hxxps://shorturl[.]at/foHRZ

Analysis

max time kernel
137s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 14:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.at/foHRZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4176	msedge.exe
4176	msedge.exe
4804	msedge.exe
4804	msedge.exe
2408	identity_helper.exe
2408	identity_helper.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe
1928	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

msedge.exe

pid	process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe
4176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4176 wrote to memory of 2448	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2448	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 1244	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 4804	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 4804	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe
PID 4176 wrote to memory of 2092	4176	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shorturl.at/foHRZ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba38e46f8,0x7ffba38e4708,0x7ffba38e4718
2⤵
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:1244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8
2⤵
PID:2092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5432 /prefetch:8
2⤵
PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
2⤵
PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:4848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
2⤵
PID:3664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
2⤵
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
2⤵
PID:2264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5312 /prefetch:8
2⤵
PID:1352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
2⤵
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
2⤵
PID:1512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3336 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
2⤵
PID:2588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16239657035615492812,17723605962360842942,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
2⤵
PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3276

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x150
1⤵
PID:3192

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
22bb6af63c7710354ac7070e45ac988c

SHA1
34d29d6b316e39ed8fb8c5efb42c4269040fcf1f

SHA256
1a70d5d3dfc04e6f5cfec1ceb06676039229f895f30007fdb55b043ed48ab4fb

SHA512
42c12820b5237caa5b4d5149901f84db6619a69e85cb869df06e07b3cad1b51e0c2d0545ee0129cbc8e7947fd8c2989def537ad2d58a1d5bf2c2a1bf60041ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
62677bdc196e22a7b4c8a595efb130cd

SHA1
bd2adf18caf764c8f034c08b6269d9693875f3c8

SHA256
b540616d7e73ff22642f4fbe2bea0f9daa2f1166391e76cf817b2a93e0bd41d6

SHA512
d23c3b9662eea6a75382242fb8e8084abc1127afbd2632f161df71a2aefaf223621511e1bf6229cf7e86313101a8d9dfe2f20e1c0bd481066e1969cd6fa75e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\81e7bbfd-2370-42d1-99b2-8efb793364e0.tmp
Filesize
6KB

MD5
9be3e896183fae87241acb11a34de0cb

SHA1
61d4b44888062f3d7915bb7d873e0e74cf1994ef

SHA256
a80ab90af2d79cd763e5aaf5c4c2a0cc2f8f105a5191ac2dfa76e66c4ce76434

SHA512
e0494891897f2faab96cce17c19b254f31c31f2be5b06ebaed91f67534df81a70e5e9d5d7a38678d76277ee4bbc3bbea33e4b7e46355d9f4e7fe7e430cd3e29f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038
Filesize
43KB

MD5
506116f7bcfe85d8590b10a1d41630cb

SHA1
25a5da8ea2684b3daa19e32ed639bd765a781d3f

SHA256
84b4e785dfc7a7af79cd02f15bee8b9c9b5ee618c5935f41a78c6cefa064bc9c

SHA512
71dc3ea41300dd0c53d14071ca41ca1bf1b8b5ffa7ed93db60f9663ab042058de1b975b907956e34b367a828abd05c2b7ab70bc024571d7a009a36613d31d150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
744B

MD5
6d20771a8ab3ad0ee43232677cdf49b2

SHA1
468896c64b8784b8a2067d3131fb796288f202e1

SHA256
a67be106d2d566b710f22c20c0209e75546e500d825445f4a6709b24211247f3

SHA512
a64e13da11d652df5cdc951560798d67ded564c36387596962bd21861494bd632caa5d212f2c56126df628f2daf8baf1bdd9a7933e2d84093b8250516fbc81d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
8ef2162d9873a5208e4872b0e192fc1b

SHA1
346d628e335b87b0c4c03e59de46022c89172299

SHA256
dd119d9273d12d773dd7909b7cadbf9521d6f629e1fac3c2da865844650a2028

SHA512
bdfa1217f81dc8209ba8ffb16efe0ec5a9f6ca290accdeabbe2209b7c073504622d2ac7a47dbe4611d320c86ebd71091e404f50db3fcb41d8bbe3213023a790f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
909B

MD5
37acc49c0ecefa891d04b62b1f74fd43

SHA1
d563fa8d3467f8013e9dfa93421e07a69bc7a84e

SHA256
fdd0df6d8e0a877110f48601f3b1b7f747bcbaaf8f880d1457f8cdcfe19adef4

SHA512
0424d73dfd306b2cb21718f578e4de98391b93333e4dd5d096b2a15a5222aa3e638cf39c874c22fe5551e3f70fb66fba18342d158ca847fbe8e71cfca5bd12bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
1e526ae14d5f7d05fe6805339233ba2d

SHA1
6b968947b9b075be744151d8590719831ef3efea

SHA256
025310edb23b4fb3c0d0fa13e4a9ce6b500cc660b17f91ea9d91231c77f41765

SHA512
b4ab4492a2ac9ba5037c791d1153007831af5d03c5e5ada13ac11c80af5ddaa240136dc830c2a0aa34ccda9820ee8d916244d679ebd85ea7d29966152679eaaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
32e9e67691c3dae4f0bd4f7bb1bd4111

SHA1
badf0214bb83a20d554f2dc3146ea0c1db2a4426

SHA256
583e8073bedde4e089e93932a0497f4a972c9b52644b4098706f5767b29668b2

SHA512
637bef8f9c8e8544fd94b436022b01ef7aac608d85f94dde45172566411be0715ecfb00ffeedd64c25251c6349fc3884e1049db4c4b10e8973e64bb80beceb5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
74a27d2b6458cc20ca3350edc7b10d9a

SHA1
53d2b72b731fc681a62c448b30924555abbe88d2

SHA256
3587b9c56f23e2fc2fc1360cd292a4da1dbe593a1e47ed6c92d9f4fec9dfda01

SHA512
4d61ad032d1b9e2e59ba1dde9746ac4e0741fb3843c2399624760e201d08f5b83714d4b20fd67edba9521b1de0546af87a585a5647728ef2f00de111377055eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
85363d2af7899fea7eaf6bc9e7216433

SHA1
f986b7f66b4b072023b9c8279ae993ff7a9ba44d

SHA256
4b7b68f3748034b442ef794e66567d1095368212b810d822b97c3f7fbd6be4e6

SHA512
e1b8e0759866e395f450970bf9a639fd524e36b49839aaaa8400c6d8cb512549ed11a5f2696cb3fae2b751846015c880fd11d1a0222fc6270b2927fb2c9d52c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
537B

MD5
e42896f1f11e245679733a9b239b6071

SHA1
f454b33b096a8c930eff70b5bf7f8aa66e98d379

SHA256
09f151357b56873c4ab12f6b9ae0d4b4d76031b312a680be26e76e96e32070b2

SHA512
b9ffffb6ee2be9d9655d81266a97de7e386cf31dd257640487875ae335eb188e25fbe005a83e9207a494e1bdad32c3fba8a3a6825c0036a96b79b8035a1e70b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
537B

MD5
6cf252abaa5b07c6d141555f52dfb54d

SHA1
a6413bec309b9b096c0dcb6ea9b8654b292fb6b3

SHA256
014ba0ef1bbea27bdce20cd76fa1fe719f1a2dd462fadc7a30d3d4317acecc76

SHA512
8627819905793c627c6d6a290c8f03b9b512057e444b12b17efa95b047e96b7e52a95b1d323fd68ed605175f2ffabe6629b18dcc488c4b905c1ca01ed5d26e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5889cc.TMP
Filesize
537B

MD5
0b1009f98545e1dfbaa742a90e3a033f

SHA1
24714bba6a42785bd435e1dd65e82a4ac503aa25

SHA256
d1f420933b61f908c4245ebafcc9354ef70c882efb87998202fbae409c325f43

SHA512
b7a6a2e150436a872b723b7429c22fa711f737a1e9bd701849cd8e7ac3337c94fd4aa0db7905a1b3bb3c411e5fdd7c31877684838970ce130fdcfc1c2f886756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
27c678dd6c180d642dd369e1458308a7

SHA1
ce0c065d8ff03fbfb8f7583a85713502eeb95380

SHA256
5b81585194553d8863dc44ab42065878ec17a502880895c7cd951211329812e3

SHA512
d8fb050a462f4dcfd24604008cc80be108e301b17ecdfda31be0c11871cc39e5a7b3f3100c24d40b9fe7d6026a6905a442498e95fb08fd99a573ab1e42248f21

Download Submit
\??\pipe\LOCAL\crashpad_4176_LYOSBOENSIIPWPFB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit