hxxps://westbloomfieldlibrary[.]org/includes/statistics[.]php?StatType=Link&&StatID=Facebook&&weblink=hxxps://tinyurl[.]com/yc7h4c26

Analysis

max time kernel
331s
max time network
327s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2023, 23:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://westbloomfieldlibrary.org/includes/statistics.php?StatType=Link&&StatID=Facebook&&weblink=https://tinyurl.com/yc7h4c26

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1668	msedge.exe
1668	msedge.exe
2896	msedge.exe
2896	msedge.exe
4420	identity_helper.exe
4420	identity_helper.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 1056	2896	msedge.exe	85
PID 2896 wrote to memory of 1056	2896	msedge.exe	85
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 396	2896	msedge.exe	87
PID 2896 wrote to memory of 1668	2896	msedge.exe	88
PID 2896 wrote to memory of 1668	2896	msedge.exe	88
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89
PID 2896 wrote to memory of 4060	2896	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://westbloomfieldlibrary.org/includes/statistics.php?StatType=Link&&StatID=Facebook&&weblink=https://tinyurl.com/yc7h4c26
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x44,0x108,0x7fff7cf746f8,0x7fff7cf74708,0x7fff7cf74718
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3076 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,9469092186040384648,10193993740798998804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4348 /prefetch:1
  2⤵
  PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
f639bf9ff70d061113297ba084adfde1

SHA1
e0d43faaeb2f437f283b4720cace3fa419f5211f

SHA256
8b7e62080b97537e59d3898a0a4a58897ba4395d498f767667cad9e8858348d1

SHA512
51664c3abdd8b2a66df69aae450b8412d9dd227fe311b86561c6706906e1c8004b98e9333f397171dba79a921ce5a9b4f8a7bb3d2bb0abd1ceb4d24abdae082f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
936B

MD5
f11cbe6db4fb6353e9ecee6bb649b8e8

SHA1
1007808f9573a6aafe2161d4ab334c3679c75c4a

SHA256
52109947a3da94c9fe3a7b10ae293b6bca2733a587c8fed106dae008237d3f48

SHA512
050e56766b2b8bb3334d57e1daf8e1d30835560fef382ffbcf239a856352cfb95b8bc767fa9a82b5573f3aa3809bc011c7fc9c53641d00fe7320f5db9ec43101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1016B

MD5
d8a7d1158d975e4090adcd6cde08681d

SHA1
fca9efdd46de83c99b2d34da063d837294ccad8a

SHA256
32411746eadf5a20f7851fc1117545c8b37b2109da0c25fbc9cc7d9ec28f2b45

SHA512
69f2a59fd6e3625a92bec7d26ef658237d211defd1076af90e0f439a8eb3e42f0c4d056ff3e7de1b8a41f2b61e4ed11e819e12d5b3e3e00396563a5d922c13da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
22d87b711680e87f7d88138bf4b18bf2

SHA1
aacc5e2bdd2f1e7070b152083eefe8568446a3eb

SHA256
5b55b201b3394b02eea92e225ae94b377aef058c7c851272ffaf5c30701e6bcb

SHA512
5efeb5ccb083e0e97547cf86bd3aa6f17e843afa17741d5ef2c81c631d0ca710709e2d40eb2ee0e2006cc999413c9809ca3aad7f7294224334d3ce03e8c82c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7f38c9a5b1ccaa9bc274f28587c21129

SHA1
e40f44d8f06e8100566a17e71e0081777fa4adc2

SHA256
6e9e1e803eacfc09b3a36496b5a7515a468d7c13a0a70335205678f7336d2b68

SHA512
e8186ee3bf9398b8aa223976ae0a5014bcba66a1f38c9280d74fc9787c781226e1f2c7776d8f8be6b067c0b451580f361c2043fad8b53019b06dfcccf1ca2c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
936B

MD5
cc1d8b6e1088cf4168f621b2a1961081

SHA1
ec32b55fd3937f6999021d0ed16904a33efb7524

SHA256
42fa432041131a4e2085f59c02828c46b61ce17d7ddcaf9bc141a5a8fca6c316

SHA512
5a59884467afd5a460baadec23da6f39b586de58e4b1461d6a0d1e0a1551515f022b618990df8b643894df05c5443a586892ecd7f6d18c7d64f643bf7b31f656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
107e799b3118b1118f57f1f963fc5f8b

SHA1
e607c898d7083f3c1492190c049dbce275b9d574

SHA256
88199ae7da25a646d0644a953220572b25fd438e974d8812d965e0b7f8624d66

SHA512
4d144837055ea4adb3d9f5b532d4c2281db0d300033025b60e6563e289fdb21a66fffc28621e1ed5ae01af89c0fc5455f1d75c57cef08a318757cc74294c1ba2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b95567ca16998fb0eae43a4ed52f45d2

SHA1
8644cc545643e4be1bac6112c698a3a122cc251d

SHA256
95841e63c17746a51ccddad53fae1bfa781b9d501148ce96072bf3151f4dd6ef

SHA512
4a3d18b4ffbcd71e90c194ce7dc0ab57787a3f85aafde6ea472bc3182ae9282fe326adddc47c0e6aafde6c98c769a87cef8149bf44e0d02b66d2f4fb29d6cf02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cd26012e1f26670970c8b6780b239d77

SHA1
3ed70dfafa69bb3702ff12fc94300a08addcf239

SHA256
91bdf60160bb48fce1c6718dcff68a74553d80018ccb3eecd65669b613fe1377

SHA512
05fd7e5a882e4d2272791ea2e7ce6a47a6dbc9f75c452e6670847a1cafcef07874bb55a4d5e7303be47dc1ce3c1036d13ddda4791d21702bf4a21d9e451719d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b4ffdcb8fd16b29528de77c899435dea

SHA1
b78ccb4c4bbb86afcf60ca3b4f75145d1497a3ea

SHA256
5c1dc37288daaa492042262716671edce8ed4cc100c55e5bf989919595057583

SHA512
9eb43039e1cadff2a7c508782bb3bc8e67ea47a10047e54c8d616f9d1bafcefa8bfa64cd2081a51428354f3ca0272fd338cfb0602501edac9cf2778f29756964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a31fd83c34f53219118b4afb86df4260

SHA1
61afeea7e22dbc97ee6795ae3a9cd20558a40d63

SHA256
546821fb6c90300bb6ac0b62ef188f81b5fc76be0dcf7bc2db169209af7d52c7

SHA512
2265f49e5ba2c54ffd29741245be0e1a4a11f3fdddf0ab2234300ebc21e78e9dc0952425e49c85c9565703fb155778932987c5f20aecf4ea9a5d7ec9b18f6267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
b05f2d1f35289b92aa4b85523e9182c3

SHA1
4fb80e8561ab4fa554a847aad95079cee89694a6

SHA256
a1e641d3b2c77b9669c55926981c56d84723da6a5d90999389d7a5034c2a165e

SHA512
01dbb172fca19573e642dd9f9f83e319dc7761ea7c2200459cf7bbe0b97a483c84634bed38ef654569725066bf43936762df3d352de15fe9db744788314aa18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5a325c.TMP

Filesize
204B

MD5
37474fcd51f0f8e3eb5b30f364fbccd3

SHA1
0e6ab915a180c6ee344f1f31a60961f13817f46d

SHA256
5911256b1fb503da59b5fb025ef6fad197efa9cf11d00a9460db2cc15f17efe3

SHA512
fdb206e3ceccceb75baba0bfc596ae691863f1ba1fd13128a93e90b807c82380496ed23621df34ddcf7b8dd2a7df739387057dc2997f284048b14346e6ee8c2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5e4f4bb292dea869736da869f6d6da16

SHA1
543b0905807c8c9da64f5ab3f3e38244feebd215

SHA256
98155a6c1e2ca1706aec7c0bfa675c7ef31ce14ff046700e98501c11c195e17d

SHA512
a815b7db728b071c2c4300ed244f70f3bcd44babfa87f3e0af7172513be9e6a683d10379b4a8cc05571895778e3e39bbbdb644e71dc503767e69f22e16252605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
548ad88e573647f1f452c1c7911e560b

SHA1
49c530d44c6da000c5793d6b3620fc7fa1219090

SHA256
4c1a6ff96e3bc6ccc61147e05fa7f1230a87e2541afe1d3557499830345c82a2

SHA512
8be5e0e5804c8d856d02df356b94e02f2e3f432cb7eaa073347600412a4da1bf5a93e477692fa91cbfc3fa922e2e4c1560afdf73e1c9c6f85b54758bc68f3b81

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit