hxxps://sidequestvr[.]com/download

Analysis

max time kernel
328s
max time network
354s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07/06/2024, 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sidequestvr.com/download

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
4548	msedge.exe
4548	msedge.exe
2236	msedge.exe
2236	msedge.exe
5072	identity_helper.exe
5072	identity_helper.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe
5052	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1660	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1660	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe
4548	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 2176	4548	msedge.exe	78
PID 4548 wrote to memory of 2176	4548	msedge.exe	78
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 4388	4548	msedge.exe	79
PID 4548 wrote to memory of 912	4548	msedge.exe	80
PID 4548 wrote to memory of 912	4548	msedge.exe	80
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81
PID 4548 wrote to memory of 5104	4548	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sidequestvr.com/download
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff30433cb8,0x7fff30433cc8,0x7fff30433cd8
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,12434463030353275918,14300281091593837455,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
893B

MD5
d4ae187b4574036c2d76b6df8a8c1a30

SHA1
b06f409fa14bab33cbaf4a37811b8740b624d9e5

SHA256
a2ce3a0fa7d2a833d1801e01ec48e35b70d84f3467cc9f8fab370386e13879c7

SHA512
1f44a360e8bb8ada22bc5bfe001f1babb4e72005a46bc2a94c33c4bd149ff256cce6f35d65ca4f7fc2a5b9e15494155449830d2809c8cf218d0b9196ec646b0c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
867B

MD5
c5dfb849ca051355ee2dba1ac33eb028

SHA1
d69b561148f01c77c54578c10926df5b856976ad

SHA256
cbb522d7b7f127ad6a0113865bdf1cd4102e7d0759af635a7cf4720dc963c53b

SHA512
88289cdd2c2dd1f5f4c13ab2cf9bc601fc634b5945309bedf9fc5b96bf21697b4cd6da2f383497825e02272816befbac4f44955282ffbbd4dd0ddc52281082da

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A

Filesize
252B

MD5
2bcad895bd9a662d5e32a3902cd991ce

SHA1
80545efb301467d360c7bbbde8e5991e422edc69

SHA256
f6d5815609ed3609c0c9b0687a63d1c2bb4a1387b4ab7cb13f319dfdc24053e2

SHA512
55d1bce734ea0c84e1b1a94a5d547851e3bf41c670c04d7633840dbe879f05f4b0961099c82bfb95cb40f20c57ec217092a6a5fa5ebfe76e6d5819cbb6581d7a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F59A01A8B782D93EA6991BC172CEFFB1

Filesize
242B

MD5
e174a72c7b53f6033a36208272097cea

SHA1
245a8549ddfa3a150720086cbec1f066f1fd19c7

SHA256
2657148971284d06fc4dfba32014f22c4c6578108fd22a70fcea896719938f6f

SHA512
9dc69bf059ccb8babc914555fa303bdbaca081459d69a2ec3190373b4b39f343cd8d7e7e30e88b5f6a22813b2d06dd641fbf1779c49c3f45d3dcd5abbbf01020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1968916c-4020-4cf6-b718-86274fe87768.tmp

Filesize
10KB

MD5
dc2cfd544406c869dfb2fc6dab516130

SHA1
c533e508d92c724dd17868efaa1aa19d2ab495ce

SHA256
f1b95af3e177370e7b06928ab3529425554a1832530d58e31fd6d4d88db59110

SHA512
c69c741b42e202d4bb6ef62d2703d808bc774ba84b4f4209e0967581955daf40247fcaf2c95485dfb5579ab82ead815a91ab800d95f3547c998381f937b532b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de47c3995ae35661b0c60c1f1d30f0ab

SHA1
6634569b803dc681dc068de3a3794053fa68c0ca

SHA256
4d063bb78bd4fa86cee3d393dd31a08cab05e3539d31ca9f0a294df754cd00c7

SHA512
852a9580564fd4c53a9982ddf36a5679dbdce55d445b979001b4d97d60a9a688e532821403322c88acc42f6b7fa9cc5e964a79cbe142a96cbe0f5612fe1d61cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
704d4cabea796e63d81497ab24b05379

SHA1
b4d01216a6985559bd4b6d193ed1ec0f93b15ff8

SHA256
3db2f8ac0fb3889fcf383209199e35ac8380cf1b78714fc5900df247ba324d26

SHA512
0f4803b7b7396a29d43d40f971701fd1af12d82f559dcfd25e0ca9cc8868a182acba7b28987142c1f003efd7dd22e474ac4c8f01fe73725b3618a7bf3e77801d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6d9728ed-c6e7-4a40-97be-f03d68ce1ad1.tmp

Filesize
3KB

MD5
45c128a1e1671f03aaba9fedfc320379

SHA1
2004ad1d454fd8ee99e4d74bd295c9ab3b3d277c

SHA256
2140519945235081395dd4043e87e3a008fc4994c9a719a55197fa64f5e45479

SHA512
50a17ce4813cfa2f8c47f1045c03f35f4c07ff6536fd03e9bbcc95241c104c94912f5cbfe0012eb3494cbe1360c2836c3e3598897c574afadb97a42950734ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8f0387d9-ac83-4275-a5ba-7f38e0e566f1.tmp

Filesize
5KB

MD5
8b9d55690ce6ac2a6d3384b4c893b586

SHA1
c765838f2102ac1a15f5d0273a020f0d69bf7c19

SHA256
4d418db8db10705d5aeb3847c5a5e576604466055fa70ebe7d6daf1aefa9f677

SHA512
b53899561fb2fa71952da4bd433d27cd62ed06b3dcd3061cbc0a1b5a7acfcdbc3bc4bed4dd1d7f2ce81a62b80c26f3092bb9f3523db3e0a9beb714b8ee65ee02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
32KB

MD5
0bd999c2c81bf947c534fbfc130b85e1

SHA1
73e080f025b01ae0450a041552743ab1cf452cbc

SHA256
7bef6271860d665d878fed0e709398a6026940a3a7408d9137e4f9f54af469c0

SHA512
7e1e0e37e6ca88d56a36b4858a7d1c8b0a550f0a0211802c956f4351053f3ce0d36cc06e0413d838c89510421ff4907682424217f1356f9b66ae567a3730c27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
202KB

MD5
6a16cbefd2e29c459297b7ccc8d366ad

SHA1
40da0213a9e5ea4cb6948f4a8e92b5e8b97e6cfe

SHA256
9462da5aa6e2a762b02a24b7305bac86349e5b5ea182d36fd6a163de550cde60

SHA512
6a9de0231f9987554a20208a89c6c802d28c57ecb6f9e95771c94156b65c61ac1e18298ce6d3f0559d3a08052845cc2014dab335e119fde731d745e4857b7d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
5a151c8629ccb25bc038eccd0c368c56

SHA1
d5d0f708b4d0b4f7bac53746249711d4307cbb8e

SHA256
c0066fd0de619c2083534f8021cde68c22314d80d4bfad44b91221d5cb992561

SHA512
279654d445f62def51ae6c69a07b64c57df5626a22ace3284aa17bf472103eb11dd7f66de97ddb9de732a42134c2937ee9da8f50d29c4d3fb7641d73289b614a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
45ee29fa363b89ef3fec78abf7e8d83a

SHA1
62489a86c7b3bd1a818b44bae836bdfef528a66f

SHA256
6210dfeff2d54e44015ee53a857d7e64558e4e69cf0e65f4731272becb6b56a5

SHA512
ac8ec134d94fbea6bd813e6b95d3f2de206de140774b44f768b7e22d3e947734139d0515f6528d221ea1c7d5e0e45c3eb8f24c2306360db5308aa3c5a65ded71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ea5bc30abe66a4006c6f075a0dd24de3

SHA1
57bc3bc2835ad976e1b9e40d0d3d9800cfac062f

SHA256
a7ec6dfd2c2b64cb6bce42fe5711f84eb6a616b6d0f073db26ee676050334113

SHA512
e889f8e5f903720059e1d8cc848e2731b1e34aafe22126f6ebd7b4d212d0144330bde9bfbe4707f88b9fb2ba79ec00a3e6089375b172e3b2aeb447036f1c0bde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4b2a60e75b80ee8aa61d35087e29557a

SHA1
a25934df24037e53dd2281e005acbfad2f7ba023

SHA256
246bbbd492624cb05eca81f77b9b0ad5d38ab0954db658437e518a3dae3f3143

SHA512
7e8695f41da8c8564632c38d1798dae33d95340a5583524ee30c1013de120c7302f2eb4e2403454c1a702eb4aae88b4f7792a0d4e34ddcf83cef09ca8f9f4d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95187c329bff7cd0b942896e7bb851d2

SHA1
d8ef83f7789f1f0010ed1adbf85ecaf0b19c4e86

SHA256
a1c950fd0c687cfde0f5408cf95cae2dfd3a29af1c6bf6275e85e1e401b6dea6

SHA512
3897fa7478dd7056ef6fa05a6b932e1ea03125ab859daa28f0d2a367e7b6d561d02e48e769af78dd83991ffd3087e1e9579a25a9e1bc5fab84751531c9937aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5e380198ff608ec0cf1d0b8bfecd0a3f

SHA1
6f61a5a9297a1ca674919fb06eb39c12f98c7615

SHA256
99e9244020cc9dc7269b7210b1df827227a9403b95192e432def1946b7245464

SHA512
8f0f4e8d01ed1b14291309cde73414d3018c2874eeb41433d295543f844d0b481765e0938acb9b3103f6c7c166353519b5e3bcff5894f25ab82c9db13ecd2ca8

Download Submit