hxxps://www[.]facebook[.]com/share/p/wZX3uvy22ZFvJPnw/

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.facebook.com/share/p/wZX3uvy22ZFvJPnw/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2912	identity_helper.exe
2912	identity_helper.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe
3820	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 3008	2920	msedge.exe	88
PID 2920 wrote to memory of 3008	2920	msedge.exe	88
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 2056	2920	msedge.exe	89
PID 2920 wrote to memory of 1920	2920	msedge.exe	90
PID 2920 wrote to memory of 1920	2920	msedge.exe	90
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91
PID 2920 wrote to memory of 2536	2920	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/share/p/wZX3uvy22ZFvJPnw/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed2eb46f8,0x7ffed2eb4708,0x7ffed2eb4718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2852 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,4600946714950251928,9613185898000182725,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
  2⤵
  PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8fc486a3-2c15-4153-bd2c-770dd2d74839.tmp

Filesize
5KB

MD5
026e771bef5d6baeeae4849ed5d36fa9

SHA1
c7562b0c8f9c9fd89a3d08fa0ee145fc26dbd1b9

SHA256
def621fc9c40e7d55be64846bdcf67d1d78f19333a96e81b728392a48ff3ad5e

SHA512
d48a75d7d0087c44e36e93436da84dfa6f57e1a6f82ce53388798a65afead279b4bfec3d5ca6f6d193fbcd1e70660f416fa607b01e833aab10c054262d9b9c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ff0ffedbc19cccdbee013d1bb910cb3f

SHA1
9aa50fa0060c62403726a69c0ab1d9f5d598df3c

SHA256
f28fe916cc23f4ca0047e31131033134f27dc7669b8ac516ea83224e6903fb1b

SHA512
91d92a793d94dfc48a3be3ec16351d2b768fd8665aac9a573f4f120ca64303d3ef1de6b38b3b8ece9e0e3566e336b79e881552e8d72051d1516f8249ef59d334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
68555d102d864b5d722693e2666d9147

SHA1
ec388bbe954a7a113cf3e8f2d4af88fea27233e6

SHA256
605a5e21ae62bb5360fe6a03feb6faae8a2cbfce2756e450fd1d6f8a42e8e8e8

SHA512
0216ab65659424ee362555adbd798815150642ab23c9e6b94d24fb48ed55437e1d5173006b7000baca1534786f3fea76610996c6bbe0b23940e11340a8bef265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
634B

MD5
a4a4dd455e5e087f81d0318a05de132c

SHA1
0d5322842c2e562a50aa490bb960dbaf0602d863

SHA256
765afb509263e4fd0f5d8275efeca6fe4d7f60b551662d4756f188e86d2a92d7

SHA512
416d3f7af8fdaf7ff1c2efa82938ba9c00246bc15240ecb091427abde7751beb4bc286513a7d3cdff85779ed31516652f0c6ae27352713ff338af5cc677d5a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
691108d681b8ac21e6c7ff4d0f2bfe73

SHA1
1981934f00f4012130eb15a4b15a0f6bcd27333b

SHA256
efa07fcdf5ec20e8a70d0aec54523f985b0c611eb8e426f9b9151ef5518ac9b7

SHA512
4516e716d72b9e92738aa9161ce9ab80b2c83cf036fd4aec4dcdc9c1ab9b9a06755c0d3924a12945c119eaa9ee6b3cb40c4c7a397aa1cebe99784b13e2e6ec7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c96ce9f71b1f6bb6c7b8ef6a342c44db

SHA1
c34f97667edfebfc9a5b3497624f9a32d4317d19

SHA256
35a1632a6dce59e83572ea03e8c8ce208b3e3a717d1527792548409e87463a5c

SHA512
25d4bf94109d5c3583cddf6efe22fca0b030e5fa0d75e4fdbf3dcef812228e9f1cc846b5ffaab1baa0a516edb56c50c0ddeb0a00745fec5152f3d6d1a794c500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce5bc83cc50f3837b8c1295fe20ee828

SHA1
d22f0dc30713948d33241fa3ab416e0b7511da30

SHA256
20fc158b1770bf5fd05f0f917c7c1b0c9f3a96e828d45a1a535cc534a4b0efb1

SHA512
0956c1f09246e9b4cbfa9930e538cd1d2dfca5cf91937447b78dcc2ff342fae864c369bf3bb1b6d9175fff718a6d6f07385365bdd4f28c2b879611c30f57dfe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccb3c33c501d0ba0bd8d44f61c930ae3

SHA1
840c50d080fe13bd23970087fb9e04566ab3c3eb

SHA256
9778818312cad82615ef83eecf9ba4e120ec2ba651f5c9860a6e45c1b9126932

SHA512
89538b63661fb270adabfa823883c8717f6199c157be59c2e97ebe358769b618ab419bb2c58d4bb090abe8e3f92006d2f6fc7a7f5bd657ab72700b6dad954b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3d352674c8cae1c4291cdbd195b731883d99e567\6883b1bd-75a1-4d07-ac3b-3840127d8434\index-dir\the-real-index

Filesize
72B

MD5
afe64598d0c13f5e13a351ff1b13a959

SHA1
e9ff3cb1e412ee66b66515142a30c8ea83e454b6

SHA256
c333ab6730cf7a85fac0768f665fb1e619e0da7d7824dd5f49833f4b7a1a56a3

SHA512
d8f78148f3e7ce0b9463003e209f19352c87168b9b1055567af1228164c74713c6818c15d1c65c8ccb9ae4e1b07e76c85606e3a232344722b6bde6646e5daf31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3d352674c8cae1c4291cdbd195b731883d99e567\6883b1bd-75a1-4d07-ac3b-3840127d8434\index-dir\the-real-index~RFe58585c.TMP

Filesize
48B

MD5
da79d26c22c5a0144fd604e43284b8fd

SHA1
c463151aa38fe9f859370dd9eb875cf7dda1d099

SHA256
8d975172bd87022a3b353f841225847c35c14748a05edbe5c965aedc877de8ef

SHA512
52ae37a4c747da047f350f19e80a78aca849aa05929c74565163d13698afba2eea07dd4d1d315eaf4fa7aa248c79f3559b282ae5b2427257ac43204d278fff39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3d352674c8cae1c4291cdbd195b731883d99e567\index.txt

Filesize
83B

MD5
f6ea0c08090356924258c01cc49117de

SHA1
db5357b47fe4797ffeee6d5dc8fef60c379e8453

SHA256
0d0990c20c83379f12586e43a5ee102f3e36186dda159547472aea074af7fd9c

SHA512
3ffe5d74da0ea4a01126a4f7e49bbb9e91f804ff95377e02ca5c1c321289563d78a10cfcb55f1f5e46dcf03e75ecd1af112d981a0091bd89aff1c2363b5c36b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3d352674c8cae1c4291cdbd195b731883d99e567\index.txt~RFe58589b.TMP

Filesize
89B

MD5
a3d9879cc5d86d839517cb4ca07845a4

SHA1
231515f20d8b95d45beea9b919c6cc0696915e2a

SHA256
a63b669ae46b704a3d2468764b9d4d79c07b2a79731d27ca5634bf327a00c771

SHA512
269f8047aec580a00862a7af157371619a8e4d4ac8e0146c6433b3b1bd8af9fd68a89764080c700836c05911ae089feaf96bcade19164371128294efcaf12d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
67d248f9f98a2df705fd9f94d186b5e3

SHA1
4073812412e044953fb76daffe815a182c728ddf

SHA256
be3e8ea0e629d2ac040e88b24fc08ccb859855be3d3240601564635aacd9491f

SHA512
feec7611b5978e0ba7dc285c0a2906a70eb2de3c1a6e6be9a4346cda99de9100b915d6f250ee6f7f10c4fd786df8970c963cc94a92d7c1b96dd812f0a6f3bdcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5858ba.TMP

Filesize
48B

MD5
409bdc43605bbe94b5f485f1f3ed8321

SHA1
81a96f6b49b66634c65b6de96e760418a766712d

SHA256
e05b516b00c3fdd3d4cd62fe8a806ace1cd8a9d663f63534d4d7fc019dd814e1

SHA512
612eecd186a77308ce2fb89180077f6783604ed912e83b3421e43bf9ae209e9294406e66a7494d95f555aacf2602f371d328135a15b55c02a64f4cdf6153f567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
31ae897b5c6b965ce76485a2ed1ef085

SHA1
ffd7a1eee0711617cddf09f26fc5209b3d7164ec

SHA256
1bf836384cd626c58b009fd88f75ea9e4b2c912712a23eaf24659f0b7fca8416

SHA512
eec406f11302e38e74dee67f747dc6752114a1ceb85a428d090bfb7b1ff9b6b3bd51b98ef339541d0f6321cd6581f283484a15ccb18b755426d4eb28f936c9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
0fa5e492864db3dee574db360ec9563f

SHA1
072418d3156ad33539bdae53a96e70c012ffbb5d

SHA256
e316cc85639aa05341f02e8dd35d2b747ff27c5b59ea05ca984e59ca355a5872

SHA512
1baffcc2618b94450c62d66d233acfdb8533477af87326dd3ca1d709ff0e95797187366275660d70fa8030c23e477dc4050309844869ca6990ec5a4bd7f9d883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
79834a84edbf90aab6bf28de84395cd6

SHA1
c08c4dc04753f46e57c1a6efd7e01c933c02cbeb

SHA256
9916e10fc1f4cb3f824f8c80732308bd77d828fe41fca25bc784e648b34951a9

SHA512
d8606607acbf55b691bcbb745a13f4b17e4e8949a2adf1506ecdac413a41f83a221e3a18d96e0170bc97153f5b8841295001c02b00fb4738d790221339ad0de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1bda0102053f89cd22666d2fd0991e7a

SHA1
7e16f702803815dc369a2eb6e4465d1878d5798e

SHA256
b5ab06395b4b534bece9df824b57526ed6c94d5277be5f2f1c31b645e541e99c

SHA512
a3f63c88d186a77deadadbc3d3879134f02f94f3efd26f31b764592868e3c6b807ce3d16436296dd75494371f14ff235cac42a8f93c4e3987481053e42295f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
75d020623f55bf041de0a6d5dfc9b75a

SHA1
5406ac7e1d991a23444b8e2df1e885e01d262b0c

SHA256
4db91df31ed354c4967b2f0331b35bd056ce2a9f336943882c0072ae70ca8019

SHA512
6481d4e75ca6cd97efc7b866bce6c7b3e896df94d2cd23f58c6cb3399bc2334707c43233bd9e114b81acbd6e864e75ba23265dbffe66d3328e6ce34a154c0c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec35.TMP

Filesize
705B

MD5
4376f232336bf028e83c6139642c557e

SHA1
705856aa4494ddd51c8dd5bbf09910c5952818bb

SHA256
0f4b541bdeed4dd6f4ff17a82a0c43685b6e0183b7b6c0c89cadf03c029a97e0

SHA512
dda2b4d16844006ce1919bdc4027c42bd53c798e9dac0b5b1fa6a826da4176024e8af6fc74c5e584672645df08719255aee8d1d46619bdb3f0d62224164e581f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f98398215afff134836cfe1650f92a8c

SHA1
c5b38f1e8d3025c98581c2c0cc75d09097a4b614

SHA256
6d23c8df95f5027d3813db44f45f77e130726d6b55d25c852bd485c1399af183

SHA512
8e5023393f9d649762d93e1f8e5fa06f91c147372e355b41ef8f80ac00ab6c1eeee0edd7b8aa14a5e5aa711592cb91b86f2716caa3dbdd262ae798bd8c75d65d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit