hxxps://www[.]googleadservices[.]com/pagead/aclk?sa=L&ai=DChcSEwiUut-x4d2FAxV6D6IDHXkTCGQYABAAGgJsZQ&ae=2&gclid=Cj0KCQjw_qexBhCoARIsAFgBlesBUr0ZuVGBuM4CjxjK1wCccOqBLaGsHZzcBnc3QWzzGgSr_V-0d0QaAp9OEALw_wcB&ohost=www[.]google[.]com&cid=CAESVeD2ErrZQz7eE_OPZSOIw1ZFgLxZsG61LBT-XbnLstU_GWuEy8abP1P-ebl-DPQnOqg6aRs8Bi6gF4VA3TBOlhsK9iXxBu0lVy60x6UCLmsUvJc9qDY&sig=AOD64_1R0BSAu0DhB5EfzyddoJi3y1TYfg&q&adurl&ved=2ahUKEwi_9dKx4d2FAxWDQvEDHQUFDKgQ0Qx6BAgEEAE

Analysis

max time kernel
80s
max time network
83s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
25/04/2024, 16:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwiUut-x4d2FAxV6D6IDHXkTCGQYABAAGgJsZQ&ae=2&gclid=Cj0KCQjw_qexBhCoARIsAFgBlesBUr0ZuVGBuM4CjxjK1wCccOqBLaGsHZzcBnc3QWzzGgSr_V-0d0QaAp9OEALw_wcB&ohost=www.google.com&cid=CAESVeD2ErrZQz7eE_OPZSOIw1ZFgLxZsG61LBT-XbnLstU_GWuEy8abP1P-ebl-DPQnOqg6aRs8Bi6gF4VA3TBOlhsK9iXxBu0lVy60x6UCLmsUvJc9qDY&sig=AOD64_1R0BSAu0DhB5EfzyddoJi3y1TYfg&q&adurl&ved=2ahUKEwi_9dKx4d2FAxWDQvEDHQUFDKgQ0Qx6BAgEEAE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
1988	msedge.exe
1988	msedge.exe
2036	identity_helper.exe
2036	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2624	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe
3916	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 3952	3916	msedge.exe	80
PID 3916 wrote to memory of 3952	3916	msedge.exe	80
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 3220	3916	msedge.exe	81
PID 3916 wrote to memory of 2280	3916	msedge.exe	82
PID 3916 wrote to memory of 2280	3916	msedge.exe	82
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83
PID 3916 wrote to memory of 2552	3916	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.googleadservices.com/pagead/aclk?sa=L&ai=DChcSEwiUut-x4d2FAxV6D6IDHXkTCGQYABAAGgJsZQ&ae=2&gclid=Cj0KCQjw_qexBhCoARIsAFgBlesBUr0ZuVGBuM4CjxjK1wCccOqBLaGsHZzcBnc3QWzzGgSr_V-0d0QaAp9OEALw_wcB&ohost=www.google.com&cid=CAESVeD2ErrZQz7eE_OPZSOIw1ZFgLxZsG61LBT-XbnLstU_GWuEy8abP1P-ebl-DPQnOqg6aRs8Bi6gF4VA3TBOlhsK9iXxBu0lVy60x6UCLmsUvJc9qDY&sig=AOD64_1R0BSAu0DhB5EfzyddoJi3y1TYfg&q&adurl&ved=2ahUKEwi_9dKx4d2FAxWDQvEDHQUFDKgQ0Qx6BAgEEAE
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcaceb3cb8,0x7ffcaceb3cc8,0x7ffcaceb3cd8
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3288 /prefetch:8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,3855958202557467332,7183218582904683304,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004CC 0x00000000000004DC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae7fbf62fc07f0bdb15169d2de3dc768

SHA1
9155eb973df31a7d6fb95f03058dd523171b4f0f

SHA256
ecfebc84b01ed9071cc68bc2abc4eae4f891e1dea41a16ea6010f7acfd6cc624

SHA512
1539bd6c522e56685399616d9811435ff0197c9471404361c53370a261feb180a38aaec9aacd38ff52c94b2cac2e4da19a3de50a9b6541f6f3fd0497bf15bcae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a5e869975d65ad786022d6fc8b47b747

SHA1
14b030f53bc86bdbec766b2f3942804ca742043a

SHA256
d5f8f63c67fd06a2ae7da80cbe8cc96bab5932087eb70432df9147ba818d758f

SHA512
fd8d2b8ce13f4aca312f4856096edba99310a78a5f4c4148046a06e873a3d2514fd2dd9b4515fc89e83306d251929f2ef9c78863f85a3e017a3029dec63d98dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
19KB

MD5
d17d64e55067f5f164aa5dcab0e4eb6d

SHA1
e887b24c99ebf05cef7de818db18f17a82ccc612

SHA256
e010e5a62f6cfc598cbcbe4e0ba9b9f3aded1ae590bcc209cbb15027249cdea0

SHA512
72a77a0f04b05a29d40f9ce9ecc4aee1e74391d2ae632dfe4f192eeae7cb937a16a8dc38c2c0b060daaaf6916f7a32d2de6060aa485d2435583c40527d9496bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
00fc52a78e906d4ed6e8a3e34db8488d

SHA1
9a1ecb78a9c4244ca8258dc8777789de05cd57b5

SHA256
fab3bf24f5f1c088612e7da2f19d8174860c5788bc347dc5a20abf2776f6ebcd

SHA512
42073d20819015747c231c0f5856b56569d92c2a164935a63b7b2027532e5542e4fb53744a623faf048a6e91b959878ba24af2b37846faf4e96168defbd9b610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a0fd14900b2cfb17438a5723ece94613

SHA1
d44c779da8d743fea10b9e37b3903e9e8d14b018

SHA256
8abd6bf98ff8048d7349ed939a15004a65a19e43b012d2f32bc4a694988a7c79

SHA512
8220c9e9652348d08393fcd4e7905a490280a7e50f12536a838085cf85cd4975c9ff261068586d6e64d221f5c968bc6bb3bfcb06e257dd0c30bc40e70c99ecf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d0c2cd9a859279b097995af42499b467

SHA1
3a2dd140ccf484498bc7092e91322b18e5ff98c7

SHA256
d25dd2b90c7511dcaa1307efbe14184de2ba5fe5fd7f273f86c77661623555e2

SHA512
099d0c6f543be290fc1b4bf943fe878d677dd626af11042b30186c34e68536c980034b52723da43416ad39f2d284aae95591fa9955ce0a397941d49ecce6fc6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cd696c2e6091094bf4cd467a8a4b78c2

SHA1
31a4609a90f28e59d853894966cd0cb3e2296667

SHA256
def6591d8c806fc14c42c387da140c59d981be232542a3059bc7b68f320efb9c

SHA512
5e2a2b17236d9eea685b4600a2a1864620635a51b87a5959da4c3c952bd9e61e7f26aa848c55c699a0214f5a40ad51d5f66c7f8d4d1612b8c8b0e9ffa24428b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
93be47c8f8c6dab66485857c5a373aeb

SHA1
e9fd1066dc5324fadd93ee737b1d2e619bbcbe52

SHA256
b44e22e28389df272a2ad88ce64b354933733ebc88069292647d530ebe2946c5

SHA512
d8a69a938c60e31127641f7045c0ba20cc17e7c93500aa540976badc34a260c080ba65a26efc26f608b2da7aa3613c9307b6ad320b6d5170f19084c256d3420d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e357e06c6a1939543f462f62ff5adba1

SHA1
e4b67709b141b58019c29dfd0556c76bed28c9e5

SHA256
ce90ffe7b9447055b08d13af087c05b43bf94c45ba1ec29d3c3aade222bbb653

SHA512
b0c0c9a1b168ae4e3497b42316923a9efd49108898d8ca3bd3c66b96ea86dc1d2cabdf942ef81997f71621fc4cef429d8d12b1beef59eb981436b998df7d1734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
652d14d99d4cf20b8e3fda3a22f88af5

SHA1
e9aff6db5df692a4e0cac5d13e382085a2884274

SHA256
44337a4416e3dbf82d52e3a675836e70f27d1fef945c985afefa0497d08c002f

SHA512
262bdc5bd4e3f532366af7d2bfbec5bcd71b8653a80583cde747091e6f141205396302ac319729e476f248ac791bd7a716e035cb866b0f4bf9d35512f1fc8ba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
4a24d0df5fbdd1aa702d222d78922434

SHA1
cf73358c5c1c10beb049907e4e543e873e8c8b8d

SHA256
6b83878477ea5b313d4027905159ba6690abbd58ec834b080e7fc18fe682c8e2

SHA512
1b06d38ba8b7b35928615abf85331005091244cb259a86bae73fda74f0754cd90d9ea9af1b4b58037429ca1533b0ac4b56fa1f3b2bfbe6aab1cfe5a897e204d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579a9a.TMP

Filesize
538B

MD5
bbff2f04e8df00dd411e3eba0e117a20

SHA1
fa59ac860ccf48cb8876af9216f49330e5461f5f

SHA256
ac388ea91f97ad2877e0ab71a5daa48deb44e553f60a12a0d79401152ead5701

SHA512
b4d09358c94339934657cdce9641b4b5e1cab46c8a8ae5faed42358853dd29ee3a62fcaf081b6dffe5d21ae12943597f5a766821336d29be816a0acd4f899394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c41675b57f90e9b42db579d5b347fabf

SHA1
e50144f1082010b73cdb28382c008fde6272413e

SHA256
1d0698238c550f1681306cc859dace8a2191ceca86f99405ca65e078f3d902bd

SHA512
8291570e99281ca29352aafb413b59a3f6c2ccfa3d2d54f89d210a466889189fd9e9a7d0753bc699a8d8d9ddc8742a967d76c0da0ebe308b67341ff9ca407c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
91f0b40f6397a5a1e0317d6191f01200

SHA1
fd95ab6e1e61b2c2bda5a667defef8b8d9f06a4b

SHA256
19d5a62ef7113e97f61f1b2c2cc7c2815e9f0751acc076f6623bd24427e22cf6

SHA512
c0cba4a0efdd6010fcf445256ddb919c26df722eab8c2ecc6645fce77b74e9be0e1520b307f9013f395dcb366e09965011c0a21a26b3b924291e11419b059798

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit