hxxps://u[.]to/WzjBIA

Analysis

max time kernel
149s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
29-06-2024 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/WzjBIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4484	msedge.exe
4484	msedge.exe
1092	msedge.exe
1092	msedge.exe
4116	msedge.exe
4116	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1092 wrote to memory of 4556	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 4556	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 996	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 4484	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 4484	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe
PID 1092 wrote to memory of 1768	1092	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/WzjBIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa8fb83cb8,0x7ffa8fb83cc8,0x7ffa8fb83cd8
2⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1968 /prefetch:2
2⤵
PID:996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
2⤵
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
2⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
2⤵
PID:4652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2788 /prefetch:1
2⤵
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:4688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
2⤵
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5080 /prefetch:8
2⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:4268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
2⤵
PID:1072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
2⤵
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:4064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
2⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
2⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,9731363108232619562,14892737847885489055,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4056 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ade01a8cdbbf61f66497f88012a684d1

SHA1
9ff2e8985d9a101a77c85b37c4ac9d4df2525a1f

SHA256
f49e20af78caf0d737f6dbcfc5cc32701a35eb092b3f0ab24cf339604cb049b5

SHA512
fa024bd58e63402b06503679a396b8b4b1bc67dc041d473785957f56f7d972317ec8560827c8008989d2754b90e23fc984a85ed7496f05cb4edc2d8000ae622b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d0f84c55517d34a91f12cccf1d3af583

SHA1
52bd01e6ab1037d31106f8bf6e2552617c201cea

SHA256
9a24c67c3ec89f5cf8810eba1fdefc7775044c71ed78a8eb51c8d2225ad1bc4c

SHA512
94764fe7f6d8c182beec398fa8c3a1948d706ab63121b8c9f933eef50172c506a1fd015172b7b6bac898ecbfd33e00a4a0758b1c8f2f4534794c39f076cd6171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
21KB

MD5
00634e65bdfa3c77f4804e91846efbb1

SHA1
3327d30bc8cda8de217e4835843018b1d8a50b3b

SHA256
b145a8d4933e78e2c8373a73e88319f276325244254257cf9f38d15ee8226775

SHA512
dfe837e9b92a08fe533ebe223125dce8881c67d7930ca608b49070986982d2877a5f96af5c09fedcda0abc451a21c2131923360b96b10b33e10dc26e478bce8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
128KB

MD5
3d905ff0edec86a1307132c9d40fdce6

SHA1
cb786c34df1994dbabccc759cf7c41342c5fbd25

SHA256
41247a9aa53f5c171e6c9d43c4f23103e2eeb673ff62b3d4e8a2e3d3cc29d78f

SHA512
b9cf4b564be540dfed4848f43d1f19144d59f46d6b4c6e4ca1263effd2fcfeaad4a49003c4a4fba847c1535d8ad715ff01329205112eae1a4ea792a0b087326d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
Filesize
30KB

MD5
02c4cc6d759709eba3f82adc2fac19dd

SHA1
769074f793e9913f2921582368b86f0b32269d89

SHA256
1109318670f3f0ed4881ef4d85ec2fbb9fec253df4e67259064af2dec0b97e1e

SHA512
cc73116fcf0f6671458a0cf46577f6c6acfdb53ab01db09fccc04df6196d78551e4b03593cfd034ad0950d0abc587173e74bb734ae62f9dac726eaf959b8e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
20KB

MD5
52320d0d94e0d610bfaa1ba2252d2cca

SHA1
40ac1ec35ccf6096c819c796f0aab81a35b361b7

SHA256
66fe7c6b5063a535c5aa389a1ffc77658533766d66f74bfa0c279906c3f42f33

SHA512
4ded18ac9454a0fa9d8e12eb500376d04725ce537974d4e4d548fabcb0a53ef6b9e0a639cc994f9575843ee05caa8c69218264841c3ca04defb63915638372e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024
Filesize
22KB

MD5
b46ed529c548090807207655f09527a6

SHA1
38db9f092ae525a3cf16324773a2a529b2b9f0ac

SHA256
a81d94617dd6e98d3af014c9169d12938e7415148d6c681e40c83400872417fc

SHA512
12149d4bfd8d03ab2dd1cfe8b5dd767470b420cf548014907c146c7ef86d38dfdb8d0e4422bc242aded83215012b54a8815c7993b07c28b22ead1a9ecce31237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026
Filesize
22KB

MD5
8094b8b478a119c2fc34a62db6be9d4f

SHA1
cb136a1498bff80eb0f25990f692a71737a6f789

SHA256
0d6c7be1404c3eceb289339f1c69933c14a6f21a5fd001c59ef2aebf09782e96

SHA512
e0edb752eb539dc2bee2a9e203fd631d8c3eba9f22a4d9aa063f4b404bb65988428a7d3d252dca359d461daea59307d9019289f344738fe69348331957d90a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027
Filesize
41KB

MD5
ae14535ce43f13497807134efc59ab06

SHA1
2b2a72268572b82196e6d953cda3a77f88a06582

SHA256
286d754942b4e27c6cd9114ac95df7e81b0ca98bb89890536c377c14aa7bdbd4

SHA512
c899f17d8abacf666344b91a65628228a4a1ed3dfd016abba6a3a92355f63ef0266313c936cabf640cb466bffb72cfa6041b6f63c8bc9b1158feef712cbaa420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
df0bc384487e17c9bfb84bb4b8783ba9

SHA1
1051baa61822f9e1e6120579819a4bdffb0f06d8

SHA256
1ae015a1466bbb28fe8377bffa0b74bd4698697a22023151186057a35c0e2902

SHA512
69f3c548095e0ea591e4e849abb06259660c545b6c9c983b2a72611d6c3f56968c130ec0bd28036cc157a1afce3f9e31a30f6b48e1e212985b879d76ef473be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
f0ff67294986698a2e13185036878b98

SHA1
321b1f9c8218c2b6725019f14ee4597271e6445f

SHA256
2440202af734c298dbd1481e7061d18d8aeb60f7ebc22495298e4d11dd141d48

SHA512
5dd3976a1f0f0d0948ae745c60fb67f19d522fd2fa525c46b4e4eb86ccef7cb160939df9b576e78ccb712d1322fe89fbff7e317ff590b4a48de8e05bafad0a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
408B

MD5
42ae74d8b76283a174439bda95bcd636

SHA1
f2b17ed4b6984609fbd32223a6312e17f595cdcf

SHA256
a52e6b3c866710017ec840805445b2b471bb14b8a560978d085b6a5cf804350f

SHA512
891d0ee37f479effa2cefd43f16f3438b191d49c0e18b1e1dd8e4aaced88ed83e5e3cdc25db9adc4a838bdcb43b4690e54abbac84390e5ebd6ca4559281a9226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
796B

MD5
8526d83bc71d3373221d9fd9d53f7c52

SHA1
b7c14e3baddf4053b886e1a5303143be49072da7

SHA256
10fd5b183514b8de28a8f7023f458aefc67a19f472a264d32d5f048bcd0f168d

SHA512
1e13190cdfce66684d744d47bf099ebe10e5354329d96432dbe7f7684c6b8ed072245e80730325df1806a712feb1fb42e62e1052631b566649a44e9e3a7c095a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
cb2a706f78de79ef4501ad72d3fed7d6

SHA1
210436dddf2e4607befcf2dc592ac5ab4aa053e0

SHA256
47638f05d185fe2e0d65505fc4f496a2b4105ab44085061366c324f97522c6af

SHA512
96decba2ef4d65d43bb9ef456ae6f84a02ce93404635dd6aa2d668af486aeac75cf188d00da1c6022d4e2c7cb9182b3d13217b3c5f8c7c574472ebe56643424f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
1be216badf2d342e95753d51519cb72b

SHA1
0269098f2eeaba1b71b4ad253d5478d628072171

SHA256
aadc93d21ade349f1b7ca19af68c98d14161bd7e57dbef966580f0204cd43b1b

SHA512
bfb46d5f08ce2bbb36c23a7894084589c0b3f88111cb5343cdcf139c6b3fec241a8a553e743f76aef8be66644e79813cadfa695c70084196b232e081dc97260b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
9863e1f655c1ea60c98c7f59cfee0060

SHA1
8ffdfb58213d417a2623af986d4151712b62e2dc

SHA256
39a7daf374fca1287ae7164b4d07a1b3df351b2c1d28ea6cc7f9d790f6562959

SHA512
bf7c237bec99963d435e2053505798d64c3eb17cdf2a75ce17b9e8b965a59b78cb5bf33f1898c9453e1c8c42a83766620a34face00af6603e64c08b57f752c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
6af734b3df1b1c9677792374213e3765

SHA1
85db91db8dd6ba529b9e2416e3cd003aa0e21a1e

SHA256
9144b8dca01778d5375003b9c7f855d169ca1aa346f7084cdf25b73941aaa5b7

SHA512
80e3e0e1133a608f626e2c94c089ee5c710ebbde9bdd26030c94d496e922044e457abf4624c60a12697ac3d48c91c0ae5a6cc8721847c4aa0ed46e86f544be36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
96c0bf4ca5950fb301c43322c51b5dca

SHA1
21353f82017526f9da064dca39bb00a1d889eea8

SHA256
7aa2fb33ef74163975c294b49f2a1de84e0db3fc52f67f3b21795415611bc1c7

SHA512
05a033ddfcc465e520a91b331fafa4d2094a26086e29fe499a1728c2beb1760ee7f152b0bd9b6ea89f8edf21c457bc7d77918782bb0b44a99b21887ccd4850db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
72f20e1563c634c84c5d395ecce0f10d

SHA1
69be5630d69bd6bd5cf40bf811801fc15f1d2e78

SHA256
68cc93f7289750af5a1894d590ac57df270f6fd51f876714c3f430dd5da97360

SHA512
61d28ffed3df475041692538050bc3c519277cc50f43115b918ed3fb3e267a1df5a42c710a7584e76815e5b2be781eb8f4c421b78b791279a21934aaf5ef3218

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
fb92629b62d81eba416bd6fb45676b3a

SHA1
cad36b48506025969be33a682e8b0c5f92c45965

SHA256
e84280b65eee083547c186a610aee59f625673dadeaf5960978c964e050b2ed0

SHA512
90baeef56ccdbf47c7575f1a9a2cf5a4415e83a332a2e04ffcb7f4d3ccba0d9716bff0a9be15f0ce4a5b0762877bbb56c2e947d332153bff2e8ed028c8ac1ebc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
708B

MD5
996e7ee7ccc3d412f50aad6338e05ec7

SHA1
b5fd1790d65656b1310ccbdf1931cb19a05b4138

SHA256
9701c4c2920f28ceb5c7bcf7c5f77d6e40293910b661c6180ead8a2f9631332e

SHA512
39b48e6db3fc841839850c4eaaed642c32139407bbcbf5805c95b067fe79724422603c7316b7c73e5cdc4705d5a0ca6ea3fbc8804391307c0dade47ef8ee79f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
708B

MD5
7342ba9bbc108e1b99fb0c2c4e1daf6c

SHA1
02709a6510cfee9e4768ce9ca00205cd998d9753

SHA256
9adbd7b5f1d8966612e4c217e804a37a36be8c8a8cbc7aaf381a59b39f8e2c9d

SHA512
4ba0f74f0a73c5c899333085ed1028b09aaac5544d26c6469329633f3865f83f80c87952fd2b84c0fa560eb25fc8b3908ae14337b946c547d2d8de281655944e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
708B

MD5
89d5d7d8b45e56e7bd84a2e58f688d9e

SHA1
13c4587b7ab4a91adf6e159a7057b329c8a2d163

SHA256
a33ae2cb38eb54ac7a0e355b9c0311627dfc6b25b3a5cbc431a5ccfe07864207

SHA512
0ce3d673bf8eb0b686354709f8478b303731096e0a1724125a467a7a9f14c00af2b63511c1dece8bcd9bc2b46f4c13ac13bc3c8690f44074efe37ae5304f1e7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
708B

MD5
be387eda262043660f51d6912ee3edfc

SHA1
ed4bf9507718da509419dd274b440a32539d6695

SHA256
6a38f6e30b43895d94e4e61ae20b91ab00cf4b63c4c6078ab66d525250ca4546

SHA512
f5af63cf997dac32752610ca3b4e89c6f2fe82bbe09f606a5a9166b755ea7687f5c012d98e47ba4b738e7b4622259d712deb6390412af91d809c6bd3fb8a7ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
708B

MD5
98d5e8feb9747896c9dc9bf664a77c9c

SHA1
9015a1ca1df8eb258452f657f40a61fdecee1a8e

SHA256
f99009adf656fc65ae8ce9810e672619198a537076b6e48569808d959274f64e

SHA512
2f0ba79d63dbd1741725494e481fa241a9a5358a2174e431a1f60ee174879ba4b2f16eb05ec7ffa0db5c759c38ee18e403f41a004fac954ac7f10677f977ac85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f5aa.TMP
Filesize
708B

MD5
5dcca4a710683790619d7a9037061df3

SHA1
1ab0e9d02ce47effa4be87a99a641472889a49b1

SHA256
2e4ff1eda429d99aa14bd6fb61e7042097b43e640e883036b9ef5f6271254f4e

SHA512
db60af573766f5be68bedd7ce75ed473c2c81834f0443c61b7cce31ba7b7879576d4ee2fa1175f2270db793dc9abdc1436a886c70380d06dd631e638baed4d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
224799288fce8a23e7cb7ef83f006ae0

SHA1
7e1d5c20178798c1184134a337afe33df38d972e

SHA256
e0c99f83fdc9fc8fc8061774af3876d424dbdaaf444500c01c573b0848eded2f

SHA512
1817967e7cecde8bd82457d913803354591809cf0310f93df4d97bde7f65eaa6642cc6923ceb0b5d0da36553ac12d5120557d9bbf4ba8cadcb35e1ddd72a79ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e10ee28d525c3a36fa78e7875621bc18

SHA1
4960cfa4f62bf9a42a3b23eb92eb04ab9bfd2b3b

SHA256
687a274754c731179382d0eeb9853a4b8c585a4f6a3549c876b4db68f69eebd4

SHA512
60d6085b8f340c998b7bd6a373cb0abc1c8a36ef390168d76d287303c2cbfac6bdb9a0a7f63005f8d429c6c865a51587e1c3b620205c883d5408043d5a776d32

Download Submit
\??\pipe\LOCAL\crashpad_1092_XLUUTRIIISMJIVGK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit