hxxps://shorter[.]me/ETaNN

Analysis

max time kernel
54s
max time network
58s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
30-06-2024 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorter.me/ETaNN

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

3648 msedge.exe
3648 msedge.exe
1160 msedge.exe
1160 msedge.exe
4636 msedge.exe
4636 msedge.exe
2992 identity_helper.exe
2992 identity_helper.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

msedge.exe

pid process

1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe

pid	process
3648	msedge.exe
3648	msedge.exe
1160	msedge.exe
1160	msedge.exe
4636	msedge.exe
4636	msedge.exe
2992	identity_helper.exe
2992	identity_helper.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe
1160	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid process

1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe
1160 msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1160 wrote to memory of 4452	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 4452	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3012	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3648	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3648	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe
PID 1160 wrote to memory of 3052	1160	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shorter.me/ETaNN
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc88c43cb8,0x7ffc88c43cc8,0x7ffc88c43cd8
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
2⤵
PID:3012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
2⤵
PID:3052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:2036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:1660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4636

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
2⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:3284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
2⤵
PID:3424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,7719565937872674219,5520887257691402789,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
2⤵
PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1584

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416
Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416
Filesize
230B

MD5
4dad0014aab0b94b9c2e5c3c89cd05ab

SHA1
82c4a2ef376d115d48a2dffbfd17b95b6ac0b50a

SHA256
4c60f90c5596351ab61e0ea7e8b460333df31241b9bc40c1e8d87e86a215375c

SHA512
faea62a37ffdc1b2cbcb1f89ca07a03bc44c8fa4417e1675c6b792c85d887de26ee659f48c3ff463c59b28242fe0d09234c4b0c068e7c4a27961728d4bbe5c77

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
328B

MD5
c7f92628b4c2ee6c4b452be942cd3763

SHA1
c8630d26cfc515f306891ae923b0902c9ae1e381

SHA256
1ec4c2f5bd58783568bd8a5f86385712238cebcde8f5299c0faafb48a22fc87b

SHA512
52cd04e2b2cf63c2f011ddfae680ac3a8a9d0d6e9fa93f719e002de640cb5924fc5d56611491a326e3ee70dcc51ffc6cd2fd09a318cf9302c0f7df1be4905203

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
2dfecbb576ee9795c5284da8a2a3c7f5

SHA1
f1f0a6a97850aca2b4ab267a017564af02f24948

SHA256
dca6901942fa748fc01339192c0738a06847d8497c9c61298f1e5df1f8352fb0

SHA512
d664cc261113427810dd0b2d32763ddd08611a528fe6b285782d6b8ac03304b72a90fe7f3f7142e825ab8d948d5c9cf52f420546f3796b2ac23f3d00f3c17389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6486ee9e961a437dadb68ff1544d18a8

SHA1
05f4daccca0bc1ce73fe71ad2325ba5dadd3df25

SHA256
9a98b4686c9e90672a548c873943b3027fb111f7992263111d912318429f5834

SHA512
ee3659f68a46f37f340f98b85a7aa289e700c5ced2a4f0104673bb5f18cc82d1e9b838ec0278407213c6ed2073998e7aad78a7a39390b7e460c8e26dfa91d0e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
8abbfddeb89da1e68a823fa094cf57a9

SHA1
04a39d2c1677e4f68de9be32ea0636f5276f719f

SHA256
5b681573a4bce19cfe70e75bd21114fae3a6560b422bbb56c9884768afc636f7

SHA512
77a95087bdca5035240d92fde3949ef404e739e09040572642ad08386add01e2b7f8ecd55692963b5361cf0278bfda3b116bd5526e28fd8fe265cd7687ea2167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
1b924b2f59c8483853d8dddc4da8a2fc

SHA1
dc3b9e6881ea4d54c0acaf732afc65957fbaa354

SHA256
81c76d27a8c5b6aaaceab28a8be5589d58163ed9193fbdd158dc29f4d4138b3e

SHA512
f48ff0a308828d31c890fee0a4dd384b23461f07ac56cd8404c210b6dc9f24c1a66bddfc9589b871c8050ef695c4a1181fc519e3b1cc7a45b0857e7df63430a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6698d004fbc98087062584321a95c330

SHA1
8eb3352330849605ed8a3b071452d1010e1446f2

SHA256
6158e36408053f03cae5e598bf44404bc852c25a89e5adcdee28d061c5c3636f

SHA512
0d33d3ba81b75d3f1b0a05674552371ea7e4c45f53a7abd31c8c033dd767368344e5869b2d1d2a28b4c1df9f48cd85f1161344b6d3d0fe14e6d7b8d64786e0d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6ce432e4cfb2a48deaefd70cde836c1d

SHA1
1229c117f027cd19a747092e5944aa71f7e97981

SHA256
a490f550830c682b73523b77a25d04de80a20b1309ca70f2f9f54b4105b0a79b

SHA512
67e03fb261ef64b7fd2aee4e300e79d5ec9864c520f3eec56d84fd68ede9c5bd9230c116ad69eab59f48a9708ff8e08cbfeffab265fbb0d6e950fe968bb59e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e4007ec5b41eb2b26000ccf0bc285b00

SHA1
bca04492b5a0ded36dfee10d1b06d24e4f23b40f

SHA256
68ac9a2a4393a27fbf62e0ffa20f0a732b7fae68fe4ae31dc2a5d6bd33e39e4e

SHA512
b5865bccd8a7748e330c097782fecefc76913c6c837a8398ac8b0440a787c54642cc858d96e2d096e3a44e696662225953fac46aafdfe4472324a1d8342dfdc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
32e9f4c956d32b6456b2890e158fa82b

SHA1
ac60b8bc62df3abd10b5f55e9c4d8af36da0e809

SHA256
fa17e80f11f488de848a4f732aa2125bb34b55acd02560d1cd5cce020b8e2f36

SHA512
b52d338e31d8d5e62660d0f0ea1852253e5a7967f6aec01678471df2f50e2b4e624d7adca4a34c50185193130fe41ae9c8fde0494fcd826930089a1d47142242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
8a3317f753fcf5380a568fc114734939

SHA1
0a71ee7b084c3b249edae8cd61268d160305343d

SHA256
f26c76772ee6625f776635ef5f5f8a583809bc894d6c57da8c71166d7d6d5aec

SHA512
69f13fd4e0674ce423ec106b0feea2771f14ef295aa69d1ca51649bd76b5ded3a3a04ab96c2f54a66a18d38c31abda38880030e8e2ad0ecd0cf5692b463209f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
134b5871dd82887b35a789722b203cf6

SHA1
a83738a2d98a58dad8529a6601aa0cd313b07ea7

SHA256
461ec8ba5f1509cf64b399cda0700c5f9e19f2877b97c9c2c5c16d3751418e86

SHA512
908027982678cb6f2d384918e75acf30a75998ec622b3af7dd56384934ac2fb345dafd7a834214c138138f29cf7aedb41f397174fa04582cd3c297ca58d26d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ab82.TMP
Filesize
1KB

MD5
d1c40e73fd62df124c537e155f6cb8cf

SHA1
b63cb3cec3c1a9dc69005040862affc7619bb3ce

SHA256
7d1ad0efd7299151c0b9f984ad80921acab47edf24c99e4108a51e07aa0724e2

SHA512
1fe94bcc33ecb6a615865bf749481e902dc1371504f364150f67a71d1d131e2fbcd6fda2f67a89ffe9705d06244d971bd1ed879a4386b4aa6b1f57b835e88905

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
30da63d1ca56041258a209970547dc40

SHA1
3556a45be9b1dd4272ba82eb1c9ade56ec1b756c

SHA256
300228a501ddf1cfaddbed8c2e3f284c5b3e73c05494f2ec2bffb83b97fa4a5b

SHA512
b04ccc59295539263f052b38402160c4f418c96e783498bd4e61f62f6dda47ba94d4393d82e3bee4e3a17379ee971ae44d55ca0fe287023e0ff7091d7e0bcbb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
510585afbbf10556e59db129dd224089

SHA1
72eb77e57bfe5f59fa71cef0bd9fa4163df7d9c1

SHA256
58afe75592ccc6c7e56b3a3007c8f39aec0423574f1020aded64442fe78d5e5d

SHA512
8781ed44fb64b43b1b50851adaccadc4c30297270f7a4bfa2c624233a0d3d9edda05bd04adc96afa4af949a050985639f8e5c2c6cdf6fac61d8c88ae48372e18

Download Submit
\??\pipe\LOCAL\crashpad_1160_ATKEXMBGTJOFZYYR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit