hxxps://bonosbevvy[.]com/imEi2O7jwqr0/73384

Resubmissions

27-03-2024 14:55

240327-sapzvaee54 1

27-03-2024 14:54

240327-sabr8aee49 1

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2024 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bonosbevvy.com/imEi2O7jwqr0/73384

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
5096	msedge.exe
5096	msedge.exe
3284	msedge.exe
3284	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
4924	identity_helper.exe
4924	identity_helper.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe
1392	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 3436	5096	msedge.exe	83
PID 5096 wrote to memory of 3436	5096	msedge.exe	83
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 2808	5096	msedge.exe	84
PID 5096 wrote to memory of 1108	5096	msedge.exe	85
PID 5096 wrote to memory of 1108	5096	msedge.exe	85
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86
PID 5096 wrote to memory of 2032	5096	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bonosbevvy.com/imEi2O7jwqr0/73384
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd7cc46f8,0x7fffd7cc4708,0x7fffd7cc4718
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16612637499543846288,8601531120638365518,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16612637499543846288,8601531120638365518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16612637499543846288,8601531120638365518,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16612637499543846288,8601531120638365518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16612637499543846288,8601531120638365518,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd7cc46f8,0x7fffd7cc4708,0x7fffd7cc4718
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,323190531303908359,10159908489589740046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d71d685b67f3a4e6f48e68cdc9fbb489

SHA1
46e1a03d36e6415f6c66b16a92b135166a54c5fc

SHA256
04ff065c73e61c4181fa9701c86a8447be587c1368d2fe8798320dd8e7db4554

SHA512
d6fe042bfe91af785bb134ca7bd04ae7309e215dd2db723ec3ec1ffebb8c2483b20b02fb2f68c28efd67811de727faed37cf734041f1f686caf35ab752b49d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bbfc01f870f7ca19effbb574d0433ea1

SHA1
ec1de2ce0129368efb079935ab5f0c202d15993b

SHA256
e25a880e51247fc50b05a92faf59de6ef5ceff5429ffc59cc1df7b1fd4208682

SHA512
6ec47dc648bb9487b91394d192859f469f431e7105a4bb6640ba521b0b771733f8eecc6349f2eca3322e23fd525c7206ab13b640186e4dc9ace601de5cc90d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\933cc52b-43bd-4bd3-be38-36ee3921d1b8.tmp

Filesize
24KB

MD5
1c7ec27d94da04714401b9adf0b17756

SHA1
3e18d51664cd7c8036552c1557391ae0e7d3363d

SHA256
57be391e5772faf9845cc18c3b6c5e428c1181feaa56c5dd4c4d16472c9ebb52

SHA512
067ce3414a4fdadf8b1fbc79cd0abfdbde43e60b848d9f06e1310f3c1192ab2135347d570baa9c1eee1da941f70e66a85ff4a82fcd6286268c542c97a5f2ba24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
1218e76ed5d9ddecd5f667387bc90535

SHA1
5f6bfb7f43bfa091fbddd558ec9f91e003cf560a

SHA256
2600f475a172fe422e95be8d5257819be4915e4db36ba53f6a30f9776acf63e4

SHA512
48de8e9f140d4a420d217c0a81e6a180325bd3862f3d9046319a2acd5ee962f8278fd7c352445b940a6f1d80df0691ce255945a0a1149cb56fa27bb8deeafe36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
ffd0bf326a3f2e59f6858d8d180a8692

SHA1
8fbc8d961491c4c4638747022f80ba8cde9594c4

SHA256
ebaf24e57fe0f3017dee70c97cc084c3191b4cb65712802047f79c4b0e8dee7d

SHA512
9a093e02c31fc37f189d0ac06b1324f2568135e2bef9d30a6c85f0d78a7f62d01fb772128e35a072f11f86ae0e90e30b5e81bab492116ce9c3ef73c606a719a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
648651beb7fc13c8da03c3c5e6547765

SHA1
9bb22d353c1ad7508ab439e586fb1a3a5429a51d

SHA256
275a89765d0e3213928718e642621e500281031f45cda0af853da9de530fa6c1

SHA512
fc3abd95cd39890affb13b094e108376548fe4f1b538dba43c39dab219a26b18433c313b735cc67ac6f226e9fb9f930c102ee0c70267af889231bdf974b92a1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
0b0e0203ced444ce43a23b7f87401296

SHA1
43ca6ae371ac271111609bb5b7df966b7798cf12

SHA256
bd6afae57a7a519e9428a8270bd1bf521057095da1ad4147d7d274cdf4e1d9d8

SHA512
43acc545289871ae4e4a809ac36dd68023f0b59aea92c5f53ade83bed51e39e5dea092d6492369ff8783828fc02923df99a4d6bbc6648812d1e286a7aa63b132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
14c06562c5cbc651ddbff813e8e69da1

SHA1
71fd43679bcadc63eb910f03e306e3468adbed27

SHA256
af2f600c185f9a37017a6a85b3369debcd1d59dd6f626ea813f02da34b3ff349

SHA512
1f3cce8edf0ffe8ee8057b7e2e92989a7362f24dad86f212a431c0d9c78593d2168a196fd06461d23678215baad8f6a57290e46f7e8f232b7d189eb8f46ac907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
45c7b987eda944351fea69ce3fc81a3f

SHA1
68deea009ed19a41ba885ff4bdeeeb3ba0b9861e

SHA256
aa857c9c528203de18c9bc857388808f98fed3b35a09ab55f38cfaeddff31ed9

SHA512
3d31fa00db6ce533b713b53e25de96f8b320ef1418a954b6fa3abec6567d1319331f275bbdcc04372edcfb3392b935e1f5787b32cd9ed9036844c670fc2343f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
489B

MD5
edc1f1d6cfad2d8ce619f29d7f0e14bf

SHA1
d8796ca95e9b2358b4eaaa599361dd12076b45ab

SHA256
343aeba4534b7126d53b128b066e67a0ae9faea187dc2652c4857f6feb8c18b9

SHA512
45e2ca315f774d655d72d54a57b7f05de5d9a7655156864c24c95994d97ce8e7e4ad92d7911936f462b24fb130fa5b46468f645ce178fd52a41f33951703fb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
8KB

MD5
31a92515ca86133dab0a0db679aa5f7b

SHA1
e224e8dd058cf796f8057ae6e5dc2aab97536596

SHA256
545c6ffa8078376eb78567e04d4c797068c791f4c6b6f865003eb116acec9abf

SHA512
e4c605b11ee059767631c7f2fce899eca9181e49e13838b7ff6606f95917e83f9b7508f2b8e14dabbb3acca5c4bae7d6e9853b6c4696f9c059f864a911cf4bbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
ff02301021c4b566f76cec1f307ba073

SHA1
2619b5a4e11fe5ce195a22a78b2a669d0b54086c

SHA256
4a3d9335a3c9b3b4c0cf7e5bd87ccba703f8022116f7f7eb0a00bb7ac9089c3e

SHA512
c072230ea5f00d14a87bca36e9fb4e19d452c8ed86724e0eaadf2b208a0d7a4214649bba8eaa338ec5a83035cf12625a24735dc93f5f887ec22ec8243a7c2448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
298B

MD5
3f5f1c13cc3a8fb398f611889400ad70

SHA1
f5e3dfef38a1f6dcc691b38ebe91b2096d17857c

SHA256
0b8ae6d0e224d65f794b683bb9f36d195dd13173736f985b12ff4b6a75a7619c

SHA512
c480138ade46c55c9f9e505d5b72b900b65b48375a281d949ab982ab10296b8aebd1deccea6a20dad3a5cbaba6bd83a171d40b2e143d151a006df4030c7904dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f6983eb3f7e61554bb0d8d97011264c3

SHA1
57ff604ddb72759a6e02ed7d025402c1500eef17

SHA256
cefe7b0b970fc8eae8934a81400701457ed24cd92295245780ab6c911fbc9992

SHA512
524df44d211fab9772d1cbad240fac6739153a394d4f1706af57f991e0805b24ef463504f678a3258eeed2075053ea1f3ce7eb8e5e18e931b16f5ada138428e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
31289f0ed6e87f828fa0a379798836b6

SHA1
a2c94b99a0fcf30e93f72a944b9b014c4bb61c22

SHA256
ecd982224ec344b776bf42948bc1ce2ae6f7561c66970c93e332f5bb4466e111

SHA512
513d89d33e5cc27b49141bff7fcdf95fd88e76d7da1f758556e32e76dfc304d42d2859749a1b08ab3d52166d47da701f3d08b371d2e882f24d6480f3feaad682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
955341d26d74f144caa275ff07b19740

SHA1
4d3a9bc0a3918df17152ab8ccb5ee7530ea55038

SHA256
e45b5613dd70afa234637cb19a384d06bfff81364b3f290b1a4546d62c56e06c

SHA512
5eea26c60077ac811dc8a9f57732dea7c3cb0d369e3dabae65e455a3c87265ca31844b10b50d63ffd42b82eae0b02852c9d454719568f2314d9eda0cfde7b746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
713bb0a27ecae71b8fd6860b277e56cc

SHA1
0b9df446bec829000323bd8190f7c0a8ffbd05b5

SHA256
11b8321acc22de4343c630c3e089c7712f394ec3f756a7116b594482a01436f5

SHA512
2e3aaf64eb51365752f006d096cc5a1f04b846cd0f9128634114a40cad1ff2c7541aee50509e3cbf53914133bc3b1e0e71d9001517a29772eb2d6b4a398437b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
ade6494ba6922038a11d535896be3087

SHA1
c7f9f1d1ebbf3efc3beda9f1c7622c0eaea9f7f5

SHA256
594b14677cf9ebe6f0036c59de95b3657d6a2079fda8d29fffd4cb4663f4b072

SHA512
89fcf6c049f62de53cec3677afa575940cb8f9c046c62c595a7609f400d3496c7e9deb024101d68e38d017fe014aa6f61c80c5a27b20a571e1c5aa38feaade07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13356024902081717

Filesize
1KB

MD5
52cf2f3fda0c4a3ff6b396148f97c6e4

SHA1
9897b4c4e04e4e1490a9284392891cf49bba0766

SHA256
470e3c3caab21e1c1afc8821f3b9bb6f836dca72eff275870618e6d3d05963ac

SHA512
9a1d1381f427f374b1326665cba49dd813cb05253274ae3fc98c01360faba7b3c294ee26a834b83e666f17644ef14145f26a44a2b75a23aef7aac59d06aff50d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13356024905541717

Filesize
1KB

MD5
b32a5f1c97cf48877717d2f033d49a01

SHA1
958c492c68a2a05580e27420ef0114e670c97109

SHA256
d87b963779ee79d3b35f5af2eb85ac054021c72ec9ea520010a53e104ab9e15a

SHA512
0604adb51a8ffc0d64c0251c1bb126b7231c5cdb2a838e89d5f5619a1f0915a9ad1fcac5dcb121e18e8f8746ce68a9c4123db719a3974218e7c3747d69ddb611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
5189278180cc2ee208d45b998cfa9312

SHA1
86958feb4ce06c71d53bd0eb30ab02333f4cac75

SHA256
f5712c6f47b40f7f80665b510aa180cf987730bd07d9d725b539416ed7c4d80b

SHA512
548439e155cda801cbde0b76b972009dec1ce4bf0b0cc7e523ea3edb66b41d41e3bfe2ec50d941ab5080d2d4a09d26fd360545151c737b43c7224b32f59b9068

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1f065697e71c5dac68053f303df9cfc8

SHA1
2c74a519830ace610708fd2ec63b8354502a373a

SHA256
2f202d7d611113e49726b01a28e47254d67339c079bad81daed74887b679c145

SHA512
e49db28b663cc44e799cc3ff93df3dbf64981793256b56248e73bbdb342ead72099d86f61319117923dc83320bfcc0ec913551dd21e746972926188806dd6e9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
16c924dac80c5d69d65fd5377671e69d

SHA1
96c302f0ea877c91aed352a219c2e36ee048709b

SHA256
8d4ae9b9ed52dbbf6ba116cde576addc4e6c7b2460c38a8bb98ba98443437d7a

SHA512
ea46ff2bd32772f8363704e4e7e5401b5ea1693ba441f18655d61348022cc8b40d40eed549e64fa45d2ba7779bcf407326dc6ca18ccb5f6916b44cd48fbdbb4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
bf9218b4390e4db07953eaed0eff7a20

SHA1
21e91ef567cbd5293d035246856e3c605d17312e

SHA256
49b78d428101fb08800c5ef3096ca7975c3672e43c5901fe9af1df49436f9a69

SHA512
a784e468b73977179a2459817f0b8083ccf63a2661110b93d5d66b529c431363785000a55cabc0c0329c654fb5128d06ae0c67d45405fab49725e8bf9bd54b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
976dbd29024b126e9b8eac383f8c86ab

SHA1
e1980e109f44415937c93089353f6efc4e1507fe

SHA256
caee0123e9e665ad7bfc4010521e0d701ecc556631c171e46f2f441dd0bdd161

SHA512
83f2e661a47638da363410b45e852d540883d52e759c02291104c7094c4681f7ad59da25e212616ee2f82a5831d2e58c13c0b60b9b929bbaa067d58d292804a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
ff236c5e849b2caa02e37ecf46b2773b

SHA1
b80d17d309a7e1f0d06355a07bf9d317ad0d8484

SHA256
00f8ec7d85646e3b4cebf1f73508abc5a8ad7b013f238595b3c5f43538cdd642

SHA512
d24b0c182cc0a31c54cde819920ea081399f217561cb52c7e4c742cf95bfbf40afb353ca3cfb0767ef7137eed7b69b0f2614c9b2876c711557face16d2dfd140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
3b6c0bfd78d0060fb59d67252c59de82

SHA1
6d2a93348b1ec9f92fdba62f488dbb7a13aaee20

SHA256
65165a33cbf2115c420aea5173cc691c2b10aa3c7c4ee40b87dd1d2df9352388

SHA512
f3e949dfbf092461cf8399aeeb4cd3f3c74b0e628c49f90e19cbcb1aa29b177bc17cc9383d986002367db55708f55560f17021452d126e3dbd40fbf8b753b425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
d33ec32fcc01ca6fc3f0a3bc45e7f919

SHA1
c4076057e8ca5251db7dd70272517fcdaaf71a54

SHA256
5b18b1982ace03f97fb11263d524edb21925d9f32c3d13ed1230b316974af9fe

SHA512
6411a714c10feed3a2608bd11c7e0b235b21f54880703ec3251e0f7691ede4e825bcc3c287fb0c0cc64b7f1d01cb952a5d93d7ebfc7e535869eebaaf661b6b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
a11347e18cc848b4de0c99ccd26f7115

SHA1
ac261e30677d30d6e402b71ac959d212114662ad

SHA256
8e4d3f2f28e0b04a01249effd55aa21dd2d29ca4833075e94b0c630432eec31e

SHA512
7de61033f085a2c7f4794b4d5ee03e38930cecf3e3f80574762e0a9b62657746f61d7e35e8c08ba41f59770eb12c2a077d7e27389c16ee64268c921fe8459164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
4e015edeed34181ab25f44aed6822764

SHA1
23b377544ad0b60890ee8513399afaa9dfde8d01

SHA256
483407bf08ce95ed5276da79da1764884c3abdea75630c19744fafafd87c270f

SHA512
1ff54b6ed4f2b9a49a923a5de9e69eb6108e661aff3df8cdcfd7490b1f81dad3bcbd01c4a0b296bb3b94b9e3d4c17ecea8ca71b0e87b099cc939da62a995b1a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
26d663b1b0d0e22ed9eac024323c5aec

SHA1
32f1ba6aabd90be6ad89ee7d9ae029742569ccb8

SHA256
c1f49c4ee65365d6e8c20c7243fec520081334d7eb5ebfaf0736bb1b333e08c2

SHA512
08d2a9d271c14456c7fe8fa0b8d14b93faffc92f8d348dbe13edbfcaa0becaf5035aa58b583daaa23ef29a931ac6dd0a821f0010850fd9b747c3bdcc6436acc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
292a610ab6e1f4e13497bb9d8248f8fa

SHA1
a38e8775fac5debf7627dcac24dd3af9c819f030

SHA256
a52833e1356f6c32d133588833b0478ab2520f54281845cfdd3ada4027cd83e1

SHA512
27db4d1dde6013bbbfbd2315bb567cb0f3d4807815879f3778ac1dd3954a6cb8599e4eeef90b90159281655abcf2a0ed1adcb6e8095b4cf710407cf211ba902e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
be327a9c7ecd34ae4ba86d5edfb98e65

SHA1
a47ef39b848e4072b8e14e29c94ea1fb6b5af7ba

SHA256
9b2cfd052da6384e72290c875f97c5d2666d489eb143c0bc904766a7af8da2fb

SHA512
5a35c7fbda746124cc6366425100e9a238dd820df134454c4788c450238a7ad8729a0ea2d37d719926fc12b11a7b9bd4f99a0c4b1d96964ba68f020d90ff12b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
5B

MD5
ade31b8c10f6be0816160cdc30c23f59

SHA1
fcf2615e150bbb05e20acb1858e97488cf3fcb6e

SHA256
58c582ba1404e126471903282d2e44c05b3bd11e971b2d408460fa6265d8fc40

SHA512
bdfc1e5763c165ee4fcbf7b9cbb62373dcb373a25462be9a7d87f4f573ebdb792b7cb6e398ccfdd9092bd0fc741829942e39e94a5ce6c3f4939f2dd014dbd4b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
d2129ac1125c51efdb2ea331b5578137

SHA1
b99ef5a35e4845a87bca2e6aecdbc7860d476bc7

SHA256
30652e4b30f74b73a43b34643f763b442b8e69f48f2ce21cf2e71094ccf5de1d

SHA512
8c73f39f6f007108592e6a9b14384db1811bb3adec3a7931d7f46d4028ae415f543cd7066b8045b9ade6d23324c208607a3144cd5f018377b37e09f44b559291

Download Submit