hxxp://Google[.]com

Analysis

max time kernel
235s
max time network
236s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 14:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{65065C8E-EBAE-4175-A429-B6196C080E11}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
2156	msedge.exe
2156	msedge.exe
4348	identity_helper.exe
4348	identity_helper.exe
720	msedge.exe
720	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe
2156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1812	2156	msedge.exe	87
PID 2156 wrote to memory of 1812	2156	msedge.exe	87
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 392	2156	msedge.exe	88
PID 2156 wrote to memory of 3560	2156	msedge.exe	89
PID 2156 wrote to memory of 3560	2156	msedge.exe	89
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90
PID 2156 wrote to memory of 4388	2156	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffe9e9c46f8,0x7ffe9e9c4708,0x7ffe9e9c4718
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,9932514319856070637,10613672743722371552,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8f38951143ede15b2f00d3352e458d47

SHA1
1130065985230474657d5f744e99312f22c69485

SHA256
3a559763ad1634ef40108700025a909cc76ca8c66d6c77f41a07e2ced4c9ff65

SHA512
5376e21235d1b828a0d04e35d26154a1e52db3fe02690fa272ba982da55b88bb0ab7473e6b2031fe8d19798abefec072e22542132b175912b31279cda6f15f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b533661b945a612876de1e58ce73d065

SHA1
d93286945efeb7f33b49f8e594cdb264884c827e

SHA256
e5480b47432d7b0ca972afe477fac49f5fc1e8e82aaeab6401de99045949bd65

SHA512
672bc0f694e763a8597eebcce7728716a09515ad17854fae58d1f8df8aefca152eaabfd637bbaf8acae8e7936309809525a9f058a990148964a58c831d96dc4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
36KB

MD5
373cd53c408180c939165335e627fdb1

SHA1
0e0978e79b93bc3df23d73c042f6b5f8c20ecdc6

SHA256
c884b19162a6f5a0cd8fff61c5ba35729a2bec074dee7f1b514f60a5abd77909

SHA512
906c2ab56861ab8a0fac560c3b508f69275eeacf294bc4afcc20c40fe1a0e8cbc16c7535b17ded0f3f8bbe4a336f2899139411708103a2f6c0d8bfe1be4d2a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f078f5fb70fd150f_0

Filesize
4KB

MD5
db6393715034f3ca4c0a6a7a5c67bcdb

SHA1
0480ad4b77439f82b278776727ba2b85d22cbd90

SHA256
04bfbcc07f34a7c747f84361afce44521c067ce11fbdbca66311a7a04bf343c6

SHA512
2994687936a72de2e0005a3c918a678a88f1a467c87169c9df6e204873ed3460e31b4b855869f9459c9c81a8afafd7aa16efaa9d784ce2f51bfa21869413f4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
fcbe8820b395dbc3b5ec7a1f5ef915b7

SHA1
966b49ccad81f256ef76dca75dc9d18c9976ab36

SHA256
69a76aa55a7c56f249c2daecdaae16a49efd81c5407e25fc1f7650b779d3881d

SHA512
e121bac4235e8e0e9509d0d3272d0d0f87c353463074302536f37f7d6cc6946ecb70947b1bfe939789e5f20f2cebf65e477bab78ea0886fa71c31eefc30d35b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4b8bdbe25d01f10d607e00b5bcb37515

SHA1
06ddd0836ce9edb525fbecd3ced0319bf258c5fa

SHA256
9df51a5c9126e536c0f365dabf74ea8671dd8e6cdd0eabec1ded4483220ef16d

SHA512
e1ed79e73c18919d33fda6252e12aeb9f96f7db0650010761d2eae583dee15220ee4e3a182a9833819a55b0bdf621e4339692a4118066c92962f9c312c8ccd0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
77f97331f461d828fbd92c42862e6f8a

SHA1
2e9046929f71b8db77383630d7a22d56c97c3e86

SHA256
3f9cf163c52f0787487db62a6b7ac23fc92a446669bd496d6cce56af8211236a

SHA512
daa39db5c143908468cd27189e61dfae8800852d5eca0f892e722042789bc0220dea16009767123e1d35ed84bf704016c54939827de4565f84f18fccdc03908f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0a623737dcca169369e4f11f1828972b

SHA1
9314ec6f982f28fed1dc892a3aead3e847b4cbc2

SHA256
8b2129ee00f9b2ef8c1f4328694202cf1f8131f9277255280f11bed876c3a716

SHA512
69ec168f19e13740f9e0a435f79ffeb7874f0f694023c2cb6f3f08e8d47f682048d388a7390e2430b473b99a3da679b42ee2f2d0f85c9849e208f627aaea952f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a9950843b3a4eed2c00c21a63ae1df10

SHA1
a2c4a229a872cddca1d13f63cbca73e9b514c757

SHA256
7375da458f837ea2f170ccfeccbad9a31f4616d24f48122ce36481806d2c4bdb

SHA512
4ed7e7756ab54c45cf9460ef41b3c981656a84c66ac1e52c3b5b22e0861e88c411020a66b3249a6dc2ec9339b14757ff9587b7ca33e0d399b294b3f1b0a22801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
633b15c7811fd4eb1bc0ec3b875d602c

SHA1
c646ae0964ad221772794b7421217de7d7685e73

SHA256
7f0fde17e8cc0e9410edebcabc70229c8e1e3fc40cc2d31ae6056c480a18458c

SHA512
c857fff769c9c5b7eb16733282c293603ae05c83d221e1e5ba48847890d4a5f86ae61bfae1787644f93d397f4772ba8e94c2a7b6f78e0e34292a05efd2941db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
716e9441f791a8f0fb64d3d6404f7c26

SHA1
acc7dc95432f5e25a58154af9e1ab9636df1d2ab

SHA256
49b53dfb54e4cdd98a0c320f008dc959ace5aa4012391dc244cff941db88bd66

SHA512
098ea74e7819e0d3d183abdbd8e0cc67c251f7f150f7e483f902ddf6fa04697283a06d02d12be490a9b961c20e3ae2d1e97f0177b245f58685addeda152f82ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c0a372274f2d06b853e374d31d76c62

SHA1
44d3bf4c1f9d8eb613170f4413430daa72e89bab

SHA256
9100d89ca3f0c505fa653a96fff344fa14058ff82e00363f395e7d632b082c3d

SHA512
f8c5e7be4ac6daa655bbb842441b77d665d8397004cb2c0df07a91244c34fd79fe2bc51226b54f9b61df4e7fbcff63a874d7e919640bd4d4b55c506a2da78a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b872ee215965b7d40e517a63fd1369d0

SHA1
6899e82093367f247f3ee812e9e1f24e10869d95

SHA256
efffc8cedf69a79e26415e3bf5199c989124398a0e0079650ff9823ed3b6762e

SHA512
7cf08b28a0da22684a71edaf3e782043a29ab30621db050ef55e2fbeeefb7de9f1f7200421d3c975a2dc960ff01a0a9d28991bab941987e0943dbcd06bb07723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
eba8517f3652641367e901d3a54f7581

SHA1
fea9f4fd8d38fa53f21cebbc148d48fb07fe13c6

SHA256
2d7c268095e786a3e6c729a4503a10709df851a8899197637e6d42aa11fce388

SHA512
da857ea24ab0a1f4e1eae0a23c1b50e86c5e4c5781f9cff94eaa20127671ed5b1ed681c9b626366f155ec89e767ca11554a77f0f4c3a42c44cf821654b483517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0f3e7597e0fe90f4ec0fba51319f5314

SHA1
d79718e72f19c90ec36e043d9d10d8c68851b431

SHA256
7ddcab153eda20586d26708b8e7905495ca239fff0990cda2cd007795ef252a8

SHA512
3467db81c57314851543a508b329f62d9c68c233bf8cbe6386c24219019c9706ad81f6f555bd396b11bd3bde6db34d454646cb3800af27b298ca27a0b8f3f6ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
884d4cbef5b2fcecd9037c00b1db5ce2

SHA1
83e5526126af30a153f306362ada078152b3bbcf

SHA256
096ffc8517a447cae87aa0118554bd55a7b4f19a5f05b05306c32796f28be463

SHA512
144df5e9ca9ac339e9debca90781e393d88b3274d64073dc486936c8e06746467eab6d289e32066461fb0947ba8bd9e12b06fe2b5eb48761a3840f9ecfdd4296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588edd.TMP

Filesize
204B

MD5
34546f8dc4eeac3325cd60b0b763e20d

SHA1
abf28c66ffeb4c6a791b307a8791b87f95e4e2f7

SHA256
2d87b56e2b44c6e249e66db078c35231d727968077eeef11adac4f22aaf8b279

SHA512
0fb5f23c7765bc6256bd9ef3405be0df184de4a0f9027e788673effe6ac45f314736e771ef74892cd6c843f14cb7a26d0ad4b58dc12ccbd9395a4c1821085e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d6bd72f0e100e3c9c3fb3d0029a79df0

SHA1
6bf0821dbd6363cf4a02adf64416d24b6eaee9c3

SHA256
43c767e61f137fac0cae4b94d35e13a268007c659af81d476bf34b7d6d352f9b

SHA512
d4156c65b920c2fddc6e78c2cae8cd9d52ab410c8c598919667b259c10e242d228216632cbf813397b8dbed52cb29afecc8def29256dfe489e431d3a1c0b3c7b

Download Submit