hxxp://taobao[.]com

Analysis

max time kernel
150s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2023 15:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://taobao.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-528036852-1341495193-1175965888-1000\{CF759DCC-40FC-4CDC-B0CB-CABEB8FF3E37}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1480	msedge.exe
1480	msedge.exe
4044	msedge.exe
4044	msedge.exe
3120	msedge.exe
3120	msedge.exe
2564	identity_helper.exe
2564	identity_helper.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 4420	4044	msedge.exe	62
PID 4044 wrote to memory of 4420	4044	msedge.exe	62
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 2508	4044	msedge.exe	85
PID 4044 wrote to memory of 1480	4044	msedge.exe	83
PID 4044 wrote to memory of 1480	4044	msedge.exe	83
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84
PID 4044 wrote to memory of 1752	4044	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://taobao.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f94446f8,0x7ff8f9444708,0x7ff8f9444718
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4922419568472123965,8238223682644150798,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea03d9602828b2d8f2b8817e89b06960

SHA1
80b3dad92c2312b04b2a4fae005e9cd0bf6d4e71

SHA256
e116c715af3149df19bd1b776adcac0979f08efc2568690dfa0d068dd8d6209c

SHA512
cfbc15f519e58578f2a25d6eb75784f64e836f93c78d72c4c1b06f4e47016135625ea5d8db1540a6aec3e1c60732d45f1e1f2ac6c007c552835fb4d71c474a08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
47KB

MD5
fd2e2c6b41dff446811fee4176cb1c4e

SHA1
5b7ef58468ffe46f8c6c4e81a74f0886ac9cc6d3

SHA256
551ee0dea86c234342b79033db6f6f03e4ccec9816d7d80b5718566629694971

SHA512
3978feab9a9da15037f7ec75013888e3c1d064304b97e228781f23ca5342c0487858ca88aa5de7e1aee50390087c1aa1ae50c09d044d7241a54ebf7a0db0f063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
430e44a1064cc01a55dd6c9540778d65

SHA1
c9046645a98c242226947d5c791ebb57ee664390

SHA256
549eef2afc4af043d29026a26b9352c7c8a847e1f62116173a2844070f46e74a

SHA512
0ee05fe56459414c31d5f2137d24423bbea2d1603de80f20f182448fc43feb2d0ce85f44277f881193163a65f2525dacda498e6a1228aba44bea379818f496e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
611489cf03bdb0563e99cfb4f80bbe67

SHA1
e9ffa25a8c345cc16e55005cb1f1be49170fa96a

SHA256
2b874be6154e37e99f1cc29942dde875bfa00cf6616afe27854507c994a82981

SHA512
589a179d05ff7e03009dbec86ea36114c7dbeba67b8f94803bd66ec91b52b5b3b4d11279b9233b0c3886442fac86bb82b2a2a57b8da29f616d8cc7103f3fd9c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d8e339462730daa93e20aa612e38cb05

SHA1
7d8cd0b314f9fa7315465c88ff6e9ef8cf546994

SHA256
8792b2e1c50632cb8fa8f45826e7e204bfe532f81fd94296b6fb9425e0614e0a

SHA512
5b248494eb86482d4f0dbb15cf58b647707019a5ee2c20ca6977c4a328860e46bf0371449cbcd31587c687a1f8eb1b504f8892b49beb0dac4f78154706d5e498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83f8a86e66a7ec65e00928193325ef7c

SHA1
498c06e259be9396dd27a24637ed8f9fc86382ea

SHA256
61d04d857dbe9564346775fb27493b97173a81901c82491f271e6294b432f632

SHA512
c703e0247aea7c46a7317a0501e8569764e09807edab3b6973b8bdcbf60e54eb54fe40012314c5ab1ce12c5c35354dcf519025a9b1d469fe53695f605dcbc432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
98b2af9db1c5f89254e68bb35b2c1172

SHA1
645ad9abfa78b21a8c756a06fab4421439ac46ec

SHA256
558ff30a032fb14638d0bc876d589424457d039e78c069b6b8e986e3760e4898

SHA512
38543c7d434a550365b426c60b8ea025aa8387b1b87c294599d1f16a1ac8f1af9befe938b3bbaabffcd744070de020af34863f06889a70fcfcae4c9be90beaff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d19858b46c72590d59e601fb3ecc7c7d

SHA1
be021231bd9cb308236a2d5a2612ac6e53acaba3

SHA256
fcc2dba2b94b7a506ce8b6f8542dc580fe7bb5a5ebc3124b4d8f3d45ab3badc5

SHA512
621e8f68c6ac932d65822a1f3a76ef85d5f3ebda6179b91985810ba50dac649df178f0ce92ede1a23202c9a40c95c05010ddf5caf6fc068ec061e7f686ea4e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fd86b8bd34ef7f25dce8f49babcf073b

SHA1
820ebb51d0f729320f2c70af7511c25e6b185833

SHA256
315d89dbec0165e1875e8d3c3bef8288978791567974389903002dda191842e1

SHA512
61ef29d416a8601caa05afac23b8936375ceda7cb7e4f45f99311aba5db13002a1003dd28e093882652edce041277bf1b526b671e8ad87393b6ba6160a0ce23d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
80c419702a7186c2d50f8074a7e3161b

SHA1
1e6209bb88eefe1f7b9d7bc30382df0313519c59

SHA256
e247000668de55c3f5a973f78528d91990dab28a78e2dde33f1aed4f45184e95

SHA512
71b86cabae58b2bf87bff604a504a26aa69e6eb58935d90930779de3900c565bc9763e36e870283358e82f181ffe187f429a9396aa4863a44b0119332965d987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b7672be203b8adb1181d3249ac59a13b

SHA1
fe52e2ed33d771919244efb2ba88a89b20d5d109

SHA256
aa4be57fd3c3c1721fdf4825cd383e8916a51eb85ee85ae7d6087e0e187c2847

SHA512
dedc2a1cdc86da02aed64bf4a78e9302d8ba4f2d03b0a0838308268bbf653cc26224a3bfd0cc4140149a33c5d377bbd05d59f86740b64714fbb0ed93114743e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d5ed3e8244cf8a723e9f2c50b2d21cfb

SHA1
eb15f9cc038d87faaf37a2386cc13d2ac9ba5817

SHA256
c11981dcedbaa5946263c07873808ddd5b328f728f4b9178b58a58813cbc63a6

SHA512
da3c1a43eacb3b0f8f64e2cec316b741d6d4bec09fc5b628ebd9a2e6589c19a5785737ccf68dd2bd553bb4fdba8bca61f6a9c812e0d7fd280f5d2edfa61f0c08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cdcf.TMP

Filesize
1KB

MD5
57753b531528dca60eb2cf45561b83e0

SHA1
659634e57795cff151e819c50f7aa92cb72e21ff

SHA256
edb3f481269cee5656c5d386a11f0ab60f56f8cc9dbdb425d6d2ccd3f08556be

SHA512
44e2e27b3d28d520495e719fea6863cec0157e785dd58646bd55f8e8ab0c9797afa6fa010f4b0ac90e05a9e528f461c9b93237ee831c55d1c0ecc9182d2f46cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d951ae3e-eb27-4e4d-b5d6-eb7b1dab601f.tmp

Filesize
24KB

MD5
5932e367fa02188254b322df37cbffb5

SHA1
9014c7a88235332acc6050e792f5160a9fa8332e

SHA256
22cce4965574bd8fa8532368d69dd24dc2106bbbf2a45b6e6a7c536a9d87402c

SHA512
40a05fca3e1e6ea8c1c2a3ab9865e1c8a032d53d51e21b92cf2263e7a8cf4b88208939a3f0fb327b2dd694c0f89f6a1291a162415b9be846934623780f6d8f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a27e1d1194ee720979b3ff2d04466158

SHA1
414bb405cf6eff7514aa084364b1f80cdd4918d4

SHA256
97762b4c2236527cfd709ed297938c91852647f6f9c5fcba58e16f2923b773cf

SHA512
1bef661397953a3f214f374f3f275d3152e8eb1989e15335c290b3c0a24914a89aa198f9e6d22740a6c92ad1c3faa73a22409f3eb6891445bd7f27ab5b89cbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91ef1beef2e8be9020021d2a39005ea2

SHA1
af73bb24d59a7422412697c8ec7cc1409c30745f

SHA256
f8aabfddea5c56f223b2cc9eaa9bbd0ae0196c72e425bdcc5bdb92b688248f77

SHA512
01555309e015c489bfef165b0186bb97b671168a591055cf5941023c4bf1d058a3b8375fb5ed285c9465e8a8eb79c6b24988cf2bace105f9cf2228ab056d1b32

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit