hxxps://u[.]to/Xa2rIA

Resubmissions

13-05-2024 13:35

240513-qvphpsgg21 10

13-05-2024 13:33

240513-qtrlnsgf7s 10

Analysis

max time kernel
1171s
max time network
1172s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 13:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/Xa2rIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3524	msedge.exe
3524	msedge.exe
3112	msedge.exe
3112	msedge.exe
3920	identity_helper.exe
3920	identity_helper.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exe

pid	process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

msedge.exe

pid	process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe
3112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3112 wrote to memory of 2344	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2344	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 1640	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3524	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 3524	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe
PID 3112 wrote to memory of 2300	3112	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/Xa2rIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ff850fe46f8,0x7ff850fe4708,0x7ff850fe4718
2⤵
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
2⤵
PID:2300

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:1
2⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
2⤵
PID:3752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
2⤵
PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5348 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
2⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
2⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
2⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
2⤵
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5568 /prefetch:8
2⤵
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
2⤵
PID:2360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
2⤵
PID:3328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
2⤵
PID:560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6192 /prefetch:8
2⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
2⤵
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
2⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,15039131133300447263,847073068388857091,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
2⤵
PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
88KB

MD5
13a6d74ad6b98b7194ac1e2bb91ebf9c

SHA1
f4e125f62cdfdcb8774a8479ce7ab070c88815e8

SHA256
57f0940477fc9fec40f298c5dd6135c961d947d63375f0303b445d22346c8930

SHA512
155e22e639e7eb54ead79ac114e5bcbcd1169359742decb7a62d1172cfe6e8a81002fa28c1a68ad80d9a6dcb1da77de4030207ce3b756ed7f2ea7f5cbf95ca51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
89c273b0fcf1b365d82d2f06049b2906

SHA1
8780e6316dd21e78039ca22ddefa276a0abf421f

SHA256
c38a68bff2f09d4982488df28364e6af582f6799b32bdc85ed015283b8188d73

SHA512
f4338e459fc2d1aca040d35424a0a9523fc55bae62ab92737b2fb36749ae0c9b07685dfc8209e9d4ad08e612da597edf1e0c1f51f769df096c68e831e2c4ba5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
d23176915dbf63ae0cfd745b4b2d1944

SHA1
8eb55cac8bb71ea366106b21a35f367119d4f3b7

SHA256
e773b72b6cd90b57a668d68c48c4a7fc6c8d92371aa3b1c1cb5c85cb2c27f26b

SHA512
f45a75b866547ecfcdd871ec3071bb76731e7ee1b7b2c26a6eb671a91548bb50883e5ee53557af5e04a0f37a304aa28ed91039abba71d287420ef30a9a488cf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
875B

MD5
3c12c9108d26c4e3ee0d47863452e41c

SHA1
e9a95e1e29ba5adab7266270e9455e96acae5c5e

SHA256
ed13817020d72ee3176972cf472e28b49874ae4345d6cd22d55d1211395a2bd9

SHA512
4d6fac0f67b4ad7280b3de1993aaf6022e3dcef7e6195ed84ba73958f9b89d6a473f010902a1bb07d6059d0c9efc102faa508a8db98b069413d752a7644db400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
955B

MD5
a657298aafb047d7099594a81e8df8be

SHA1
95b6ef2fcc775321cad47291c9e1ce8a854e6dc4

SHA256
e4215bc2bacc222b7f59b026257fb52c094900b3394be29b2976711b10784475

SHA512
7d4856e088a0ae25539b537242b60e5d749527de79e5b78d9d7ffe83dda78a3fc966291d9a1fbf4456b22869da5e9641b8c39e3787078ab616a62cde18411faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
9094d12e87b2fd30648a5d2e6f523340

SHA1
4909b3252f4178c3917ed2a1457b0b4de84f404a

SHA256
15e0e00c7f26a2f01d57400abe1122e351f04e775fdf6adad9b614ac2bab4a83

SHA512
c5147cb00e49d2eec155270196006c50a6681087ba78d144c5fe65ee42c6a60ac77198d4ebd9665ee97e3c8bd64b7394442e6cbba7ded903c2cb33ef9d8648c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
955B

MD5
080a7a187f2ad281444f6fdbe4565659

SHA1
dea81fc183870aaef7ff3ffef524fc2cd1693269

SHA256
03a3517c0aa99815100c5343fa254b1275c422d42475f2c372900928014a1121

SHA512
6f750dc4efd0264b27a5c240906b1fa8ab5ad3e0b252ce5d8f2e7a7b4cf7cf31dd114b808da756f965c75e8c28b071f89fdd488a2d72cfe35e66d4c0f6be3a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
955B

MD5
f188bf581c6515554bffcb51aba2e9df

SHA1
d5d4442e2327c9982f026d64389dc87f18b4cd3a

SHA256
6d8fb3dba7bcd76db836b19a5a2de40d5282e43fd11f73884304e730e4a2d2c6

SHA512
8f171adf39fc369bf7779680ef2829acdf29f3c0b6fc1ec6e3661cce8175479f5ed4541eb80b451067b9693f02e9b8344696a833a34a2dc105edcbecb5e83b8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5e819d5df3e1914e47c5ac5c282a6839

SHA1
5aa4307c57ff9522ce7f967e7e4dca95f9e1a711

SHA256
9ddb4bc0ff41e438c0937b71e7602a5be10e01c6676d83c391e0027994ec2d97

SHA512
403cb140ee090461aa1a3df1b94e62b6219b6cd8c8c50a5e9946e920661373908342150ea8e14256ab2aa3d7ed1bb950d2f59dd76729c63093b9ca2f4b65e17d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d7dcf9e7a90bc67152f8aa0b62ee35cd

SHA1
cda821d7723e17220f6cd941d1685a9c0ac0604e

SHA256
2790c8788d02da0f5d87272cbc29da986d6dfe1f5704d126cec30d3ab1012d01

SHA512
8765eec810aed69721271b0cdd429d991ea2039062c66012c04f7c7aee41402d89f42c05abb0434c243038c29d743160ce122eb2802dff13320ccb43502b9ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
ba7f274837866d5ba8292064a04b763d

SHA1
897d924ca1384dcdceebf56862adc866184c091e

SHA256
5ce19b7b80ce5e614d9552ec90878b3cd63150618764fc6cca1d2e72d44717d2

SHA512
1582679ef979edea3f366f5b7e76c886a8c1a3a88a0e6d4c1a8145f99adb8d92cacdd8b8c78d6e14480adca43749d753228886b8c26febc1b39f9d1ec7244a64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
09fb6345875a97d6b161e2d1dfb1ebcd

SHA1
3a9ef404f647a9dd6ae96121e650f9d3a891b175

SHA256
2624b23fd259f4da96d3722d28bf875437d06307e0d5ce0c9d89a9979c0a0254

SHA512
52effe18f0a12ffe93e458e2c9b2883f5149d26249a028d07ca98e353361aa4372b0014bec32d3ca6cfef872ec55cb48c4f4909ec7776467530fcdf3cfaa3d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
1f25d0c1f16ee873f208c751d3a3f8f6

SHA1
7566c9d133a6b1699ebf1a16a52bfa452ee65ba7

SHA256
e888cdb7210456aaaa119a54619090fcf4f77947eda2cd06183091afd88caecf

SHA512
a0aedfbd27e9a649b746a26d159a25c91f0763042ee443787f7cb1fc428351469fe19f01c1bff0741dd83abb901f20b1f852df0a85c2b4da5d4718436183a9a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
3718c43db72701398629b4c2a5adac60

SHA1
9dacb11792f90ff11ef82d825bbd743f723bdb14

SHA256
9accca27dd4643db1876b8563ea05b36435fc8e7cec218471952507ca0e1ae61

SHA512
73e0faeae874ffd37d9b282c48858a63042fc1a0551997f0a534087b1e795b23dee5b0c3b94564677115f214dec6765495b49d08f65ac0e208ea0817d40ff051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
fa67f23588769bf90e931e5bfffe2198

SHA1
cdced0ff6415fb90af4783f07c98b8b6ccc07b3d

SHA256
7c3fc89c5262f6bbac42d0747981885e1f6d94c8ba1d980f955733770403e3b4

SHA512
90ec3d9f1a19e8fed17c960748a6058751123defcc2b65aacec79840ee5d7b7dbfa052e490a67307c22bbf871a0df89884da3e6ffbc87d02eec3a3bcfeae6f8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
906ebb7aa40dcbfd55bafba57a21e4cd

SHA1
7503d239a8670bb142561f408b001a1ea1177a25

SHA256
b02ac98e81176e87c11ef878b96cc62a73a7333cdf976e91f2ef83e39cb36829

SHA512
a6f1c635c9e9407c8a748b9b0f14a2acf9229913a3b910d39489db7df44ee5071b29aa90cee8d6e7c328cbd4622ce282c3a7eb63dfd59407020cdcd7a0bd27b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595bb3.TMP
Filesize
540B

MD5
d5b582bb0051bff889492618128cc333

SHA1
49a33c8e0b4e2b6c27a23de61dd8ccd82239c15e

SHA256
6db9c24b17ba1fa4ab9c664327a358239fde0ad3069a1ecc611577422cd077c5

SHA512
cd0b38533945cb5a882d96a7eb82205699330e5508838a3484ed39110a2833df0c50a9ce7afcab52c22784498f270672b51f5014a52acaa35d6b1ef7278b8894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
fc3816a065060e5d6b960bd23e67e132

SHA1
9b17e26ffc147aee3d6ad5693ec55eaea63baf26

SHA256
922ae5e584e4579508da914f8f478db7cc7ebe96927222cfc94bfdac56090bec

SHA512
c16aaf683146709e2d6c5598db8b416e10d6b7f3f6925ce78fa9bbd73b19c9a26a6204071419671617c45076125fc8bdf9ba1cb585c44f3d052c2fc5b13ab361

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3112_QKYGJYXGROJZDEBW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit