hxxps://u[.]to/fZRvIA

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 00:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/fZRvIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4892	msedge.exe
4892	msedge.exe
3420	msedge.exe
3420	msedge.exe
1740	identity_helper.exe
1740	identity_helper.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe
2272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

3420 msedge.exe
3420 msedge.exe
3420 msedge.exe
3420 msedge.exe
3420 msedge.exe
3420 msedge.exe
3420 msedge.exe
3420 msedge.exe
3420 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3420 wrote to memory of 4400	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 4400	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 3476	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 4892	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 4892	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe
PID 3420 wrote to memory of 1544	3420	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/fZRvIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe1ccf46f8,0x7ffe1ccf4708,0x7ffe1ccf4718
2⤵
PID:4400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
2⤵
PID:3476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:1280

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
2⤵
PID:3672

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
PID:3320

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
2⤵
PID:1652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
2⤵
PID:1736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
2⤵
PID:5204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:5212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
2⤵
PID:624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
2⤵
PID:740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7019710880125831369,13638995417366591187,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3532 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4956

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
9ffb5f81e8eccd0963c46cbfea1abc20

SHA1
a02a610afd3543de215565bc488a4343bb5c1a59

SHA256
3a654b499247e59e34040f3b192a0069e8f3904e2398cbed90e86d981378e8bc

SHA512
2d21e18ef3f800e6e43b8cf03639d04510433c04215923f5a96432a8aa361fdda282cd444210150d9dbf8f028825d5bc8a451fd53bd3e0c9528eeb80d6e86597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
e1b45169ebca0dceadb0f45697799d62

SHA1
803604277318898e6f5c6fb92270ca83b5609cd5

SHA256
4c0224fb7cc26ccf74f5be586f18401db57cce935c767a446659b828a7b5ee60

SHA512
357965b8d5cfaf773dbd9b371d7e308d1c86a6c428e542adbfe6bac34a7d2061d0a2f59e84e5b42768930e9b109e9e9f2a87e95cf26b3a69cbff05654ee42b4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
35e9ae6487f66b283e118000c95f98ee

SHA1
ec03a3164b78909dcae3ef55e68e142d1cd2e050

SHA256
282b235e4291ade1e0b409bc0e555d100a12ba67e330a0ac4cee85445b6a5c83

SHA512
de8ebea9a60e33d998ea7efa53d69d539b2cde9b0d2c67d62e2441316fba3849feead8a93a89beed1ee312cccca70679b469561e25d52023cf3754ee3f69ccec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
fafd90f9822e406d7ce1fd33947a4197

SHA1
ceb01a6b8a9eb769624e7de0c4fd8b2a471fea34

SHA256
252fae4a7230b743fa5008bc08fae6fb71a499ece6361f2b755d461bbc847de1

SHA512
cfbc2a2bbca01e0feddd9247bc287e75b9125c125b7ef39891e859d741d40fc83cbddbb341baccf4f3bbeba9c923f685780cf3f1d7a560c31d47fda8d118b5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
0967f3a019321fce61eab92b967eabdb

SHA1
1d3870f2933caf5029138c65b4aceefae5c1b475

SHA256
fd1c92754d3ab067a04a5d9322c1d61ab073aef3b6bae0a3092dd21a12e08f93

SHA512
b2629d605cd0e194f18ce5b429263678db957e46f907ceab81eb4dda8423ec8c1b8df61209421b683c854c681f111cf5dcf33cf2fea5b11d57c308dfd4af027e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
8108be265e44e5af68df2adf2fc1e47f

SHA1
cdca9314097feedb2ce361c95589e4e31416cb06

SHA256
ff1c82a5f406125b2aa4681d20a5e57eb41d57f9c50f4824fa45463edb085689

SHA512
e4f3610b3a3af886fe3e0aa7b23db626359c3ac10196aeafb55e8926b8ba14843aa1e99eb32a9efe80895e7b22222394af87a9875834caa351494bc7fe8e7548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
19b076f6428fd35f13326b2dcfd16339

