hxxp://isharereviews[.]com/ishare

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2023, 10:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://isharereviews.com/ishare

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
4456	msedge.exe
4456	msedge.exe
2384	identity_helper.exe
2384	identity_helper.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe
1924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe
4456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 1348	4456	msedge.exe	83
PID 4456 wrote to memory of 1348	4456	msedge.exe	83
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 3064	4456	msedge.exe	85
PID 4456 wrote to memory of 2472	4456	msedge.exe	84
PID 4456 wrote to memory of 2472	4456	msedge.exe	84
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87
PID 4456 wrote to memory of 1344	4456	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://isharereviews.com/ishare
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcffc146f8,0x7ffcffc14708,0x7ffcffc14718
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3520 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7331963735751844388,13790787009854941569,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4528 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2668

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x450
1⤵
PID:5084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8411007bafe7b1182af1ad3a1809b4f8

SHA1
4a78ee0762aadd53accae8bb211b8b18dc602070

SHA256
1f274d0d144942d00e43fb94f9c27fc91c68dce50cd374ac6be4472b08215ca3

SHA512
909e2e33b7614cb8bbd14e0dfff1b7f98f4abbf735f88292546ce3bfa665e4cb5ee4418561004e56afc5dd30d21483b05f6358dad5624c0dc3ab1ba9a3be18eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
173KB

MD5
d3d1aff7a71e5f6f4537a0b3cbbd5c23

SHA1
82bbaa35980290986094ec5b2f33da17fe0e1ca8

SHA256
d3ac13e9bebf6119830ea38adf6715f42a193e7cc5834087abcd77bec3c07291

SHA512
9f5a8f657438a49e2b60db1372ced7edca4ca714efc63ff8791ff232d4252178b5a148a02b049f279007f095e7ac5b649367a2fb3dbffa14b39b637f1d30d42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
c5e47ce9fcb32aaedb9ad8c725c4e2c7

SHA1
04c9cc83e55ec33f76264bb222c613783ef788f9

SHA256
270a1521a812e5e623ad23d5f1cebd5b0c9992ecaab3f081f02044e5f9a42301

SHA512
43c6c56ccba944b92321d23e9db3f00643b94a2418fdc9995f78235ebf9b90c27a32e83152cdf21dc53a607a2fc79621e35cea8a86c1babdd2b63ecda6170ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
32bc82b79601c673cfbe9d1dc543087b

SHA1
53c3e28dcab76c8cd31cc3377b1621802a4e9f62

SHA256
037927fb84834332634d1383fdfc1f4cb086c7ec1dec719e6338d22052721636

SHA512
67121ee9dfea602bc66e505885ae0236d5c98cd115388e78219225030d679a9ce81b50938d8cd8e4ad3039fe3ac4f86d0b17985e2219ddd4875f94b6b46b30dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
460c723f923a40f88a5da5e9e0be5fb3

SHA1
57a62b674db71675f04f80db3c50088c47dfa03d

SHA256
c4546fcae5ac1c3f7a130088b6530c55f7e4031edbb9e94c5f2cb0bff166bc9c

SHA512
ca0b4feea8d2dd33108cb7d947e29cf8f085a6283f28aa699f391a459b2b9d3d40d9c6c814d478f31d4b2b3a9c4793bb4989af3a2bbe02fc7b83639cf30a4365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
98509ca165e7ea05b7a4afe72a1649c0

SHA1
54ec6a7f23c8c04e9a9fec37ef8d10a218ca36aa

SHA256
3c3a93eefb6d2880da79b5988f551c1d5707334e31ef517cdc8947d141d1a7db

SHA512
0bcc17d8463bb5aaee8dd20e49417e4e26ea790e78123617b479fa85fca3c5dee26ed3f8609b8e85317f65fc46d7c935874dba16c342d893ae87e79c2e26b654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eefb0c8c7acb770fab334c5dd6122d09

SHA1
8e18adbf2e5ab6fb2ac2358c99b0dc8c751b796e

SHA256
9e95bcd1d8530a1ba45dcb5cbb7a624ed470270ed8910b3760ed06dd0cb677c8

SHA512
2352cfb5855a3a7c9cf5effe9884b0297d7a2c0478eb9be6be584a01b6ba1f0dbc1a3d77090d27fca2f9c1bd947d4012414e2789f4691622a1501bf5cdaf7d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa8db70b35d7f262b147e5471159386b

SHA1
683957f65fd1f7b6a7774019380ad6ac5039c71d

SHA256
144136e954d234c086feebb476f6624881ab41726dae890038cc2ad9500d7748

SHA512
924ff3b06247f3fbdbf9a9e23d1c595223be45a1178978bd71724efdc8c13bdb6a9bd231e04253cda17541931442bea9970b101c25bb3364987295dcf98d6d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71efd3b858fb04077a846bb1d2fbbcc0

SHA1
5baca0d86ca5c87ad64f3627766d00f5d6bd8916

SHA256
ea7b4dde1e96fa8e630296f0508ee7e5fef95e4ca574426ebcc9fd8b1892274f

SHA512
718d9f942b3f966f123e81d028bcaa903895b2d0bf8c486c6e0e70bc03a184add9fe16df86630253abcf57cb035d0f5450e83cb406c617de05311bc0cf99c32b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b30a63d08a498f320956551964bd3d95

SHA1
b564bd8aca7b687885611fd7201c955f6dbd5c24

SHA256
32d6ab3aae10522a7d43cd16e569d06b3133f3e96c8224da9172f65c012180b7

SHA512
21f539325697cc024ce561c91b4d39a3916ad13530bf83de0414d83249f529763793783d4dbc44091ce2a628a9abc47e59f202a40bf78b5996767a2f35fb6289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8caf4d73cc5a7d5e3fb3f9f1a9d4a0cc

SHA1
83f8586805286b716c70ddd14a2b7ec6a4d9d0fe

SHA256
0e0c905b688340512e84db6cf8af6dbdfe29195fefde15bd02e4917a2c5fda8c

SHA512
084ef25ea21ee1083735c61b758281ba84b607e42d0186c35c3700b24a176ada47bf2e76ed7dadd3846f2b458c977e83835ced01cda47cdd7ab2d00e5a1a294e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
582dcfd94a9fd885eb0d527b3a4789cd

SHA1
f12e551ce895e6f59551ceaa99900b6b82993925

SHA256
f1866c8c89ed3390fae076df17099107fb6896aa80cf40e6bd314f1f1a38f19d

SHA512
d07805b9f6758b6ab5b84925337c0c4654dcc35ddd493b11896fc4054b5e7704e9de6bb768fc97e27bedfb4232e5e573e5caa076abbe259bbf753d027d6105a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe596ce9.TMP

Filesize
371B

MD5
1809f5c95420eee50e23e2956798194d

SHA1
567c972469319304516d4140dbf30901bddfd91a

SHA256
70c5a702e7c050d73be50126ef5a575c222637ca5ed2f88ffbea725f68108c4f

SHA512
54b144391a3638e168f64d51988dc60586de406c072867a35bae695a16cd53b06f0edc054bc2d055656ea66780ff078e082fcef8764bf53ca1650b11c46670d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f05e3164f357d333c44ee12dcb4f6f55

SHA1
e0e416ef713d8f1d68dc555a8e6d505bcf347f96

SHA256
124f3fd3e247d874415a490c2d7dc44becc9642396c7754f963f92edf44439f9

SHA512
c52b5a5e278bc4700159237d80814a0d9b5a7c38e140b0cf5202ac265b7574e573aa848a5364d7faa9ac6a1a2d7a4751a2a671780d1b675ace3f88f5ef74d2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1cdcce3a33cc352b8f2f8ac06826d59c

SHA1
6327182032b9247c685b3898a9656c586f528b01

SHA256
17620364428874be2a4e80b45cb1959801c535e16561b3a72b7578a9f64d8d7d

SHA512
4b511d39772b1f85cec2db52aa3f797475b1f1ef6eb31c6b6f952baa3406f48cc639cc83cf5ee8d1d213e2489d2898b0c69e128ca5c55a896097bebad48ab497

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit