hxxp://pinterest[.]com

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 14:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pinterest.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1824	msedge.exe
1824	msedge.exe
3968	msedge.exe
3968	msedge.exe
3140	identity_helper.exe
3140	identity_helper.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3968 wrote to memory of 3048	3968	msedge.exe	84
PID 3968 wrote to memory of 3048	3968	msedge.exe	84
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1884	3968	msedge.exe	85
PID 3968 wrote to memory of 1824	3968	msedge.exe	86
PID 3968 wrote to memory of 1824	3968	msedge.exe	86
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87
PID 3968 wrote to memory of 4400	3968	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pinterest.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbe0146f8,0x7fffbe014708,0x7fffbe014718
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,10201060908898896438,16090297140988292980,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008d

Filesize
200KB

MD5
a484f2f3418f65b8214cbcd3e4a31057

SHA1
5c002c51b67db40f88b6895a5d5caa67608a65ce

SHA256
79cbe928773386d07f0127f256f383debed5ccea5ff230465bf46ec7c87319d6

SHA512
0be1bb8db08f6e6041a85cfee90cd36a5b595afbca34d52a125465454fc806b4bb7ae569eaf4c882922fb1b962b6060534e597791cd0ad23483be5981d9be85c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
684ec2915ff92e40636c642540b52fc7

SHA1
2cc0d2ab6680b5a279faf23c81e03435354ec81a

SHA256
fa53ceaf67623a816f93e15faf1fc13e72133a71f54fd828525e9195d64915f7

SHA512
43bed8bba7422c95368b669f1a6dbfcb8d149d8492eb991f582528d70b3119b034a66026c465a7be47ecc1f3f1ac4cd985ba3a5fa59e4220e1b2da02f6020e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8679452936c9244f6df9311b6dc15302

SHA1
1925c05c89379f74197b0e68708a515e6cbc13eb

SHA256
43132f5b51e5529fa6f78322682eed731b3ff3a9edf1e47896d84822e4f8dc6b

SHA512
0e0cb6d3e68a2764172c8c593965465f5b06bc1d633939ba512aed3629418493b8b1f3ed3a5b53ad9254b5b00d69690fb2337a16be95e5b8f8f59bb34b07483c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4e68f0989a171f6d2d9dd7a5649505df

SHA1
c22925c0ef1e25ee1109b2bdec80a0a562dcfaca

SHA256
1df34a795ec0bb38d3bb4b7953b13687c2f45bcc627b17f1fefe5c189610ddbf

SHA512
6f8f908b604c09ec3d609ff8f4d99821f591abd4cc2d4cd783177c1dca973901904ee7e4381ef1e9f5a1ac8ca34a1593cfb7284367997f9e714d07634b7f7c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c4fd71e9f52ba40037d138f9d684677

SHA1
a2beacf2b60c876882e21d103eee80dc2b29a659

SHA256
6a559048057b99472aa460d744e8ed175d52d26d7e5e512f13b722bba56b5f11

SHA512
da6cddb5f5afd39dc8c137b93c3007661538684f47bfa4ca03beed231773094e49d0315957c1f6e35655ac39d97f514c66abacfa2fa9b29333e4b9776d93b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
050f7b04988ff359231f49d8551f6a31

SHA1
a60542f458b1478a57f2a0490f80d1ec43792590

SHA256
4b3aeeee478f984a194b2ba392b2dc435ceb23b6403c965c18003ec8272932fd

SHA512
3a82d8c028c5c00386b84759eb344b05bf369186e5b472c701003e8a4c5f972720fa3270fc5718a7a80f8799c575049d3600250f0a5360a3a3b39a5af481691a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
42b638dea03b3bcdd55df1c69ffc4529

SHA1
f42a0dc1cd91ac8f19bdf45a8f0b7a34eba1a3c0

SHA256
f37397945088f1180cfb3c68bd6e8d84d78a09da6dc9210bdc6c30aa4d18aecf

SHA512
b715c8f3f4a16998d6f4fa5a8b1fdcc770f44907f0c4a739aa94dc35802f512cbacace1c0047140426204137f69fee98e24e87a4cf614c97033f545801d8396d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5787fc.TMP

Filesize
370B

MD5
93efd9e5a029d7c1804c89c692107925

SHA1
a80addcea1342e39754e36033940ed4e92f37275

SHA256
2c45e80a1cd6c082d94bcbef5026f98ecd9c8f8e2e397f366ecdd2a77d339fcd

SHA512
7ff361409dce4fdca23128a294d89db36dfd87f81d1da2296a699cd30449123dcc5efc4e265d90dc0622e3e6fd76a62059f22a74cc5a7f66f8dd70f544cf7f20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000018

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000026

Filesize
17KB

MD5
b8046a942b00491bcbb12f80a2a214a0

SHA1
6ee5633f06e6be76e12cd1bc8202e7a0f2288893

SHA256
62c3e9ee7c36278922faa04824cffa010b7f09dcb6d024c45e77f1c8272a495d

SHA512
cac97a36ab57615318251763105a9a1ee7399f9574f0ff3f2cfdaf8ea0bdfb3c8c449bfbc8358a159a5ec39a3e79e345890b887d52dc5bf59a93c60e821a0e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
90117743732b2224a019e4d68b165d0a

SHA1
ef589ebcacd1ee3be1f5e6c1b741825d9f55367d

SHA256
61c17fb6e40fcdfc1b182135f65cac31acfebc9ef0c419dd2e771f04f6286093

SHA512
b1fc901e4de6b94e102d096f87f94510b51ab4dcb53a6b899dd1fc6da3ac36a3ec838fb5395c926471e444349ec1245ecb0f3d63d6b073efedcaf24ef42c02ba

Download Submit