hxxp://amazon[.]com

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://amazon.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3076	msedge.exe
3076	msedge.exe
3936	msedge.exe
3936	msedge.exe
3656	identity_helper.exe
3656	identity_helper.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

3936 msedge.exe
3936 msedge.exe
3936 msedge.exe
3936 msedge.exe
3936 msedge.exe
3936 msedge.exe
3936 msedge.exe
3936 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe
3936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3936 wrote to memory of 5048	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 5048	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4260	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 3076	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 3076	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe
PID 3936 wrote to memory of 4600	3936	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://amazon.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8591c46f8,0x7ff8591c4708,0x7ff8591c4718
2⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
2⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:8
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
2⤵
PID:1536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
2⤵
PID:4216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
2⤵
PID:60

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
2⤵
PID:3216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
2⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
2⤵
PID:5372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
2⤵
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,16372021241350790056,953281710396899432,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5316 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:556

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
Filesize
18KB

MD5
dc3b4249df34c28e238718b1688511f6

SHA1
9a3cb2ac85c357d934b5f9c8464d78682113a85a

SHA256
2f051168aa1fbfec29a9d530772a16f17405334f65966b581ee104017a3fe16e

SHA512
2de989cff25eb486975baf44c68f123307231c327b6c0b679b484f24bce5ed8debdc0bddb04eaa5004e21b9c6b88c8575f18a98a2d3bdf9bc349fd31d39ab1d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
Filesize
83KB

MD5
32b3a7a0f3a5390b6fd696444be48526

SHA1
422f2b289e5071aa5b7ea375cc739221acc5b230

SHA256
35f71d4453a96d2b5637c4fa5e5da7322360ca288f12fa3bda7065dfbad9d2cc

SHA512
b467a56233c794b7548370673d09e2de7eac63ce389465c224dbc40f7f6d36e73153d82ead33bad8eb6638384fcdfdfc15bea4d57e4ca684a47d510e540e8bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
Filesize
26KB

MD5
5077dec6c060841507b3a7993d5f0973

SHA1
01da0a71c5ba7820161803a1023c9150490f8258

SHA256
053e0294e2d9d4221573ecd03142469f78e66ebcde0eb4de31d3f3b5cc2d8b6b

SHA512
f42cce56f295804902fabbeb96fbefb102bad516b53e95714d3be278f33d4d676e2a625c1a8d91c523d4b1628b2921ea3462b0c1b0e2adfd1bf2c892c2343e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
Filesize
78KB

MD5
ea506dc5a04c1bb32e610d7181d2cea6

SHA1
375791a4b33fb8ec0ba7864c77519c214a0a55c2

SHA256
73f7e3d8a962e39c9dc7257a9d5e6409f1c612c5952c70b935875fc98bfd300f

SHA512
904353f477b850c1f907e178b3425dfa4d4d7dbe647d45547fb7c05f8aa262beb7d4640849c04ea933dd90c328ec3c42acf897d06fdc87cf51458a458701b198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
Filesize
30KB

MD5
4f858b3a860072e6775dc7741228cef1

SHA1
5e991c4cc06ac8ed3c99e5245f3bace0ba742837

SHA256
1bf7032ff65c6ec36e57738d8417423c78b3b51ed77aa6c5f9219a0462570f16

SHA512
c760f5ee2cd9b1aa9ef5cbee7d2fee2c3f069bc86b303c03ad8dd977600e76a8f6b49869c04da2b1f296b6f5c770043e8e68cba983f3b0dd966b43c6d6b26f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
Filesize
55KB

MD5
21e8de2fbd58d8457a3eea4948e40cf2

SHA1
cc1d15edd1c4d8347e4de66a3d4fede31fc92100

SHA256
5fc71cea2379b0339e03b653489f0113f43ecb0aee7215f8489766dfc9d8afcd

SHA512
1932b02e91b8abd95c0f9f0be806adb5c85474bd54a0adb9736786cc17c412ea6224b6e4cc0dfd74ae4b28cb786376c19b4ec13f00a96663b6dcaa25fa986f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034
Filesize
209KB

MD5
928d5d291dbe17f83f1c36e3376e2b40

SHA1
5227dddde76b6f3baa9f82430a538e95835abd23

SHA256
1380fad53415b95c2ff07b54cd6cfe26f0bc6f64d7620dbd1d5ed8465fe677fe

SHA512
a4ccdf1d18928b3e567c478bba6d50ac386a06f6438b3122790ee3b3f3fc499b84dad1fc648a0c4da1430e459e823e86080f3d8c078d33325e32396acf65a741

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000037
Filesize
106KB

MD5
79618482d7cf4df1ed8322e591f20f2c

SHA1
b2ca27446359a7cdf156624e4a00152945268861

SHA256
b7a3c5faba794fc95a97b8110eb14cdee0acac5963b3a82e26c76185d70f12dc

SHA512
fa7ea391da8e85eedc5df67fd6319efc327afecf0317ddb67879619ff3e5f1ddce4e263ceb93ee3d12203713fc361c70ab321903b1ddfbdb6359292a0390e3ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
712c276560f50e7c798e822a1e011776

SHA1
e4b2edbd95238f1a84c61c8ee898c850b8ae445b

SHA256
1621bbfd2652b50c16f0bc6174c531f5b14440bcd77a32345289a2933ac60182

SHA512
5c4cab4c09b21381d0dc5444a9181d3346a3a48f9a23992387009aa0df4b26fd256332c99018a817d27dac136327e358d7a2f6a0838fd51a8a77943b790c9fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
e72ecb35c2dde17c6bfd79577048a2cd

SHA1
f3e4ee2d1a98c04d60eaf90f77c9e8567b7c7ddf

SHA256
90fefa9b55a158623ecb42c6e81432618b893c4600d10f7ea043bb389611dba9

SHA512
8e64a98bd7786489cebe20e33b26418fd0a79149c7210ac0c5f109a1cb2b6640bc3f3961407a2a1d3d4fd1b2762a750674c0ae26013e547a8d25f136c7fe0018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5b8a9a1de502a98e53a31b8ff49e220f

SHA1
719ee61391cf67b16b802cf9f6407ca9eca9db6e

SHA256
6b65aede7e84e3996ce02c8341e1d1dc429318cbe19dfa772d317b6352ca6cf1

SHA512
1fff55bc4ee5a4c60f3818b7be6b0382b104cb408e3eaecd78093b11dd69702ea80c513ebc038c82c452614fa927a098cb819a78fd8ab7b8e0c73936dab2f32e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
c61ab224d5178dca723c4a22506a873a

SHA1
f792c15a43758e9e23ce0cd9a4d5ef2465f7bc74

SHA256
af46dc9c3dfa5af60859b0d73c709ac39aaa2628039ed344ba12c1f4bda0ec74

SHA512
a1e2439cbfce2e6b505eda787dfb267026412988ff376cd7bc1f62a7ec1439fae311ea189424cfd33e57298330350e5bc7d88d9ba2deae2d33f9d1bffa9624a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
1fd5a67c2ef22bc6d2036f68a9174122

SHA1
b59f51829f4486b0e8d770dee388920aea13d4f2

SHA256
a1ac2b66e66b6b77c9b81d3f7f408e18dc95c4d28d4006c821f4159d937f7c0e

SHA512
476f1ae55fcdf6ca85a4ce0c83e2208d9f5d5d02aa8fc3c2d12a25d0a8a96eb515135e47524c643bd7b1a0dd342ed0fb41797c9b86dd6678e8c449e1c1d0006d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d39aa79dfec38df27d06b735fdec3041

SHA1
b47fbf4dc2de4e26de49a247b5768f48b90db7d9

SHA256
0590f54621dd04185054a266d4836a4de6a82c428006a93fb199f9a52c1ffdf4

SHA512
6d469b256c5d0e814108e6b41bf27f78ef6c563a0cf6efc00318aa8279a41b20a207f696a574b68e50b093f50250bb2da66a336a1527671ac584873f9942723e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
537c7d188cba5324b7356567bf7e9c15

SHA1
0418a6d7c43fb74f846fe56ceb23dd5204aebf7d

SHA256
116ffdb0617230e50ece1f9fae906c47a32eadc62e2906d4965f9aba65aa9724

SHA512
dfecb589aad78ee68416bee00343778e9d45b01615616314578c41670f4eca6bd0b5fb829a1d830883fc7dcfd98e2af272c59c0bb2c96bbb373a1129a1126891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0
Filesize
416KB

MD5
d4428864591e6a3ed6f699b2d5c5d4c7

SHA1
cf56536f9a9a352a1f963a6470b38b34a528b3d8

SHA256
dfe0f95f1bb49deb3b784d5894addc03007bb2f0d5ae3ca8d19dcdfb7e83d93d

SHA512
4aedd902acfa19695580250a3975bde2a9c88d48b673dc710333dc6fb9dc82d18fd8e39f0f5327a43931e670a0d43c0787f8825e1cd14093578e058caefe56a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
df690786a23ddeda4576bb0f3e7d3500

SHA1
101be8da24d56985ec316e1e8ea340d64e98c108

SHA256
978aedc15a62abe93ad314e049a09eec7fdbd57165b0ae96e8a9b337377f55a0

SHA512
f7662ed0cea6e31b6be1b3fb2e8e512372f02940d54030cc9481e3fcf8e5609a27de73dc5f6fa4546b3b619a1a0df86b3558a508a296392d578ae2682c76fb94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b1fa.TMP
Filesize
48B

MD5
8620cd9c6bba5034653180a309d8ba3c

SHA1
8ccff6cb8e08a30409068fcb0e8852d306bd746c

SHA256
4e6277c815d7d13462bb768459a4ee92c04f5a9e51c0bb28d74006bbeb3d6fcd

SHA512
234eac58fff60502fb755389988ee0b58ec2e943a649cb4068665b406afef1a90f019fb699201eaa2be3675b19457da0342cc27b96135822e698fc5e009c1cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
196fdb6f4c94b12c96d06d69a3d5f2d9

SHA1
eae2b9065fb838444ef48ecbc0a195126829ba91

SHA256
65ab2e1f81e9055bf2263aff8f34c55d6df7bfdadc4d102d58a2ce0a6242c96a

SHA512
4d887a106460b1da2829e72a3f5617cffdea8d332ed1f052efc80d02d9335c1d4eebed67c579c3db54eb974422e5f0a6c34c04bd969aec074729e9573e36b7c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
8c336e60af9ba87faf252d0bfaedc92f

SHA1
c3834951f077aecf69b0c18927efb32ad034b19d

SHA256
1d7c8062ef33638a31580215e22e4724529f56dea7115e900f09c0150ebd8c4a

SHA512
653f1591d973cd033eab29c2e1ad662d3eb5baa627c3e852bb1deaa44659f40936a7deecd8cda9303c29152bac69ed9995cbf7a514114d98a2e2ddd718ec6434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
17ec077f73692b4e2bc6bb0d7294f34e

SHA1
b607216b16330eb8a2e4eece5aa56509302d3168

SHA256
d35ec115d71bf32709054f8298fd8db4f5ad45d7fcaf0cc9fb66ce0e0073e4ec

SHA512
e57076c3f0373b80bcdf4e23594a03c4e92aa6cad5b0174e6c214c02b8e33476c8241964c8b3ad002f661ff6b9e0a9155d0e0bf3665242496a1a169721073809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
e83f3531db6c3460ff01af7c89c0e6a9

SHA1
aae0a07e7f86939f5f55788d627967fc60ec8b7d

SHA256
9eccbe635a5bd0be0bbf4511ff58af0b849d706c9deea7b8c9191f7b7ab7b7f6

SHA512
6478f9d16f0bfffa12977002c4a6af918a966b73daef8ff5153f36d10ecced74db70d810c30b547d863f437b399cdddc68d4ac2c3fc5b16856cae2314e0bc0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579fca.TMP
Filesize
1KB

MD5
57e0b6410d5660aae25bf3788d15a3e4

SHA1
5266d04198e68a6af89bfb99685daa1fc5394eb7

SHA256
0f62ad8cfa63844f5d6819b05aa37a1add31e5793fe3c222c5b1562bbdf57d0b

SHA512
59b2c675f8499ffc39669156eb43c6557400758f25fd3f93d4f4205f9254bb6fded7bb127a75a1498c73d945aeab019f45e2f038326c4009ee0ce5010ed26bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
c95d907c053df36f177d8835881d83ed

SHA1
aeefbfaa8745a3bb82e38a1175c6484c798c7a0c

SHA256
19514e35a73e26f9e547e03602de324e5696fe7e19cac8bb9867be100e554dc5

SHA512
65d9c89d2e6526d4c3af9129cf25ed1778adfe24525faef6e28bf7f1368b4eafb2e36c0f3038b1c6d39c16030e9a2e923b28767f0a21e2df6a5819fe7c627a09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_3936_EYACGYSNDONWQOMF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit