hxxps://sc[.]link/6LEuA

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-06-2024 11:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sc.link/6LEuA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

4588 msedge.exe
4588 msedge.exe
1872 msedge.exe
1872 msedge.exe
3340 identity_helper.exe
3340 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid process

1872 msedge.exe
1872 msedge.exe
1872 msedge.exe
1872 msedge.exe
1872 msedge.exe
1872 msedge.exe
1872 msedge.exe
1872 msedge.exe
1872 msedge.exe
1872 msedge.exe

pid	process
4588	msedge.exe
4588	msedge.exe
1872	msedge.exe
1872	msedge.exe
3340	identity_helper.exe
3340	identity_helper.exe

Suspicious use of FindShellTrayWindow 42 IoCs

Processes:

msedge.exe

pid	process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1872 wrote to memory of 528	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 528	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 3776	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4588	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4588	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe
PID 1872 wrote to memory of 4916	1872	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sc.link/6LEuA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe401546f8,0x7ffe40154708,0x7ffe40154718
2⤵
PID:528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
2⤵
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
2⤵
PID:4916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:1796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
2⤵
PID:2572

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
2⤵
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
2⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
2⤵
PID:4412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
2⤵
PID:1476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
2⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7862695606476701966,3570736664690153318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
30KB

MD5
02c4cc6d759709eba3f82adc2fac19dd

SHA1
769074f793e9913f2921582368b86f0b32269d89

SHA256
1109318670f3f0ed4881ef4d85ec2fbb9fec253df4e67259064af2dec0b97e1e

SHA512
cc73116fcf0f6671458a0cf46577f6c6acfdb53ab01db09fccc04df6196d78551e4b03593cfd034ad0950d0abc587173e74bb734ae62f9dac726eaf959b8e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e
Filesize
32KB

MD5
e13edde4a25e96e573f37bdd11e020aa

SHA1
84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2

SHA256
45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515

SHA512
9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041
Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
1KB

MD5
1c8256bad83802bac11603a839cfb54d

SHA1
42a69e91cacb7e44238dace8245277b085a184cc

SHA256
39f7e28e82e742e638e9a4973743007394d77f330f733e769f6c76b991d00e18

SHA512
154c5f0a12a5d3092de57204e8a7e4704b4055d81cad82b6e5137d3586aa13629166f0db605bd411900377d78957cc4a0885f97a3f761a590501f3080698db48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1008B

MD5
81c31db2b669b4150d35109616438fcd

SHA1
d738161c6414d3d4694eed98706f30086a3f81e1

SHA256
4a5d18443cac85e677e62078f9db413450c3f5e76c75e186d6a9af5d6522763c

SHA512
ef04b35d1758016604989ae947ec02f2266ca08987a1565786a11f2c764b6a947ffda468e56cfc4bf23f6e0620e62ecf2f050be46ccd8e40f90f25517b4427b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
528B

MD5
fa9fce66954af5444baab164aead2b95

SHA1
b6d8e7041fdee1db918f5d2b4422014dec535c17

SHA256
2561021072e8873d480d1b4bb4268359a01f0699c1e26a28a736f239d6c53078

SHA512
98930f73dcc4e446b4df29819e714eb8729f1c5c5fd7aebd4727d232ca6c240de22705c7f519345da83523c39edbb040153578dc0c8502249ff7ec23fe0a18e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
3aa5914d1b27c1e01520e705036a5a93

SHA1
2d32727fda9e5125542f1637bac66482fb996438

SHA256
9e2f2eed0bc9abbdc5d9997500f4da20a8c8ba9785adffb75d6f5926e4abc1af

SHA512
4952d5ead000032008c89c6b199e22632e7f42b8606dd6cfaee4225efbb8b0bf0f545a7ade85e1e6afd29a22444cce12c216281c4fdf9695f618fa6d10864ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ac086d4cd2cdc51ddf91117988e34e87

SHA1
72a7246e51cb088e71a1dd5e92831605326d6484

SHA256
4ce3cd5356ca5417b9e1acc067cb53a8fe51efcf5e5a55d137f2365d61c48ac7

SHA512
0fdc2c8a8ee404b77e916431e560e502b039a359fa5722eb0e0f7ee2a2948e51487412c469db23479087168520cd815b211e21a9215e441cb015b3d91e614b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f0eaa404db8241348bdccb2dba17f4ae

SHA1
0f9a376d2279324db88255929ea2480b1e9aa20e

SHA256
25e34c6a8c0daa07f34eef5af9ed5d2192641f32253b758e6ae215606ea9b58e

SHA512
0c6958733375a39e2471f391f8c5502fb9253f0e2b1cb75d091221a6b9175441565c994e6bd0bb6ac30b51785ae1a4f3aebd6d4b0c1016c130cf1c8aad9e29fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cea976c104cbe3202717f9e547c202b6

SHA1
d7c9fefa3c8d1fb2d305ace81f3f028e02ddffb5

SHA256
e3eeba4c7ff97167ee1ed86430fe144ffec24c51140c8e1a2083962a62333016

SHA512
3757d735f4cdd09c90956bf9b117e6a6863dc9aac28df1993a1198b315b7214e74e0a01934b846cbeb602bd0d38641c51da5c3d41b2173eb9a74df28a1161920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6d8d22bd58e95830c76e2f9e1b401459

SHA1
9294849204e408ceb9ea8f7614471d16483ec797

SHA256
45122d5908ea9680af816ba33b34db6b3e008d9f47da26bc73fcd9a80a627293

SHA512
9a4efecfb05b781f87c7ae7742b40df536bd57a4ec3d4179c3ad8b958e78bd9bcbe7bb994f60b779cef1ad85171917d368256e9186e3266b2bef0e94a983457f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6e3413c829814742abe0be0f98c1127f

SHA1
cf260e002700319b12c1e197647e562d1c0342a7

SHA256
b22fa47fa31288d3eac62e387e1665e802dc6e34c7f3f4c9d37aedd9201d79c0

SHA512
b627e59f66d5e9a890c33a1b59afc48bbb4e41c798ddef648461b4c8a626e3a04b1b334787417910bef296b1a51d47f1a4b3c173dc5713f95f00fef7cd616ad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d3ecbc7aa2dc5e51a99cd922e54a7063

SHA1
dd9bade5a66c2f135cb91829ab1e77f3385734db

SHA256
f85fdd81ca95534a8d21503620d78b70776d3c86f083470c3b7b438506e41ec8

SHA512
34e6f6520f912f5a74157db6c6a6491e87b7b68298da633cfb678d72c5dcf8221104aa125940c14dce77a020c90a086c185e68ad6d160b4111bf1a49d91c3bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
aeacd9418d0a9b948f1ee1d4ba364ad0

SHA1
8caea950fec55a53d0d183a645a9897d33cd7735

SHA256
30d8d6d037b844bc2c7abad12dd69b73cca28b984fd7815b1e064ffb974060ba

SHA512
30dc5240f092f9b64dee182fb3389909becca086b5f506d9dfaf49d15616049b0923afccd4fe369a406445bea3ff9c31ac11c9270b913dda97142835eca68fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
1f96222fa503f4128d439f7b32cc710e

SHA1
e16e8916faea06ed76f8cdbd9d902ff1065c5195

SHA256
378720d70014ee16cb91ec45511283a0ba6c296595708bdd7caf0d5cfe774565

SHA512
5b8c4d9e47ad85d6ec9dba7d8af61dba602f9c2ee903e847f50551d7896025a95d4f3757e6fab266a0e02ee5fa8932f6016f0c4eed0fd3467b547a62daa8ef1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e93f3f56cdf3ede3288a84adb7376b4a

SHA1
11f947e07e488fda564a7e9fa2b04326df02518b

SHA256
e88370a200273231c1cdb497d47d91e53586cbf890ca3120f3c4105cda9b8bc6

SHA512
a80ce8fd218062964868104459536d0d8304e7f537ee490c35ab120f1b547257c6246590c5ac947c8164235efc202a5ec9f9c3195fc3f992a1b7de13831c4ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
873B

MD5
acc5f33e1c2ad5f8c3e070a236b86f51

SHA1
ae5d9ca22f5f3d2dc2bec96144da6b2a0388c0e6

SHA256
8d303c52989dfa1974ee2a3682d0059acd8ba8db82de85d390da8ade6f51d680

SHA512
e20d5152f85ea5bc22c94bdc1c7cf24fa5046f458f438d21d1096d8e5b572376ccd43ab7cc2875f01bdcc27ec55322c5ebeb8049f4eb0fcd7e926e75cb2a62d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5801df.TMP
Filesize
873B

MD5
ede2d765c2b059fdbf95e60d4fe6383d

SHA1
76a3d6ee50e633ede47c606eb6ad00b2067c27b7

SHA256
4f0e3078c24dd8e47b8923ace63ea9f1ba1b305d55eaa74a8effdd266be82523

SHA512
09cd20f5246b38bb31b9de7edbab9f52444f99204c9adb65fd1e7b33f6a4dbca8c7b4bdef93211ccb70808b1571069849ea595d060b7848ea14de8a688fd144c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d91ed6a5-5e99-44db-8302-ed0cf8a27e9f.tmp
Filesize
1KB

MD5
6336e3d147ec73382f679f14190dcb54

SHA1
97ed7d2c6b8d859e05c8828a8c22bafa6af11646

SHA256
bff893f89164b3bf170bde53296e50704b83c35dab1e9a51fd3990edc56aa0f3

SHA512
2fab3e7d027f1b3c03704c2f7f84b5a5d31e8eda2accec63e8ddbab2494a2b4026031a8215e67ee478996ea39edd67bccbe862fc0297e9f7539c3ea72617d780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
eae43f5111280b75ba39107eefe0ec26

SHA1
c89e545938f742868824113277ca8bc61434dbf1

SHA256
e2a35d556fc5e3d8bd695b8034671b95b33bf9fe4307032dd6b7cdef4cd6951b

SHA512
2f5ea3ca3e05b87ce17a27a4527521a3a74b03c933fe865850973185e0192cef56ff0b1a6bff4545da80f28d0b6181f3e7a72e73fc7d9d71128f9d3e3c2aaad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
18518987a9ff5c45e67784fa95a5ae34

SHA1
c5017ab878eac728c5b0574638e6e1e812c0ed32

SHA256
00bdb76424131e3c7277d049f1f20ad25e1596680fb627e8121550a3927b044b

SHA512
46bf9b6aa712dec3b82d0f8996d3136c85569f27981a63b1061ecfcba27a3437a0790aefe243935279a1b5ccfc22a38b1d2f62e3fa0bd0602284800d9ab6004a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
10KB

MD5
9185fb0c367d161972c7b347153becc2

SHA1
be1e760e2e9d64c986ebc4ae768e35b12b90474b

SHA256
778cc162f1ff8013e87b2f7af1fc83dc05a9a572a267a8f0de01891df1e4a292

SHA512
febcf15d1992b113a2657324ad1d5eb6a020f101270ef92d587a621c0fef2f8456d20c571e7c381850f7a32ad55d3c0c12d7b8e570d406b1088e83957f0581f1

Download Submit
\??\pipe\LOCAL\crashpad_1872_KIHPTKUMWBRALSVM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit