hxxp://google[.]com

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 00:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3336304223-2978740688-3645194410-1000\{6788B0F1-F7CD-44D2-8DF8-ECEA56316698}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3256	msedge.exe
3256	msedge.exe
3100	msedge.exe
3100	msedge.exe
4520	identity_helper.exe
4520	identity_helper.exe
1880	msedge.exe
1880	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe
3976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 4776	3100	msedge.exe	82
PID 3100 wrote to memory of 4776	3100	msedge.exe	82
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 2396	3100	msedge.exe	86
PID 3100 wrote to memory of 3256	3100	msedge.exe	85
PID 3100 wrote to memory of 3256	3100	msedge.exe	85
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87
PID 3100 wrote to memory of 3876	3100	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f14846f8,0x7ff8f1484708,0x7ff8f1484718
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5458151173085247667,10557727446347428362,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84381d71cf667d9a138ea03b3283aea5

SHA1
33dfc8a32806beaaafaec25850b217c856ce6c7b

SHA256
32dd52cc3142b6e758bd60adead81925515b31581437472d1f61bdeda24d5424

SHA512
469bfac06152c8b0a82de28e01f7ed36dc27427205830100b1416b7cd8d481f5c4369e2ba89ef1fdd932aaf17289a8e4ede303393feab25afc1158cb931d23a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
27KB

MD5
9bf386d3246210a24f1232cb813bfdd9

SHA1
95752dec933ae83e1bf6cfdd8bd1a9168053eac6

SHA256
5835cd4a0ce14a12caed88c20e0d3078c69eb332a5b94a9314faf064afe9e1c1

SHA512
374bf881951d15f78fd3232f283623c3288490153263a460a99a42820c193212b1edd7ab26232fe4488449730f55a926fe4382617dbbec3201cd29ccfde3c75c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1.1MB

MD5
7bb514fddaeda52f74a53b57c735e3ce

SHA1
4cd89568ce444b10312a573375e316fec63586bd

SHA256
d16bf0edefa9d842cb3e43d99a99f53e8bb94b19c00a46a06416c8d3c63f8254

SHA512
58c50743c96024ab00b70c785c449f8c60384857c1c8695ed7d6776030680a3dbd4fb371c57cd359dc44c6c6148912acc00287e46ce39461a7e5384961304c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fc6c79f1dac1088c4eb3381aadc94342

SHA1
22a45f49ad08e5bf8806ba232a538e8243a823c1

SHA256
6885e496bfb06f7aa0bb16494f9ef2a85d7c80d702a50d569c76bce5e5aa65d1

SHA512
a059a85e27cbaf913981abac9758637f85c00e7b1ccfe27453839250f9ed819a9806d1147f684981aeb21774c672d1322aac6b3b807aaae39036756a1043a082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0cd090ae06462601a162b00a65565f1a

SHA1
2960e94e647df5baaf1c7388f0eebe25e2bd3050

SHA256
66e279142a8c5f10c12a6a5cb06dffb6d29ebf5f06c9b5ed5b91aa01b67a1c64

SHA512
5e7153eea6f0a530c3bceb36cb2742ad93b7a485b3919058296d3719b566008c24f0749d1a19c9bf91bb3fa08a3b7420fa46b6f05f372d1ae41d13fcac8ee03d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7360d7a3657983af6f0dc7287c320e2d

SHA1
78626c34d545aeb26d49d12af704718ffd39aade

SHA256
f2ba521f8c46b4101fc2bded9ecbc98eb010c66570d5bd45bba10c5e2601bed3

SHA512
8bcd9397c3bd41c549e26ba05049f2c6b3c9d20a2d386055ad4c0faf8fdb308dfcbe38f205423e5dc9efc1f5095ec5ea2c7f19b00501b8aa65c5d1d53839bedf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
562c50d46613d480286da26dc750a659

SHA1
8672465e456634adfddbf23a29205ff8a05fb192

SHA256
8a29769ff686d489182e0a3833fdeb16437b78de43df500173d3b6efbae71c94

SHA512
cf10c9c79843e098fc0b63ba79f95df8fff22963276f6e8a54d49c945620ff62d74cbfc0acbd7c489da62e4b219092a144c1e0cbddc525ca4f0c1335f6c6f1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72e1990875d5df251825e3875481d893

SHA1
54fb7ee26cf18a6ccea22520113715dd9ce092af

SHA256
9a8fb8e6c6e5624b5258f67c59b75981ad2ce5021db940b063cb3370ada96374

SHA512
0acc3a1200f4c068d7555d76b640a5ed79cfe7f27245777ea45eb912411bc45142b4ed6415758225355d48900ec8b75db7e280e1cab833251332e41a08a1d78e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f02f5b50d072d5c9e4712c0c59577c1f

SHA1
be0fdb1acadb501610ee462f9e933f4a7c824445

SHA256
540726f2c18a59fa93c8a14375baea8b481a9d7d03887b42bc89af83baab81ac

SHA512
48c94eb6465ccc16d5ac80fdaece287ae35e13199b6cdceb9d595bd8c963247daa1772c3c1005d4a0896bb026b461deca9004f6cb87fe70c6c47c34de56e863f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21d627730970ea5a78e6ae2fc247b540

SHA1
04204710696ecfb5d4067e9dc2806b28d19c56fa

SHA256
3b2683bc356a2cf6c927dc78377d60ed121e46448e1bbb21a1b359a27b2d160e

SHA512
2b5260279bc08b1ec1febf272d590f7b30a5876b39a50bfe4208bf2dca216f3fb49bae7964faf811481a3b1f6dd5e6950df86e13f495f1f7ea79c387119764be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
35f77ec6332f541cd8469e0d77af0959

SHA1
abaec73284cee460025c6fcbe3b4d9b6c00f628c

SHA256
f0be4c5c99b216083bd9ee878f355e1aa508f94feb14aeebcfba4648d85563a7

SHA512
e0497dbe48503ebbf6a3c9d188b9637f80bccf9611a9e663d9e4493912d398c6b2a9eab3f506e5b524b3dabbca7bb5a88f882a117b03a3b39f43f291b59870c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
fcf7bd54626ac5cbdaaf795441d93e29

SHA1
5f06d452823471ab69ea9c4af4d2564695ac7980

SHA256
6ccc635f0bc83d3a40e1b1500514ce9f2d7b2ec4d2bc81ac87a39d091b5e3369

SHA512
370d80d03b85b34a75340e2f7ef8ca943c1572135a8336dc6be708d1b74986f921581131f7d9af08a4f7d14fde02783443c99ecb8a8dc1b40b2883017d7c53a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
1fd2ab9a7a0866392386f81aac93e4f8

SHA1
6edaf69cb11769c904ed577413bdbb0d9a8163f5

SHA256
fb709c3cbcecc9f274aa407155ae8c704b8017554fac050ac1797ce2f61941ac

SHA512
beb989f6929b737ec452b841a0fc1dbac5620773cd3754363b483b9b594b73b6288b23b5ffd88d4f966f92fe36cdce05708d44ca043d6bb06fd3cc8cf0a30f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d561.TMP

Filesize
204B

MD5
9b86f07d55933b022cfe0a1a7d45ae5e

SHA1
562665df56a389c83677c3e80507baa098c1f57b

SHA256
b6b9647884cc689f470d9af463a993aabb2c0b2c63ae498dda6df7c5a3594fa7

SHA512
7ada1432a542b30200a98b95b25a27b2c8e21ff58b2dd10d5eaa21e570f16c385c2ebb498d74834cb1fee7b1dd38f0f35d4bca976ffbcea6bdd2a74f1e04840e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f56044d9f50157ad9d79c840362eb5df

SHA1
29c1df6a76a6fac3d583d4fd4a0dfa24d6b66833

SHA256
465586cdc41880706511a3584a84a3b84390dacb2d15970173915c8a3c093670

SHA512
38588cbec962b6e7826d2d5f83739a7d44be4a0f81ba1f2d30d9a2234fe6b2abb00a26df45a618c4035e5f86caf54e50ad7437efd2791fa202982ea35e90ee9f

Download Submit