SHA1
6f5bfdb896dd952b83a17c53947fc70118ef258a

SHA256
28d9c1f65a7470e8f7a5f94df41e74fb828cffb0b2186e4adf7771ca92fec5b3

SHA512
86e0a9f7b282117937ac62d50d7795497641d024f1830504d47b70248c0bd8fbebfd4913fb199f492040b4ab2e05006aa4e109bf1bce43c1644ef6bb1474e241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1dec9339be779fd6f24578d990f28273

SHA1
d5979ec3d3361ef3fd5562faaa172e73e805412f

SHA256
09d184d0403184880dccb6b90eeb6ec051f1fe4a95541e73324df5e6d3e0f9e5

SHA512
772e90619d22f9bfb3923d9c9339048c2a212898d0f144695f9d1abce0931f1121b5a49969183789a1110465fe34eebdc3ecc21f66efdd62aaa6c538492973c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c9aa9ae4ea17c1f639f0e33e1d9aacfb

SHA1
8ea37f472cf6d8562f8c0ad879ad4c0dc006fa55

SHA256
436432c482a0fdd91de6d8fbb2a0a48270293fa220df2e2a39d98a865dc367bf

SHA512
3a5e76f33c3cc4dba8d10a3e0b500925e7c635d49f07138fa08890448bc0f4772461e191df19f1fb0a2badbc75616f0b11c8b93fc9e79396756325f90a59edbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
3c1f9c6677ce99b584cff3532ac0972f

SHA1
edbf957ec3bcbd136284ffce37ad3a593bc436fc

SHA256
f02e2443654382d7cbc2c451a366c51fde4f241cdd1bd9c2505ea4274888458b

SHA512
cf1ced6b6a69704751aee5ddef6e26a68da2dd39d84721c32fcbb7819ee75383297514c95b50464748f8de5206ca6f928cd55b0c8fd8dda059cdf96c9b7f0bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0980506e5c6707df4004694efe8a34b6

SHA1
256024bceaa089bfbbd58f5fe417cf21a6c98878

SHA256
8a00dce141c60f63b4d95d15921b4be4385c8fc61ac5b385f9ca2b526dfd4e2f

SHA512
afbe704773714b1ce146c7f5e074b75869705d1fa26484145bf4748e955d34ae5a73b4699d07d96132960809c6de652aaa79d438f70e4031ab4f4662e333e221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
f523f4dc64426c0644c2a7ee424847d9

SHA1
67edc88b75a5343c4172ddef77cb5fdb28d27b35

SHA256
49e467e75a7a354712ef2e03815ace7ba3660428dc84f911875c1cd73508c585

SHA512
c12c2ad7c16cd05f474e65f33f28a81db08714a9f31c95d086be5db43966a45576e0484b0dd1f7c71d9ed6bc5600a3c2789869d41c96fc7dfa18af43aec8aa85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f8d7.TMP
Filesize
536B

MD5
0f49116c29f3cb44d7d4410500c4d599

SHA1
f3b9b7089da79b2b764e11f8f5826133dda46e73

SHA256
a641697fb50a3c9a4b0f3f2f25ed02bc0fbc0df12861b466c51c40a72ff13102

SHA512
ba96c9504e73ee6ec76041c7eb483340e23521cfad96ba3dce4800b35390350fbc60e700d973b841b52f751e605740e0746252f1046f9298972b889d3a8983b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
294d98086b42691228a9700221b6016d

SHA1
fd21fade7afae33e42000839a91a377536c22361

SHA256
f5cffadaab9e299c386643dc4417812abb7021ffd0cfe158bda22cadae582a6a

SHA512
2683283bd292031dc699a522f71db77363512a39b3d97fea74ff3a7d4e8c2d76d301e6bf4b23a184ba8c57b8842e217b15f57034ceedd5f6adc47511bc8ef752

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3420_USXLLUWXUQTIVLQU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit