hxxps://sc[.]link/XUBF3

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-06-2024 19:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sc.link/XUBF3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2064	msedge.exe
2064	msedge.exe
4524	msedge.exe
4524	msedge.exe
700	identity_helper.exe
700	identity_helper.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of FindShellTrayWindow 38 IoCs

Processes:

msedge.exe

pid	process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exe

pid	process
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe
4524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4524 wrote to memory of 748	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 748	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 1680	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2064	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2064	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe
PID 4524 wrote to memory of 2020	4524	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sc.link/XUBF3
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef99446f8,0x7ffef9944708,0x7ffef9944718
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,5341405754313855007,3837211326336338043,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3940 /prefetch:8
  2⤵
  PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
115KB

MD5
7182625f91e5926f67ee82aa9c27b913

SHA1
76d855e5571beb6db20d6b9d91b4806b8fcf4f1a

SHA256
9aefe44dc5853ad583503ccf23e7af036974b4622b8a5c96cac91722b2c2d937

SHA512
3f3b80db28c23a061df4da9f5c8374e0703541a66c355fdb61e4f35586a627a7adab2627c9c2ce39c97a09c3c31fc4dcd97f2e6cc3150f45f24902c68a7aebfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
001e5a5a4d5c850cb60b6edea40c0f42

SHA1
cff767451a81de8ecd790a901f36ee5c0c73b558

SHA256
15d2bf57ff2f4644ea8775bec7e19dc816500dfc4374fbbed168c9bf68e3d3f0

SHA512
a07e11eed479e01bf639e89dc9fbf962e23f5cf16f3bf89668d5ee2d423bdf2e40364a53b06b1f3abd940eba49429b5256e996f1d5b3286387f8c62fd7fe70cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1b1fdb5b85f0719fb8055021392f9563

SHA1
8c0d4f226d02337cb05f80865729ac16915c2d87

SHA256
cf8017177f2b3522556774f1323a05155e6a35da5fc2aeed9dfe262d73335d1b

SHA512
c82bff37f0be50e4068427867b816d32da034d317ff3a55f659f9540f29a3d27e79f0fbdab1b35af164d72136b47f23fc975d87eae34206d6995331a13dc12e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
a04e93c39176ffa4f1bfffc9219d836d

SHA1
11b1c6c9cd354de1603cd210421adad29a6a8661

SHA256
cb2b08aa16ffed7c6e0fc148d4a05b7fc4c605d5b519b4b814e0cb3350e36bf1

SHA512
06ec41ddad371b73a750091fc14ba194341666e5e18578f56c7e6c2b48a9c5dca7f476437100eb9fb65bc5d868195d56d3ea19c778b32d6ee668b40e61ac2c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
721B

MD5
e4400b1933c46dd89960067785a7eb15

SHA1
df94feb74a8fcc366822f55be4edc9293f132689

SHA256
1328b653c1577bed8821a7e0378d5c397adc6f37490987564c7a1982d8331eed

SHA512
11c1cebaba733f0228411453e68fdb3ece6c8312070331eeb0acb8fafd734862e3571ccc604eaa6984852a171b04a8476b205560d2bfeeb2e11110aac6d01d52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88252a48c6f0a22318369e81a938cf95

SHA1
eec7c70779a14b733337666a32110c1be62a2dfe

SHA256
d388e0d6cb62a7b3d95f41be2d908ae4711a1792be86085a32b2b23f0c50f074

SHA512
d545e5b65b8d84d8ccdf5701f72e89175014e87d015c07b66b84a04a56e898e32c1323edec14474d1778a585eacb9748ec802c3aa6779d9ea8ad6209c00790f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
77a6fd0984eb8748b9784aead1f29e2e

SHA1
7a7605b31522691cbbc450154ad45d8fff827e4a

SHA256
0351d6b0a35bd32861a38dcdb6855eb3b968191e0c3cb4714ee10338cb30d7aa

SHA512
302db0992c1fca27a94f7290e3496d0bed62fedbb2ef7e996aa68f1a87cb70b228def77cdf00d362d13d505e0b89d863900bb449a6e6fe10e99717a5596dbe82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
480faf35055a9b2cfc93c2bcccdc5e3b

SHA1
c8250a235cbf2a06ce1dcf3d371c2f50990ecba9

SHA256
eaf97f1f3237c9cc05daaecdc1619ab7a81b2b69b3b89a1ae9d8ecbc90df2e81

SHA512
fd2b387c0de75b3e0eaaeb2feaf28a599feb412aab24825a1a4b4fa98f4c197f15654162c4f9e7a115be32bd1bfd936e6ad1565b0d5be47543d7cd9c68f327b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70d605d563fa69bdb5a4499e6326c956

SHA1
c9f5083adcbabdef9b27ec1472883c01f300cd19

SHA256
bf74a59b6c5defa5d7b3e1baf44c89a4d6da05c2c20b9993fac22ec71bb45dd0

SHA512
490c9863dbcb77b2b4557453350433bec238f79f1fac90ebafbc72d37f6696d7ce8f4ddae40609c942193d38e714983529efa42719258179c06de2054e853824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a54650c0570e3adb2a00cb3d2149d48

SHA1
ca8308eaa761ea46733b36f696fd136d84ff571b

SHA256
96c62f23925cbe6fe0b83964a1a8f3bcfa70050ffa1a3070f65cd3e21d7339f7

SHA512
8e0f750c1cd0c69daa6b85b29d7e5839d1ebed68ce1a71027849af1c3e1b3823c7c69782214be67b8c14059841ad7eaf0406120dc79f940f9fe6ac81b9ffa6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d6b9c09ab4fe387c7d21aeaeeb4bc082

SHA1
e99a47f0c7af9105f1167842c370aae744b8aa05

SHA256
61e0be4356060a60724d3109a42d348abebd54ca51f2e11ddf36a26149428beb

SHA512
bdcda0c9f09a6fdaa2c9c3694de894db64dd7173ac0e30d8491cfa433680d66fd78808f61f665aebbf2f70b8bb5a5f386046249dfb3dcfece552f96750e98ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
289b3cc9b81ced9ed5912e16cff5ebb1

SHA1
4e01a1b00d5e796c425e019433988cc9c2723374

SHA256
b8a44262680bda77fc5932e68986933467fd065e89ef2af671848a4ea53ea1fd

SHA512
0fbc5d319ab8ed4f16f166db36be8b462fd8060a98a01a9b34d4eb66c9cb6a241791ff318b82799d3d721818a69dd0ae53d7b7fb6cd08fa45cfd59aab194f485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bb9c40b07882613b3c690129d3081991

SHA1
2c3184ebeda3948ab6ef69c542f46676bd132412

SHA256
e66b502ec486c31c17e4be515307e0b995fa7e05a795afceb612da8ab0c9e9f5

SHA512
511dcf1aa76cd5ed8d03a898fc0d518a987536cccfc9c58a4fa5da2eb81362b8bf86a9d45a6845faad6f6473948f81d5a9f6576cb7379be79b1474224ade6b8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
49470cbfe95fbd1e295f05f2b9ac456e

SHA1
2eb4d51f793ce58ad4f0502c90edd8f1b7f6e159

SHA256
339e5753093fa1a83f0a606d98de4b2fb11654cc96123d31a23aa8cbf9a63b27

SHA512
9565dab86ebed30f2944c3fcd1833ed3870fb565cd24bef1719db884437983aba5f46813326b6aa43e1cf6f91b6f1629faeea467e940fcfaa6d90b675ff5f319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582083.TMP

Filesize
372B

MD5
8d01ab05c9c352d5bc127f4b3efabc66

SHA1
a1575b201e45dc9b92f4f0dcaba3e84a96bb63b3

SHA256
1fbe308cd9f79ae554c70636599c8e44de009eb0285212cb422d9e1838028e3f

SHA512
3ff86975c961ed20d0c76f250264f07fdf641f61a37968035f49b993547546c57591f0b7ca32a8dd0673575b2ae2b55bb0105f07da54958bdb89eccd3a867c57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d59fa170-099e-4522-8877-ab2a7db53f45.tmp

Filesize
6KB

MD5
47b8c313e4809acaaf27b00aade72702

SHA1
0931be6c0aac47e66f3af5a669684166f7483304

SHA256
49bc7fbb5f3ec70e393054e08dad8c65fc8f49617fcfed6b58398fcca824cd94

SHA512
0cfd3f5c3da139a57867e12fec058d3aa587d7cb53cf8d37e84d42533650384e1d47f4c1224deca6c698a05b453cd051dfc2eb810014319c3a3579796bc74028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6fe9ef096e82516cc7a1f2396300339a

SHA1
cc29259783b81c6a5741fca0fb580f240a96fcbc

SHA256
b735cdcc94696b26e01181070afe5b4879a7109ef7631a4fce0d331ce510a6c9

SHA512
6407764bef3e7e0b66fd6ab2491d3e3787462b8a3acf2f62c442351cc112eaf3ff96045eccfa1dc3ed04c5ad3550f8067c49ec440ce6f3013d60cca13b31d272

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4524_RDZEIAXCEUAOCWWG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit