hxxps://u[.]to/cuvAIA

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/cuvAIA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

1900 msedge.exe
1900 msedge.exe
3784 msedge.exe
3784 msedge.exe
4372 identity_helper.exe
4372 identity_helper.exe
1628 msedge.exe
1628 msedge.exe
1628 msedge.exe
1628 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid process

3784 msedge.exe
3784 msedge.exe
3784 msedge.exe
3784 msedge.exe
3784 msedge.exe
3784 msedge.exe
3784 msedge.exe
3784 msedge.exe
3784 msedge.exe
3784 msedge.exe

pid	process
1900	msedge.exe
1900	msedge.exe
3784	msedge.exe
3784	msedge.exe
4372	identity_helper.exe
4372	identity_helper.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3784 wrote to memory of 2356	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2356	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 3596	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 1900	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 1900	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe
PID 3784 wrote to memory of 2412	3784	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://u.to/cuvAIA
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc482146f8,0x7ffc48214708,0x7ffc48214718
2⤵
PID:2356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
2⤵
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:4204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
2⤵
PID:3248

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 /prefetch:8
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
2⤵
PID:4892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
2⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
2⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
2⤵
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3201452507482838618,13597532094934898676,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:536

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020
Filesize
36KB

MD5
c5e39337f681f1c40f0efa29366109b6

SHA1
3df6cdfb2a6ef5d2e0b0b2832154986629dc3e70

SHA256
70707407660a3f4361c5b197db2be83f96fe74e2f1f95f0753e985ee30b7b84e

SHA512
f73d25aa88d2ff3bdfc4d569d20c327883b16600f76410c883e07eba51715cc65d8983cebfb681f2a0c6f888394749f9975ecbf5c9af428ec5f3e433874d6534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
Filesize
120KB

MD5
6168553bef8c73ba623d6fe16b25e3e9

SHA1
4a31273b6f37f1f39b855edd0b764ec1b7b051e0

SHA256
d5692b785e18340807d75f1a969595bc8b1c408fb6fd63947775705e6d6baa66

SHA512
0246cee85a88068ca348694d38e63d46c753b03afadf8be76eca18d21e3de77b495215ed2384d62658a391104f9e00df8605edb77339366df332c75691928efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
Filesize
117KB

MD5
4f7c668ae0988bf759b831769bfd0335

SHA1
280a11e29d10bb78d6a5b4a1f512bf3c05836e34

SHA256
32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1

SHA512
af959fe2a7d5f186bd79a6b1d02c69f058ecd52e60ebd0effa7f23b665a41500732ffa50a6e468a5253bb58644251586ae38ec53e21eab9140f1cf5fd291f6a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046
Filesize
32KB

MD5
e13edde4a25e96e573f37bdd11e020aa

SHA1
84a0c3cc6cd74b149cc27de2b0fe48bc2acb70d2

SHA256
45b526e6aa5356b278aa37e67593a25d09c9653e8a0e71fb8e155111d3b7a515

SHA512
9ba4cce47994f949731e594538f56f423ee46a8e602fe922ab6e1d173b87831ae5a80d967d695fc45a08b25aef5c494518b43cde6b4709db690e904b2cc1c053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069
Filesize
119KB

MD5
d45f521dba72b19a4096691a165b1990

SHA1
2a08728fbb9229acccbf907efdf4091f9b9a232f

SHA256
6b7a3177485c193a2e80be6269b6b12880e695a8b4349f49fccf87f9205badcc

SHA512
9262847972a50f0cf8fc4225c6e9a72dbf2c55ccbcc2a098b7f1a5bd9ea87502f3c495a0431373a3c20961439d2dae4af1b1da5b9fade670d7fcaed486831d8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007e
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
0b55b6064594355035ad7507870b3983

SHA1
0e66faf55fbb6350d0b29bc98cfd7be7bbf476da

SHA256
7b266f9e83405e431c5f94efa59dbd75187e368747f72a7d6d64e4b0c00ab6d5

SHA512
471bba7be5d49923d841e2e657e0951294c66325c9ac3e30da39d09ece4b7d3c399718c5fac2df90e56e9278f98d323850b302105d694e31d9a0d36cc47646f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
ca7b968305a077901c16214c76317647

SHA1
5b8b37af41aa292d9f53083f7b0bb0a8ec4b5947

SHA256
c10e2334f48fc015f1f3c0522a8abab1be65cc02acd35408045e3503ba2ffd94

SHA512
0ad338ded76c5bde021779a45d6ec7db775ba6eb156204f9720bbf4ceaf918d4699c9271f2539fc0e630761bb34d9d5c0ff6de1d610a58ff941620c55b41b953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
f1dde9997ae00ed2c3c80e29294ba21e

SHA1
d828a659106c1021df92af49b7e86f1a7ef555c2

SHA256
ab8cf91684e0fc2725e632dabb4905451e0c9a914fcb6ac0f094f0d2e1e38cb4

SHA512
3865ec31425086323be53c3277b1e090333330ba5d41070c88057c4974b36677f6d27ce2803a9a4fbc709d26f641afe0ff5f684079890bbf2b6a8a5ab892553a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
2bbe8865e35556a02d320a98a9c9673c

SHA1
721c602152141a64e6076d5f5dcf33db8b433d50

SHA256
04c217d2c0a1c8bd85df8dfa1966ad3e624b4bc55745feda39e6f773c25d4a8a

SHA512
619b9a25a51740dfa11afaaacfdc95b92d3686e483b876e01760a5f6d3e440ea3f73800780c339c17420bab71abf7022481f9708feb628d7220ff847d150c824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
aafe33ca808a8854265c50948d92efa6

SHA1
dea9cbef337e05b42d4834941c7f5a4bcf6355ba

SHA256
a2d8e603149020b7d143cf716da23579edfb6a79b6d74e40b31bb98fcb800b9c

SHA512
48c0ad84b3f0c11ee5e6e18ff331adc48ad133bcb0827127c4edce27895ccdf985ff7993587e5c45cc61eeb1bf139d25999e607e333889237c70a3492d1e47ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
419d7ee2116edb304fa99d5fd1d5495a

SHA1
693aa4f40d3550b5f984c392c5e936344fe1e669

SHA256
39802de76f0369a26d22fd186cc83641fb4bf5cde9a29559b7ba0314554830ef

SHA512
38c3ebff705c547ba5426b003a38ff866b007782d1f1a15fb7a7aabf98e31574e26319d8475f71e7e455b63774072e5a69e79a366819208cd3e4947af5536f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
dd007b59e38e4a53ff165d6ee23710bf

SHA1
c401474d566fdfe6f6223b56b1ee27b860190680

SHA256
ef39a146d98cd58881e2227af20452de23c3203a649c2c60653aea139f3a5dec

SHA512
c3a31ccda2a26368701649fd2f19c0fbc42472f96479ba16ed0a45d02e9296888dbcf3d9cd81e625861192ffc6fe6d85727fcc14f96a9d1849c706bc9daf3ab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b0c40469a57e497498b8c83df889f629

SHA1
ad4e3ab5c40454f4c2237f808d80c2f4a14bc140

SHA256
62fd9501b9fc5ce0e315b436a298ef70e88117e3f7a302a44aa73483f40d670b

SHA512
a7a41606d300a5d3444a6a314f612d4f5d650e8022a6fe62c3fa0083e4b2b17f07c2f2bf80ddfdb093dcc2c3d3f1899b5eafe643ec2172ac39e81a74600bb328

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
9d0146957f078b4065c3d2ee549a2165

SHA1
2b296c7d9fd52026bc3e999c06c139bfc3322cbc

SHA256
01db180c9c10c36ce05a42c1c05b062b21887c1436ba025c2a1e48b443be9cad

SHA512
1f595a16d09680d9de8e5b5bb86419773cc6e64ca53f64c79aa48d062e142db9601680f9c65b6455154a2700fe76332b27eb722ec9eb66f0a64eecb161e4b6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
872B

MD5
d22a859a2356ce258ef8ed436cb709e9

SHA1
24727075e4e7cb6b44c9c1e23e69f9fbdb15f42f

SHA256
6fa6509fb121441c92c1b6484e7b1164eff9672cda40bf0eeea794df25478970

SHA512
f3eefabedbce005b8abcf39b0212c4059c60c6a9fbcb206b240c50d11df102765b194dec2b414eabf239b9eb3f8f53c6256eed465fe622f731d28ca4b6ac6e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
704B

MD5
37bdb4bf7faa47c1847e3967e99a44e6

SHA1
252100494b62b3fea9d62932a411142e2460fbc4

SHA256
a8d4527076878c636abc49b4a6a53d16664986527729fb856946c1786f7da01b

SHA512
bcc89a4ae731b80a109ebaf24c964f8b603b504f29d8e1e99e894455f8d207cf0eca26e5289ac594155e2cb26e4fee0ddf0890b78c981949da883ecf45f0f0c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
704B

MD5
605652f745f59b62f327762064fb0f34

SHA1
d9105478e3763fbec1fc90275b0a1dd24fd6bee2

SHA256
f3a68ce611e171a5e118386e45defe2b8347eb8ae75ec6c36908c7cf5524628e

SHA512
655c23dbfbbd7b9227da9d3498d1065e34f217c4441b4fea8241aea57d8147a423ede30fb879e797e0831244cb4ee2ef8d55229dc64cfc57e19be8cccf7ccbb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
537B

MD5
3d3c482eb6106ff23e430fa8947695b5

SHA1
0278ae43f2722eec052f6cea457587e0391b5aea

SHA256
d9a6e37affef39ca244cff96855e1c9d51c64daf6b7a92e844b50a2571824abb

SHA512
3b5433d1821e78cfc3889f21c90d028446131c44308b08ea6b1699b0f8fd2d75f5ea5fcdcf88a54e63b977d7c128a00158a218a4a0d321326ba0c057f5fe87c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f7be.TMP
Filesize
537B

MD5
06038008178e0dc73e1e9ac4f9e17747

SHA1
d0ba6ec1a3ae742fa3a5fda770aeb018958cd3d4

SHA256
5f400f81819692c127456cd455c21a6284648dd4536eb12009cba94d17602c45

SHA512
96755b1203f8859753caab56ce574462eabc576d542f6a9e61ac41a9af8bef52f7c14b0d5856508d96efb7494e102593a1d7950e813c54d5c71bd0856a53853e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
71bdb7a4fe67d79b62755ccf64ca4f76

SHA1
535b2498dc9da6351ef356da9227be4c16e9dfc9

SHA256
7a3fde6b8cd82797a451daceb135af10deccc46b357c4f0dbb35c7ec7ee4c7ce

SHA512
613ba1b11b30755dda950da36849545ef45d8e7862f4747e538a5bf3b814d97b085e0bcdcd23be89f5198ed507f0cd702db10dea0332ed7dc7a1942d04a0bc04

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3784_HARCXILJVQJUPQKY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit