hxxps://www[.]facebook[.]com

Resubmissions

15-04-2024 12:07

240415-pajw2sgc8x 1

15-04-2024 12:04

240415-n8w4lagc5x 1

Analysis

max time kernel
101s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2024 12:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.facebook.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355664440-2199602304-1223909400-1000\{DEFF59C5-3DB7-4532-9D0E-5B787FF78C03}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
2036	msedge.exe
2036	msedge.exe
3012	identity_helper.exe
3012	identity_helper.exe
3960	msedge.exe
3960	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2036 wrote to memory of 1020	2036	msedge.exe	86
PID 2036 wrote to memory of 1020	2036	msedge.exe	86
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 3828	2036	msedge.exe	87
PID 2036 wrote to memory of 1104	2036	msedge.exe	88
PID 2036 wrote to memory of 1104	2036	msedge.exe	88
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89
PID 2036 wrote to memory of 3652	2036	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd96bb46f8,0x7ffd96bb4708,0x7ffd96bb4718
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,8019027820144725995,1415950641728694475,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
5b1b948d51337905facc0b3599147c47

SHA1
8bb653f3ef007b1d778393aa446497dccc90e121

SHA256
cbee582dfdd0b9bdc67d6f9d199bed9ed0837966e653119588a4cf2f3cbd3bf7

SHA512
d78459f3fa2346ba4eb0a458f07dd63cc32fb5755ee365baa524d7856cdf08113f4e02ac7311daecb2904520cce4a7a5b25b9a48c9d9afc03981ebe7706d03d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
16KB

MD5
fd3f446c3cb6c56f7fc37fcf2b7073bb

SHA1
9eb521c686decc629eb4f76679526904b6faecf4

SHA256
e21b6742eb1ab84ff25fcb3f36daf76dbd51ad0b22d0c75def43a2c2844baee4

SHA512
6a38d94c45c0685a5da292273addb846124e425fd1f12d9a5dd60dfb2047f3bf0dceb19089d32cb70d88084dcdc4f43834e3dadb22f6096e63bb6f1854fcfafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efc33a92bc323195_0

Filesize
63KB

MD5
f58f69929ec7ba5ea13ab6469054e511

SHA1
db7183434e7173f26c75393d37189491660248d5

SHA256
72b0935ba45815516f8293849186dc2066fa6e2cf8073fc8599d8ff260e4ca6f

SHA512
20a1727c083e73bd39c71535a3ac13aeb484b31030ff0fe8662573a541af7653c6e3832e89ff3288a4f982c3cc94b590f49d79bd363174d0091d55f51bb0417d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\efe289f983566479_0

Filesize
284B

MD5
ba3bdeb68bc65189e9ec936998abb7c0

SHA1
3c926e3eddbeae33e240117f68e194a0b52c3249

SHA256
9279fa37e9772642f8f9beaeec19b9e6071677a028243ff66843ee8c8aa3e5ab

SHA512
b1801c0af349cf5964083f507cf795cf030097ff1e17e755f381e20b40edea52b532a2dcca2e728808fefbc9c2f6fac06358edafd1337cc807163adc3cde53e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f760e14a4161c7ed_0

Filesize
10KB

MD5
836dcb16ce15a0e4d74271f6bab5ab69

SHA1
cb0c41705f3617071631557cbbc9629ea5281c78

SHA256
726dec1ae5a529589b3ecd1ab2dca4d240ce6a6d01f2c8489eca770da7ee2e5f

SHA512
47f19e6f9290230fa6b13ac0646e2bc663c0037cac0e117ff072f1970f8bf29aa5aeee2b697c51cdaabe646d1b40db343f7451e24654e45a9f2098618fb1f37b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f7840c90f677cdbe_0

Filesize
75KB

MD5
036fffa25bfa16bae78c93f17080a8a2

SHA1
82d5b20907f0a969003c455f78aedceb0cacb015

SHA256
ea06033172a8490f7fb1fdf47944008f506479c87bede4c30bddd394d38ac03e

SHA512
3c8b000cc8079e2ee60bf59b9fdc993cf90874d7510c493bc6a1ba1e3211886861f7199ad827fdd4debb3c7c03cc28b011197d6d32db7008658066ac921f8618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4c19b943ac43221200f96bc81caffe88

SHA1
f3768c5a02b6f731a394bfe6338651b7b122719d

SHA256
ef7dc6fb830409964a066d359104cdb30cea074d2f75783462b88a81d2bc1b66

SHA512
5f905490b32f1f22624e797606c2d8bf69382a578e11fe076078277304c685890d3b7f49d2561c955a042883b241ede369d2bce6c68f021ddf177a1c56d5ba7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
697B

MD5
9e83e66fcc635f78a3ff4531eb72c85f

SHA1
722d29e8f91d9c8423c3a9d7c68d9d7cd636e58f

SHA256
890ad2163ed38304e847889a693acd966726c96d44b445dd96a777e8d6c85047

SHA512
84d22e28c3ffd0629b6900ffa9effb14ef78b478b7873349e6f40683c08076fc6a3eeab7879b262484758c80d8df717bf22cfeb326ceeae9402a2c82d2430790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
33932b461c8d1241b1c6c7d12ec96c60

SHA1
dd9e35db387fad55f286f33e62181daace46d940

SHA256
5bb3c04100b73682061f9366974cabfd4109470785bbeeb9280a216890b001b9

SHA512
e03e6554331877f863a816b5c7f261d28ec183feb452802e1dee4d54abfa4cb381201a687f0939fdbcc61729ebf3d340bc78cc117983fa42e5e7923bdacae5a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09cea365ef082557bad39eaadf61673b

SHA1
7cf46ae2a096dc7a7a63eb2a307a06c1e8d5de00

SHA256
b1a46922dfb587260ba9d15dc4b51adf9c0bbf5cfb867c321c4d53671c167051

SHA512
6db64c6b03620de6a267c72c914b78c300987bc9a11b9f1c3a8545cb52fa323be06e47da8ccf50d4b9c7497e0752d7465f8f646256522b769e1c34c38d5d41d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9b73fc15c821f1be53e42cde347eaa0

SHA1
2af01b1ca54b9f9566afface1273b2e851913e63

SHA256
64b86b8d84cb62f1af51b4979a4b9003072b259779a9cb67773f59ff7ad5bf92

SHA512
19c02b7460777922626babe2a002b0dd7dc7887fc3d21f1f3e777a58e3c6561b9b39ada6ecdf0c09586ad1e4b7540086bc3fb02fbe510e02433293ef8e9ed1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
94e0a05af67ff24763b3bea466a36599

SHA1
06e9fc7d0d43e5043e135b07289637d449d316df

SHA256
3448f46a52bb80f826be8a7f1abe7b73d13131a3443c0b0eaa470c2f8c9fe883

SHA512
77e5ece43e5a3c1edd546801de6cfc057f16638a82cf68c37e85299d71f2ad3c6158b903f1a55b71653623518289e335f985ff37c8bb9da62591af3ccd925bda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8958ce41b30a07eb8cbb5750bb711668

SHA1
ad9f9eee09b34113e3b26b214c5d52acd6155eba

SHA256
75e2b96c9b7842a0c1444cebf049162330c832c250a03a47c158eac691d3c520

SHA512
c75fe3b3201857ee395f3dd22f508208aaa4ba75db1253f95a1c7acb07e5fdf12092e728f46b27a393c301fc159fad6994de6cfcc2d38da33fc3f4daccb019d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1648997adfeaf71fa086ab7dca8e5548

SHA1
957860d92c2be101b24b143cc40f3780eff65b0a

SHA256
0df23d75d0f7d5ac4438f1d99b627490b3307232164c998882d651aac32a9a63

SHA512
c1ea2ffad7d97eb26b2885c536086551a16e7900f5b8f6af138edee7df4c647f3a5699d53595a01ed3440bef061e14a419617497dc4b4c1cd95b1a914b5d3133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9c6bc89ce0785bb6da05c2a849805868

SHA1
9a4eb91a8b0d3661258eb0e8d331a9788819a867

SHA256
b48c58d31295a1fafa865bf66a4aac877baadc43553e6d77ed7616833e8eaebf

SHA512
45df8d784b94e8bc88befb089083ae01ff9c5b504f75169bbba763ef7eb3e8f8faaa02891a4cdd5295e61df185f3c1ec3761ffaff1d5c85154eb31aa2b2d8e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f23b6fcb3b756f5c9e69bdb1488572c

SHA1
53f28f6437f5f7433a2821152cdb4403f26fdad7

SHA256
c5e419f5d495b83fa9c3e0adf21d4e7c89bddea1a7ce3745efa51d19b0e45228

SHA512
73b56acd00fa911fa8b46e6e28b12777749f741b90866f27aac35ae04b59da7f6ead3f7a525d94744c3c59fcbb5b75bf3edb6f1c7bc135aa4e13e9e4b1d8b477

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7fc986ff95a7696f32dce3cd5995fe50

SHA1
fe5676a7ed5e8cf25e022e8c5f1d9f9b7e045358

SHA256
4c448cc0d03761c698b336998710fd89db99af7488d9f4274ed26780efdb441f

SHA512
31097dacd9a3287c340c9cbaa0f753c9318635e82e62dd074e276034fd479d66278df05163b467c7b905444b6ad73033b62e2bea2c75d3920e12e5516e0f077d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fa7df16cc5c5ad2ee8a2ae8609894178

SHA1
ca94feb280d000a40950dc10ad77a2af7f037c08

SHA256
cc985441deeb9eb9a4065b6cb8168928ab7092e12e7a8e3c089f0610d6269820

SHA512
3445a42d9f1fccd292285c1fab33a1d13837d1bb708fa0fc2178229a725270ddef19b25351736590cee0f629838aaa9562012b873a6c39ad76f20dd9dabd886d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4817dcdcebeaa091e5a7d7cb16f3ecbf

SHA1
eecd5a71a1c7e186e33462c397da1e62d90ddbb3

SHA256
e4156e23e0531ce289243e998ed05b67323117e9bf0f377382c94e037ed88c01

SHA512
b1546e57162bcef37d911358bb48a1fe077ae6ddacb4f367b3e1ed462333d7f8116dad3a16ae5382dcded9e6d33e62812bb5f054c6ed3642a7a36e1eb32791bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
538d603c8a04f654c8eb5be716d637b9

SHA1
f66f64bc826b7371ac14c2f23e9dc77dff31247d

SHA256
61bd33cf41a7a3a7b3b2120aa9c4d34b9cb92ad9b7e39f31b3a8dc1052c7d582

SHA512
cacac9ae650f3e928797b87f9aca84493b20d3bb12e6aebf27f4c354adc231772b16713cd9fb2cf8856b3d419f5825c3c806ae3f5c1fb8c308f176b86b27e7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a71b3bc7ce1456a2eb69d4698f33d4d

SHA1
4dc5df8cbff01e7c038df39099a8b412d29ceb40

SHA256
5695117418909eb18deb9e13bfd80917568bcf06d1018a202b0b58143903cd73

SHA512
e2f5b667a91eee27caad6a0662360413a088eb97145f8b162a28b24e76b74e647304313b5588754e9e812d014c99f8b3747b450c8cc89b92de07e908dc2f20e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad86.TMP

Filesize
872B

MD5
9fe0b5e74e3694a0242488fea4977b2b

SHA1
655f743a866de2994f9c4aefce02e04677e05eb3

SHA256
9d63aec9d06f04f21db244b7da30f074a86bdec7a6f3b0f2727e5415c52d7aad

SHA512
6fb0295a63612c85e952f536c2af271c30984870ac8f68bab9f03405bff6ce3a08039d04363386ece43d704c38efbfd73cf5bbfccd63227a99cf86de59fc7ab2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6d4890a63911fa18a8a9fd9000ae0b50

SHA1
561dad5d25f4e5f27d28ca4f33c81da54a6e7194

SHA256
43aa0ee34c31a5e3e2771018a90ccb6548e8aad1e105fa2e661ba8e067a681a4

SHA512
029d0d187c5373b384e3c3d6d74535d9e5f6f23bfd76185b0fa1434402bf8fc7bee76276f606fffa31224d124783a027e0c8bc637c2035687dbe0a9d916f1353

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit