hxxps://pub-dfe10178e667487cb0844af52c944e4e[.]r2[.]dev/index[.]html

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://pub-dfe10178e667487cb0844af52c944e4e.r2.dev/index.html

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

1300 msedge.exe
1300 msedge.exe
4908 msedge.exe
4908 msedge.exe
3776 identity_helper.exe
3776 identity_helper.exe
232 msedge.exe
232 msedge.exe
232 msedge.exe
232 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4908 msedge.exe
4908 msedge.exe
4908 msedge.exe
4908 msedge.exe
4908 msedge.exe
4908 msedge.exe
4908 msedge.exe
4908 msedge.exe
4908 msedge.exe

pid	process
1300	msedge.exe
1300	msedge.exe
4908	msedge.exe
4908	msedge.exe
3776	identity_helper.exe
3776	identity_helper.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe
232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4908 wrote to memory of 4880	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 4880	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1524	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1300	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 1300	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe
PID 4908 wrote to memory of 916	4908	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pub-dfe10178e667487cb0844af52c944e4e.r2.dev/index.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdab7846f8,0x7ffdab784708,0x7ffdab784718
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
2⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
2⤵
PID:916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
2⤵
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:1908

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
2⤵
PID:5896

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
2⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
2⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
2⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
2⤵
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
2⤵
PID:2688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,17977839583531746343,11190209074651366165,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
b7d7a61b6ffb7551b4bfc0933a85d9dc

SHA1
8d6076e53e453da1b3d4efd679ba75e30d9f2726

SHA256
ba1ab108e2632fd699419566737f2adf386623bd08e6d8e51590524ac13d7b8d

SHA512
e72db19869e1776ad47d59fcd134412694e340aa6b7605744bf1bc0f701ee04c688f51454cfccc7f8064ff6383558e9e2a4786679edeb7eab4fa6fcf1c92f316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
328f27db22e730ecca1cfc6943d9f7c6

SHA1
9b49e55d5b043cd900d16f1601438b8aded0a46e

SHA256
d9854b59b7d4ff0c150492165bc2e00119760e07ee9552504ec81f3ed6ea1d83

SHA512
99ce93ce5f898fb6099c9d30a9f211e13757f9e8e2d81680f7fa2897fe9bafcf6997ce802c27d9c50f56490399038b9f6091dc5cede73d508c767fb0b2b7bf2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
259a7608d8ff06419285bc2143d05f88

SHA1
6726ed807cd45344e73b44f48556c39f7411929c

SHA256
1311ac0fdd6ff9424764a14de2e6ca52f6b10122c053a11e24f17929793aa5af

SHA512
ba25b9a7b0d663f372f5da3e5184ce9eb9ee20d9f0988a188104a0119f7e3117097cde3cfa5c8be7658598fffe516a746d1a47d12702ecbbe8e055de4d3a9717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
72147b1d8e959a4c0f340483e0d34196

SHA1
313cd3090048afee879294e4860b1fe0345f0672

SHA256
75eea7e4bf41120c4376852e8cc66200758995bee28210075699d77c2e8960f8

SHA512
973b8e20033d9a298e0cb08bf56581dd9c8183945ac5f5cb8cb323c7cff1062ed4ed1dc8e783d2e9ba4d2872b90230eb4fabb21d6be91d2c085ecfe9c4e99dd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0b1d83c304d13c3cb26dd57c9c8269a2

SHA1
0f71aadd852c398b531a06a8f72f8700b726f61f

SHA256
af018ffddbfc0edcd192e3d98375c361ef93d75e6fc6649c26da2e15cce867bc

SHA512
c4d05e312aaa0437694876449620fc5898fdefd850d9472cbb954f04b07ac303a34e93bd2abba4edb0d7f0c72e116d209c3d31c3cb914a41f9b4851619b72b14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0a00bb683922c684cd38f25246db99d6

SHA1
7daa8b6ecd8f49148115a16abe04b8d9ecd72ec0

SHA256
19e3612072c8eafcf5c1c7e76fb5a73e793c2e03bdec301b537ea16158d33a2c

SHA512
8f448a083d2a7a2357337f90f2d7a874701c942c73fb08f74e36d849d9df554f55b1fe8d604b93afd44dcaf6f2c52ad78587f331716fe2628cd59fd2dacb1441

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c57819266bccf747ea974fd7e5221cba

SHA1
40ce82dfa3817a52fd27a1f185871d59d228a6e5

SHA256
6874f62bf9b5b46f635f26d871f4bdb0fc2d5fe5827103c94aafe846df2e5581

SHA512
8bf13b5faf7f4a3cbe34f8c76702c739f061d025ed01ee153c6a4cb53a097b6f024f6120a24d4dccc141a556624010108068abde2d50822c2121d1f99ea30f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
89a4d5d92aab94736db9953bff63df3e

SHA1
da9c0992b11d7c9bba199c7e049ba894b56fd2db

SHA256
d3fea58721c3520ff88b80c95951cd9d889ce48c43c0ce63ec18a3423fbe79ce

SHA512
d82c81283fbc4aebdff35fa184350409e4fb68f6c5a67f69f1086df00c4a07662e170b061b59d4a42572fb8e63583f9c5ade7dcdf1fdd38645671bf6e73b9125

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4908_DHPYYGOKBHHCVDPZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit