hxxps://u[.]to/iLJnIA

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2024 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/iLJnIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1948	msedge.exe
1948	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
1952	identity_helper.exe
1952	identity_helper.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4264 msedge.exe
4264 msedge.exe
4264 msedge.exe
4264 msedge.exe
4264 msedge.exe
4264 msedge.exe
4264 msedge.exe
4264 msedge.exe
4264 msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

Processes:

msedge.exe

pid	process
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe
4264	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4264 wrote to memory of 400	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 400	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 4536	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 1948	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 1948	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe
PID 4264 wrote to memory of 2772	4264	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/iLJnIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe101446f8,0x7ffe10144708,0x7ffe10144718
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
2⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:8
2⤵
PID:2772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
2⤵
PID:2940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:1
2⤵
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:2312

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
2⤵
PID:1648

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
2⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
2⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
2⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2688 /prefetch:1
2⤵
PID:5144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
2⤵
PID:5152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2478531636280648736,8341871695111624027,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3028 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
58670ac03d80eb4bd1cec7ac5672d2e8

SHA1
276295d2f9e58fb0b8ef03bd9567227fb94e03f7

SHA256
76e1645d9c4f363b34e554822cfe0d53ff1fce5e994acdf1edeff13ae8df30f8

SHA512
99fe23263de36ec0c8b6b3b0205df264250392cc9c0dd8fa28cf954ff39f9541f722f96a84fbc0b4e42cfd042f064525a6be4b220c0180109f8b1d51bbdef8ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3782686f747f4a85739b170a3898b645

SHA1
81ae1c4fd3d1fddb50b3773e66439367788c219c

SHA256
67ee813be3c6598a8ea02cd5bb5453fc0aa114606e3fc7ad216f205fe46dfc13

SHA512
54eb860107637a611150ff18ac57856257bf650f70dce822de234aee644423080b570632208d38e45e2f0d2bf60ca2684d3c3480f9637ea4ad81f2bcfb9f24d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
cefb2c4882ed14e9ad040a2e4a93d3a8

SHA1
8ced913c5fb32b7ba4010c3d95c67d1fcf968391

SHA256
c67e7eb6fca9f9356d8348e41c713df2a7d57eb8d1f6070fa8afc1cc978b2a22

SHA512
c92930e5bc33f8cc03ab000a86032d9d3f77df3dc43233c42a9cbfc23d67106c2126c70095d336cd8b83f73959cc412f84bda1630f286c8db1b05dffcaece280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
d2cd684919714b1803de07d571777f43

SHA1
e6d958610bd04578fe847d787e2eb9878026fbb6

SHA256
01fd01d50cba306e50dd96b3daa31472a8cf0907761171dae90e6f52d29476dc

SHA512
c2e877fdeca427e923488d80d9013f651f4b3773063af294ed1cf22aeb6fad304585e0b752be44b36821e13382c375fe4f732593951b42124c591280ac50881f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
776783fdd6f3df89a5f531dfffd8a29c

SHA1
e8fa78070468ccac7661d421579d4e1d034dfcce

SHA256
231c0937ec2eace18e5ab5595282729c997907c5fced052f6f419334d1c732fe

SHA512
1ccd1d0cb8e9e8c2874358d0ee8ae06f67fcca7e35fdc1e21fd50abf62fbf62ee480a4927d8828f24d422054aa655dfe4636f2ff559202dc46e001625b8e3ad6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
0ae8d9b68b69de6c83b5b5e5f7c8c204

SHA1
efd5bb6fa59e04efe3d8ca960c119834821ee2bd

SHA256
21274fdda3ec3204e7833dcb66a8ce46f7fafdc6320c5ea6b04a22a93c21f98d

SHA512
3e0061f2911ece53ada3aa43e46d0c8c17672092e3abb6d3efbb135be4b441070cbf163ece3c87f60872cb8671c517e7c9858f0c248bff1d79775f0b472bf0bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2b805c27760162b6a907070f947ae63e

SHA1
9e45f714a6a0929117f58b1908aa3ff466ca3685

SHA256
f64d2e791ad1e6692eb3e8a50c0dccba39e00d08dee1b16012cf565e94340c9e

SHA512
5848270abc4fd335641e5940511ac49edd065bb9e270bd3cc795714ad94a3f1619867677ef30f0c98ae758f0f1eb0ecdfe88b3811f6a80326258d9aec88093ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9fa5fe8020201b3eafaf914e6e93d5c6

SHA1
8525f0adfe3d8cea942d4495b794e9d5105b90de

SHA256
721e34cd5f8ef64c851a09d2d5b7f70ab51452beb064a01fbba189cd9e487ea2

SHA512
56030626f9acccad7b4fed6686464b0991b50810c51698f323a1599e69489c8b8515e3f0bbbd0e0f06bb2d77cf4926471b5d4eb535a6f31176880e81f04fee69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
08d57edd559b4d5fc37c35a127e565b8

SHA1
2200733c3e9a4b191353c5002a640690ee7d0038

SHA256
2a196953d457e079b99d815603669873944955a0a617bd67aaf787585d25d5ad

SHA512
d2e44dfd80726f6905fc81323a1d1541aa5777dfeed550d18f9152a487f15690e40452e767bc3c71d8eea3a76b8d84b21581eac3ad8cd086bc2b63f2b448703e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e74c2e09c4054f3c3a81822fa07b00fb

SHA1
acbace30025d683dc87e1420dfcc7f0f5cce1070

SHA256
40b03decbd02dbdb0abb35e5246f67067865daffe0e53959935293308f5382fa

SHA512
833bed466c3d3e26a3d4cb007b0684e2392d1299508d6dca00ec57343b2bd223179fd6c2f3afeb84297c85a33336044fbee12a0440075f5d1d54d39be90aeecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
708B

MD5
5c3fc7c4f2c9014a582583232b34a8da

SHA1
1b21abd809f8ee7781249ffa1ae6b6fd87d21136

SHA256
67f74123e3196d8c8f6f772759f7b35645233f9f887f9ff38cbb0526292c34fd

SHA512
1455175b0d50b03083d9cc3d084ef125a037d937cc58a0e67e8769391d8f957804979142f45c1bff3d147a9aef7fef615c51ec9313e9d0f3c1e66b0a3c85b8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
708B

MD5
bae2d0b6ca2d5ce7e8039942c37f9827

SHA1
be2b002ffbdbdf10558f5ae054e3896d149cff14

SHA256
09ba91c9f3bd1d795f42e04834f1022b57c3d07f61eed71a9297f0b33525253b

SHA512
536c1fc19d3e1148f1318ac1b02b6648c8b1affa3a5a325ea8c4d198b83d6510bccace91f50ddc4da927fc5b469da3f8ca20f31f2a78c4fe58d632bebe493d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e5ad.TMP
Filesize
372B

MD5
06f9a325c5346591b9afab08ea48017e

SHA1
2641c42d8cf28bd19ce62de88ec48764486269f7

SHA256
464f9e3ce98fd3c824905e83f81c79385ae9eccf9b230eb815af8de0e81f9805

SHA512
19c6943a0fa0c03b67bcb647f006b2b21e35d3834592995248d3b8df7b6a27743c514ac2d29bf724a9e48768530030dc31dd4c060824763cf8b780fa69f90fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
2c3ccca8c89163f6e2c67e1185805f84

SHA1
63400f7f4844c74299752c836ab27a133e1a17d8

SHA256
f0d4f46b3801ecb03042d3771f3311742e2dfe5f3830ee0c4c0a3054afe689cf

SHA512
57bcf467804249939c9fcc5c19f332a674fd27315db0707265481f9203f9d2a647e5d4e3e1503c78f94cc2e41090da363d5394557a477302cbc86b26b399f2e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4264_FGTTOKODWMQLAQBV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit