ff

SHA256
e9630b7bb8681fb815e3c9a55fac8b7d2f494eb57ba9012c4be8118b00433d92

SHA512
bb3c9725dbd8a1dd2bfb79b8efdf036449fba9d71bca740d36084e7487e11ea6f00c55308920535b97d5517fd4001daa33fcb411f210bbcf9b8d4e3777849b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7d5d4ce3628938cd78788751765cd78e

SHA1
4689acf300f367683e2c17265fb582c86e031d6f

SHA256
1a7a62ecbadc518a0beb6fe38a0e5248ea579f533614d8f529c879e48d2b4e13

SHA512
35c44c2ce7de23cf9103e1e709e8289186050162d3120c43df7f953c3231e7171c18b4575c7bf5ea658e0ed4a759f0c1fd8170a65fd534d5b4824dd38805ed54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
15b6701ec16081bf805ebcad96ec5487

SHA1
488618ce8d45360e5525824f8c016a863d2af1dd

SHA256
411fb5878dd4e53a12d6979075cbc8525d8595263c39fa210d625666a1ff6237

SHA512
c543fad2fded7de2c2acad7520c51eabcb4bcc73cdeba3749ec1d824707bbeaa7f7a4930734d404e5eab6586796ad74f06915a6a53e00cde8f85d6acc5d719eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b602.TMP

Filesize
371B

MD5
1b167a20e4c7db1b74377d483e34f1d2

SHA1
2d9ea4f7e60d2a4d90cb0d787070bda18d2e68f7

SHA256
ca26c67f3b6fd3dbe5300592a9d6feb6f2d5072ada76c152f9b96411eacb94bb

SHA512
960dda6b5ba88fdd8ab5c2117780800ccdcde730f3e67183abe8294da7b80e814509968ed6e1e2a21840f14d039bfbdecd1242b39cb1ec8aa4546250454f304c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8bb0e460a2779896ddbf42c11ee8e096

SHA1
9acb930266dc5e110ede16ab24d68d920d474829

SHA256
e4941a1dbad62e04bbbd5f5ec2bd3fc1662f87ce046ee5e9cb44bbb9025e4879

SHA512
20ad7c4c1eca6f78aa5d03699f5a071ddf2f684415746cea93077c252c25bb3d2b1690b3c08c9b686dafb83fd025cd65c5701191e605e211eacbbfe4390a5697

Download Submit
\??\pipe\LOCAL\crashpad_3836_XJZAUXDPCKKVLWLW

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit