hxxps://is[.]gd/swq6cZ

Resubmissions

20/04/2024, 15:33

240420-szhl3acc5v 10

20/04/2024, 15:30

240420-sxm4rsbf58 10

Analysis

max time kernel
121s
max time network
127s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
20/04/2024, 15:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/swq6cZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4608	msedge.exe
4608	msedge.exe
3036	msedge.exe
3036	msedge.exe
528	identity_helper.exe
528	identity_helper.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2888	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4608 wrote to memory of 4920	4608	msedge.exe	77
PID 4608 wrote to memory of 4920	4608	msedge.exe	77
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4488	4608	msedge.exe	78
PID 4608 wrote to memory of 4272	4608	msedge.exe	79
PID 4608 wrote to memory of 4272	4608	msedge.exe	79
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80
PID 4608 wrote to memory of 532	4608	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://is.gd/swq6cZ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd46623cb8,0x7ffd46623cc8,0x7ffd46623cd8
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,8025397142671693682,10277935865879177663,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1240

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0fcda4fac8ec713700f95299a89bc126

SHA1
576a818957f882dc0b892a29da15c4bb71b93455

SHA256
f7a257742d3a6e6edd16ac8c4c4696d4bdf653041868329461444a0973e71430

SHA512
ab350ca508c412ff860f82d25ac7492afb3baf4a2827249ebc7ec9632ee444f8f0716389f0623afc0756f395cf00d7a90a0f89b360acdf72b1befe34eecb5986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
21986fa2280bae3957498a58adf62fc2

SHA1
d01ad69975b7dc46eba6806783450f987fa2b48d

SHA256
c91d76b0f27ccea28c4f5f872dee6a98f2d37424ef0b5f188af8c6757090cbb5

SHA512
ae9ba1abe7def7f6924d486a58427f04a02af7dd82aa3a36c1ed527a23ec7897f00b0e30f22529e9599ae2db88e8abc7ba8013b426885aa3c961ee74678455f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d6ea91fb0a8215546bcc50ccd4f3a7b7

SHA1
1c4ab42f52b636703b096b3b932e852f9dc1aa41

SHA256
46f62f05c0749dad2c369e43606f6845853a8c74ce21288a19dacace66059b29

SHA512
9ab350bcd4ea5d419d06cb6e6d8fbc39a066d7d3d856661cd3e55ee09b83d7cc8b3a3e06e6e48014e9e888d8501e517e1e7c1644e6e6df747a50c5351f2fe265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0ffd0afee709c68739bdcc35115d1642

SHA1
274c17483673113868128d8e23d103f92b2116e3

SHA256
d28e581a2ac203c7843c8ff14e8d6651b0bea568a4c9f309023e702ce444e7b2

SHA512
77a9240acf104fade304a95858c54ffa5556a5bcc28e03e889e42a9c0951eef57ff239424331a7a40fdccb0803229070b4d4157e4881803d27612aefea179737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1e427f2eab20849b5c18df0ad7e91b97

SHA1
ac47349c19420bdf3d3bb55f1193c7f4dbe0b400

SHA256
3906db0e02dd044e8291366685777c7471fccab475aeaeebdc570bf78218bc41

SHA512
50bcfe4ba8ce89818742870104710bb5b90e9ffe95fc9c815653a99fc4801c5401956425730feb2fd1cd45e3b2739c4dbb0cb656cba6813fb83f5c16289841a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a0c872700ae253f6261ba2ec351fc6de

SHA1
31ea8cf09bb3d8efce7f54e574e6ec952fc1b5db

SHA256
f607ca74b206fbb70d9774bc6ae7562c93653a65a4d99ffa4c19f9b8b30caca1

SHA512
0abdda03fc527844f985da57cc357e265084a44eba317d5f8a2f7ae7b89fcb91a346be0ced705fc74045df7bd47502c8fda0ed991fa341f68604675b9d0661c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
514d01b105731af5ceeac00b296cea3d

SHA1
f9708310af6cc69a44eb57434ddeb53bb36c02d0

SHA256
c58b172c6920017650a5040c34c0b683795c517faae7df3867a3c0118d3cb3c9

SHA512
c3ee3826d4ea5de74d0be90f210b25cbf93fff83d99238987c0656cee59ee7f8a9de2b3e6023bd269c86bac7678adc7a19a1a9e273de3cc77a67450641988709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1baeb09f40a5c60ab5c48b9faa18d42

SHA1
3553674cdc863ad336ce16ae377b6fdf133b41d8

SHA256
316bb531457f53e471a3f480d8237354db8bbedb03e334b983bda6cbc2d819b9

SHA512
c3112198f38eccf6f866d9048d8d49430fe590eec2455540ff55ae354517dd7c07bd7e4dc7a1a74a851c36921290ad3fb2eda2a357b1f16ba102327f0540aae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67ec3e5d3903cbf371251aeaeb83a169

SHA1
831a72f1c459e8ac7f7bd205915e92681d901fab

SHA256
3f66f6b283d02946185b6e4a87720a48190655e0cfe9c6afdaf867ab79eb9b96

SHA512
1de81bccaaf2eb6c0e63ca05d205570f86d1fff783ce340558a464ed76017fbb42e22161ad883d446c2d35baaa2b6d56d4d6a7d1ce2d4cdd1c3711dc60c574c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
923958d39070743d6c4b4df1db9209a9

SHA1
3665c2ca392155f9db0a3f29c9a5f0136e0aadde

SHA256
f4cef8a3cab705915059e90d259f1659e627707ed7e34d745cc841fa50c1dd6e

SHA512
b31d4c8811a673b8fe886c79eb9d9e1b945217d82590b879dd48efde0516da00d4f4ae866b83c7cbb0750bef479373bf852a3bf0d6ff8865a01688bbf9b4c5b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a36c47a0cd81865df49e3f4807d5fbc1

SHA1
7c904b351f9f992becbda2d7709e18a6aca9e858

SHA256
e03813c05f281046f340831128b549f31e02c5fcec64db6f51c3bc6397ae6ce3

SHA512
9142c791363ad8d211d6c3965940f70b57b46e66a7257caa1af6a2d4e9512dcadf6510889a5fad5f2bccd41adfec44d7f5c3b613af81599eb29bac6998517ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a1d95657af75d5b33122f90dc02e005

SHA1
6d27ac1e990dd586d5118e19e047490a45811a22

SHA256
6f8231ae7c9930284287de86690984e2c1bf8e3a3b7b78b85541315585009ed4

SHA512
c138778d98ed3fb9f7e5834d7fb0a5f7ebe29682813b29084d89362779a11c31fdd9ae92c4d037516dfd514f05fe005734ed91686e8997499a8a4ab290981dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bdf1.TMP

Filesize
1KB

MD5
8f3bd859aa4f8e433a461bb192becd6f

SHA1
a69b7a2080e2e9a2df235dcb75597e28e3265ee2

SHA256
d988a4faeec0f1f2f3b26a9e5665f797ea4d6e52c41873c2146ceaa3f2216d8b

SHA512
9eac992b2a2e43bad2e2ba8c3a4bb028d3f69e727c21f16cbffc23ae1e43947b553e234b0e6198dd9a26439684809a3a6b1c41b7a13cd7c221dc56624903f6ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc7e6f023b4caff9e39c400b995c05ad

SHA1
abde24669d96cac516673cc52d2f04f4ded44a45

SHA256
b8772e62951ae3439575cbe7a3708b0ae39a760219b938ff7f61fd12270672ff

SHA512
b23fcc3de174cd6d20b0b4c1b72b06ab51df55fecb4e3162eff2cbe47c243935a578ca86a2d096e6fc8ca26a86d5d6923f008367e7642ab467ac10a09cd8c3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f374f0c02104d76745a00c837a5a0dc4

SHA1
16ab8f895dd8d0709c3d2a498109a9a8098760fe

SHA256
f161caf28dc21c72a664552eca8924ce2fe83755a6d80f04a1f1d73d17680d96

SHA512
83f3aa4ca9c395a759b4d3d94feed19bba0ae5676bf9c073d2ebb1bd7c91da8a4d2d584bc2897984b35293030bcbb0bd6ae31f42325445af090647fe38e2a3e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
e8197e68deaabec1caac808d8a1b1202

SHA1
3b706ac97224e95f5db57eb60acf067ccf2d4c95

SHA256
89d5da8ae7c25fce8f1b74b2a02f4cb9d524dac5b752b35e511d399259a26d66

SHA512
609e6013c4683519b1d7448c2417ec3f528a0764f1ae9c9cedc213ceec2df497c187164e7b713e4a78236e17f6fc9680630551a7fec98c2432e308a48b8e66e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
9d406ab31eb17531ffbf5bd093ccb629

SHA1
0d693249f8589f5278213131ab97a093f29d26bd

SHA256
3290a56e74996e88684199e715c08066520bef0a7e7399ff6199bb8707c20a6f

SHA512
3ef4799be8bcfe2dd154350baee417861e8d96ad262264f07a97d1960d0fc33bb82cdbc2ffe3a450a0206cb25b9e01b9dcb4f32a3be1a5dc1fbb4e00c5604c6e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit