hxxps://sc[.]link/Qlyrs

Analysis

max time kernel
84s
max time network
86s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sc.link/Qlyrs

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

5088 msedge.exe
5088 msedge.exe
2328 msedge.exe
2328 msedge.exe
856 identity_helper.exe
856 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

2328 msedge.exe
2328 msedge.exe
2328 msedge.exe
2328 msedge.exe
2328 msedge.exe
2328 msedge.exe
2328 msedge.exe
2328 msedge.exe

pid	process
5088	msedge.exe
5088	msedge.exe
2328	msedge.exe
2328	msedge.exe
856	identity_helper.exe
856	identity_helper.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe
2328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2328 wrote to memory of 3216	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 3216	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 2272	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 5088	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 5088	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe
PID 2328 wrote to memory of 4176	2328	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sc.link/Qlyrs
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbaf3846f8,0x7ffbaf384708,0x7ffbaf384718
2⤵
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2484 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
2⤵
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:3360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:1404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
2⤵
PID:4140

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
2⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
2⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
2⤵
PID:4964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
2⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4752 /prefetch:8
2⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,5278528299448126311,4338611695736695668,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
2⤵
PID:2772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
c4e25ca51e039fc24864486adb0eeb64

SHA1
2caf3f9d4630948ec1c5eed853f1c36e4389bfc9

SHA256
ac5266babfcce7c8af79d7295ab2f67951cb97ca8873f48263eb9fbb99650cf3

SHA512
00ad3d0c6e28168d3d1216aa1d3352389eb6c6f5f4c4782baf79096b24abd3c3bbecdb1b7a7c2af54c5cfad4cb71a85c9c7c2f8f014aa72bd9a7da98b351648a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
337c76b034992bee3a554a83cd71463c

SHA1
1c7581178ebe2043a986dddd5bb423f982457b72

SHA256
e2b4faff479742041c8811c988c8458c4f23dc1588b0289b2c1e130f14ede86a

SHA512
0e846408211a19f68cab8c1b516190212be60cc9caa75533ff8b002bb47eac95d86cb90c087e256329935619504e9488beee937b49ae3bf63e7f45d9fbbf00b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
e6f9ad9d5300b04014c126766a61f7e1

SHA1
53d8db0d6aca95f179da623578cfaa0ed8531840

SHA256
76e05d76b57694e7d49efd473e8c957d5e03f8f52c16b816b65dfa612a9e81f2

SHA512
b8b6092238ed6b29dfb5b12c915b4a4b71ba2247ea3e38e416593a1360985dad290ffd18814c250d759275d1ea56769b5d416e1ad54b432e938b4ef9ea7e009e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e8a1adae354344e1174ce96b31ba9c90

SHA1
46cee0bf8e9fffad89a9eb031c8d25951e2b2611

SHA256
fe4fdd5c0e0edadf4195259eec560803e8cb33791cbb17e352b4ed158dd6c93b

SHA512
be31b2a7e2327dcbf68e6cbc95ea072bbf93dc37e228b717979309cae67ae11481d2ee9a5a9c12de1a242f1d98197ccda029678d130a49d17a5985c2eb962f9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
86d09aa51e94c43c48b02c59cf0bfe6a

SHA1
cfd794d949d589b2f3e8a688aeb531d3e97e1567

SHA256
a23fcc9d4fc44181172f7daf9abe28a08cd526749829aea0064026434967f158

SHA512
be7b8419f32a3bab2023fa04b480d3f3e2afc47a3531f8e3fb13197563201388a2113defd00256cced819a234ab90fe8ebf24599fb3f5574e8d580ee6c5aff17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e5242682c6beccdfd9cad8c56e50295d

SHA1
b503eba77bbcc5048afc706e098e5f9895e58097

SHA256
ba1e6ba963e1641b4324f56f80e8277ed032a3390910754e536e0fbe3d2ce831

SHA512
6399a4bccd334fae97b09115b090a7b2d237ff7fe58e4d3cb0678b0060c767cf8fd82ddd4bc7c05fdc7d96e3b171b5147cb285cf8c972925936c62b430c010da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cfc55ab3e8a65c347a973c6d9b226d79

SHA1
af561420cb1516b57b37a43ebca05d1e0a26b9cc

SHA256
932bb93fcb944f5fb4cc651d47dcca57416fd46bd63ec17e85447b101bf2a51e

SHA512
77bf44999c6d5915bc123c46fde2598221f8a3e7fd166344952dc6054a8f7979bc0d49888b231968f0b204003239b9bccaa5d6aec421c9cd52c252cc951264b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
6715754ae76107db623405480c04e2d7

SHA1
8701cbb84aeb66e3b2b966a02b38be2045d5a00c

SHA256
ead40f050d968e5118d77da0bdeb40d6c695cfde9cba4a2f0dccca38b45a9c49

SHA512
46c50179c62a0527cffac688c452717cd6e19d2772f924934108e2cd3501e35655e61e5f8bf79bd188521c89adbf9e0fe117a1389502f6a1d7be1f62b53dfab4

Download Submit
\??\pipe\LOCAL\crashpad_2328_GUNPHYHEZNVVUPJY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit