hxxp://mined[.]to

Analysis

max time kernel
148s
max time network
139s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
24/05/2024, 22:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://mined.to

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3938118698-2964058152-2337880935-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2856	msedge.exe
2856	msedge.exe
5024	msedge.exe
5024	msedge.exe
2736	msedge.exe
2736	msedge.exe
1772	identity_helper.exe
1772	identity_helper.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe
1876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3932	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5024 wrote to memory of 2296	5024	msedge.exe	78
PID 5024 wrote to memory of 2296	5024	msedge.exe	78
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 1884	5024	msedge.exe	79
PID 5024 wrote to memory of 2856	5024	msedge.exe	80
PID 5024 wrote to memory of 2856	5024	msedge.exe	80
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81
PID 5024 wrote to memory of 4056	5024	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://mined.to
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe07e33cb8,0x7ffe07e33cc8,0x7ffe07e33cd8
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:72
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,14376299675561584965,12121940541221208890,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
82KB

MD5
8919e30bc9e565fcbb5d75ab516df5de

SHA1
db9d931c7940b6192ce0bfb79ca4c50989f6feee

SHA256
3c71f599233ef1171ddb532c20c65825145c538693aef8769bcb793aaa7252cd

SHA512
e7313b39c13f61d09db2e8fa7f18da14d7fe9c8e535309b72a8bcca4e74443b88ba1da875c4f1293c471e8d3d7ef7b4c43aea0343ad9df0670ca3bb133fa3a27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
96KB

MD5
5bbe050937fb5e65b5728d7fd5427924

SHA1
be8e179aa614c84d27954bd68a6da7ef54e374e0

SHA256
25f0b17ac8ab4aad3d9d891ef9a19965dbbb3270d9ac33aeaac511331052ae43

SHA512
d894331f06cace81c68566942f91561921c0cf33de2bf2144973a68c2e38ab70f77f8dfee92443601392ca8d4729421334a5dff1d011eb315acccf11f89edbb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
30KB

MD5
3ca2804157f3e25e0eb54b74580130a9

SHA1
f5bf014b15d93a6e6866bdb810d1cec2edf210b1

SHA256
0484dc802f9a81f061b9d7ae08d3949ba51a2ca47e115649d6f3a407d1d4ea58

SHA512
81c06032ba57eade5fe2101f32e0b7a6e174ef7e43e464b461fb376dfc2a592ed5f3457b9dfbed6acce9e4f2d6a7f965fb352d71de74ce7031cfca8ea27aeb4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
48a8d88dbf33d4f6d98de5fd1621dc62

SHA1
9e210abd358af148531a3f35d307eae5064d8691

SHA256
0b16b57f1b96b336785514134dbf2f6b8193cd5f290b6406db5059acfc2c2483

SHA512
3b0d47693a91c604628d50de91dbcdcf0d63aeee59f7e3a0e9d3415ad80ec7885dcf13e0e32a71f333c6ca216dc754e744ed29952f5c376fc49a920311d9ca6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
eeea29aa670863029dfdae27ef1af9db

SHA1
8be712270d6fbf4eedb44dd3936e77dd90c9abe2

SHA256
c78a426a22ed8d15565e456da7f7026c182ebde5b34732e276bf836d2275d039

SHA512
5fdf14485918105b99b9d45cf0139f9d58468f45be160e35f920746f5d6031381df76bac1c03f743c2ecda5259a9feecba5e7245a729f0c424fcbd26501b2fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
20599539f0ff36eabd81e9c8a0eec096

SHA1
a29ba2476f9e5e4e2ea53924ad1c7dfbbd0043b1

SHA256
f94c2c86441f3e66dbccb8452c71989d71f43acf923f353b7f660d5cefaa7618

SHA512
f418707552717cccf5bdd9b0f856166f861bf6a833e9735d7270449916675b080a72919b22e6a49a96c7666ea6a795bc015b33ea686a5e92c9dbf498e0609af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6d7424920c5edf240eddcde6156dc195

SHA1
5e85bb7b76bab1596f571b2c65ca448f3e00b93c

SHA256
9c0e3407ce9f96be0b829b887509f7fd0d1282959d5c1b35e870684cb6e61d92

SHA512
e09f6493aba03b75fc5fa28b4c824b8e409aa38312a0a02485fef1ef46b39886edbfe7dbf52285f55858f548d804b9936325cba225566bf2e83a38848d748be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d66c34a08d1f7d56ee0c2c4cc4b96231

SHA1
1bbd6c80270389db404d51139009d2b8cbdfd33c

SHA256
7a6dbb7e34c10d9f374f646c3557b431e17e6444924a252b0c775429441b17fe

SHA512
64309cf62ff42f0ace4978c94a1970c381c0ce4524cbe71f411ad4c22f2d20e53074664db5be4254f45830115fcc8049d2806164cffc0bbcbf9600b4fd007631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd6158062d44c5a6ff08caefeb5b03ec

SHA1
14fefcd5e05a1bd8e14bd2b4cf51f35aac8dfb01

SHA256
e70836bf721fcb140250e55efafd40b3f33bd42b4a57fbb5280866d1c3b3e613

SHA512
1672eba9597033d2af9fd71eef5f7da7c756247985c013e016b32425bc05ec074aca3f7f2400547f8ccc23b2e19ee09ff1fd91ddf7786295aff2727d5173e6a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd69d1fa2f3562086b8183998035aff6

SHA1
30a2270c7f6640c88133f5fa75e525f6e722ece5

SHA256
269925425aec4e0b644fa0bc7e0865d07b48a9a9d7b9289118cadb9c7a0321e7

SHA512
023039ed15cd1ff246d5798c748969b8752e4e5b82aec4f325c4e373bd748a54e4ed186fd2b5c5722a063b378d924c3d333486140f69c02faaf907c2db7e229c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6c761a6927a6c2db625d985b36c39f32

SHA1
4b62d59051a2db87967f8c03a019cf24eef009d8

SHA256
bc69fcd73b78f731b594119c08014bcfdb9a812f4fd44a0012a70e080c930506

SHA512
16eb353f55b26449411ccd8d2def0ba50c32bd81f83b9bb1d1d6044a57f08991a394225a94932c297786de02ff3ddfc375fc7783f95137fff410d9c611ced7f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b652f414c321acff4ffb9b850f9d8e4a

SHA1
3ed79f2055de5a58a62907e2ad1b5642260f0b87

SHA256
84dc1c4d17a910ed58a57acd5ec7ebb3d0c1989543a4723e674bd478003280fa

SHA512
ca054a2a8e2728b859dd7d8a49adaa0a7d546f27391af9d4eb72f422225dbaf1a22472313c9c13da4200cc33d617b624da3a4c77a9ff17f80af74266fcedd803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39c59c8b3ce9571b94a69322987fa90f

SHA1
5bfbcd8626b5f65060520b2d32b4760c03185b2d

SHA256
79a3f3f2610df92fae0cc80b7990a3d9089f291e12bc951511d3a3ce5fae56ec

SHA512
76694a5253600d2a4dba15c307d7ec9bfb9c6cd6306a9adbe88f69ef59ba5ee64f674400259f8c7b43855cb6ef72aac73846510a14706703a0440aaa31f6eb2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3b6ca3388e4a25a309011369cc24a97

SHA1
b0da3834464ac290191cd3f7a8f9e4458c315a6c

SHA256
0ddc9b857a5390f2347a0bb4c809169f0c20425c255bdbdd68d092714acf05df

SHA512
7e2b903ae23c118a60a480690c5dbe8b5b395122be84a8695783aedb431a37d679d4ed6add068fc688244a4932c20775efc8e3a4d141834f9e6f215a95680cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a170708ebe19e55579c7b2e9f2faa31e9998043b\54f05af8-807a-4b86-a6df-42236088389a\index-dir\the-real-index

Filesize
72B

MD5
8f4e1ffabfce89d80d606077a9967687

SHA1
2211fc3e31c98b7a4703984082b3e76dcd6e7935

SHA256
8b1ac54922cf964652c5dbe6f4b333c970085764ff47c60fb2c729998c80aeb0

SHA512
3600f9a84271b07cbb7f09942badafcddef24c1cef4930bb33a047e86aa4ecff9e6b0293beef3104919f2a74913d4e5ec9ae9bb9e7167fd8e1eb7bc783f7c0c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a170708ebe19e55579c7b2e9f2faa31e9998043b\54f05af8-807a-4b86-a6df-42236088389a\index-dir\the-real-index~RFe57c37f.TMP

Filesize
48B

MD5
6da50634a5e63554ae8d4164d516e0ee

SHA1
39cdb8908be84c25c4890c2914fca1624eb97ad9

SHA256
508df59751bfbd49daab576076cf48ea409c7ab4e79341786f1d7ad5e773ae6f

SHA512
3531c0bd0dc4e446bd824d2bc371351643ab4222c0eba88f6bb13b4d04379bc27d1e30420109928fab3960325f62903a6432114851e0eb436edda3ac4d84eb31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a170708ebe19e55579c7b2e9f2faa31e9998043b\index.txt

Filesize
84B

MD5
f9059e50673553330092a5e0ee2c5338

SHA1
2b7ba1e0fbcaec6512cdfa8d1363698895bd24ef

SHA256
2d31e94feaa2f8f8aca5908d2b3d46ff2b6177ea5fc19d4d5e258298f5d3bff3

SHA512
5e1df6c4e755ee63fc3121abc2f2ea6543fb5aed9814453a3555f897c4d79731d27573e8720eb280da19436fb6a303f01f403ed93a79206ace4cf81be0b176e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a170708ebe19e55579c7b2e9f2faa31e9998043b\index.txt

Filesize
78B

MD5
4f974b464f2275d46810174f4a3fb832

SHA1
6d6d942ab0eb8ed3241ec81faa61bacac9c2021b

SHA256
7ac7363281fcb11dd558e513c39bcccdccfb3ae63eb56da1c871f2a180791b9f

SHA512
ec91942cd9aee5cce4b579e5b56f6649e6bff35211c63a70234a56d7dd1ebfaace1ced8a4c1775ad11ac97de16bf6afddc78660ae5a88cd2af29c2cf932db3c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
9KB

MD5
cc0be62a1a472673531b836119097b39

SHA1
15ab3b1cf9ba8f08ec91802b86e0e803beb9755e

SHA256
53fc8d03626bae5bc22f43990cd6e22feba58b8c74e99c0072ced0083aa2d355

SHA512
f5ab9aa7a40f89c92ccad058b80ac27ff376a06c0101ff31d544cb323727308014957d2560e7c40bb5a708a94acd01cd284c565f86a6e59818c71979573fea09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

Filesize
8KB

MD5
70e177308f9752f841d46919c6b340d9

SHA1
d45f48fb8e06634fdd2c29fdf0387bacc0c8ca35

SHA256
6e30c8e4598617c14b000750b079d6716d1d924651243a70b686e7078914e012

SHA512
4400741bc3081f222a27a58651082fd8fbc42f0bd91c058dc964599dcf6348a5fede7b2f523558354070dc053b02008257e732712b32993a41bcd11cdf860dad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0ba68128bccc716475780acc6ebf8c2e

SHA1
54c150a7b37e5ede77ac3c840487fc71906a3a20

SHA256
eb7aa45c4938b6d1553bb6f12ec3fa6a12b136dcca7a3f45a9dc725de7c43a93

SHA512
949c49018899e1b3d244a767a2ad8fffaa48c307af89e4b7343b604078086592039ae6441d6bab53dddf7555bbca00f24ea5a20650e9f6ce8ec536d878891686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c265.TMP

Filesize
48B

MD5
9651f4bba94a5ca44327f20c90e9e16c

SHA1
9cd633f69e9d5a1c026c61a88cf9fe2e64eed2af

SHA256
51d00763bd1d0466a74b7c00e9cb7de6c322d3539c3447b8fff64799b8d14c4e

SHA512
95419779878e77b858dba6f165e966dd10ea6dfe2a857e8a885e1b7600638a36cdbde596271f6050e9650a84e966ffa17242be622f5d9c05e5a322385f3a4f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
535B

MD5
309eaa4feaeb4d868106e621e22399f0

SHA1
f85881073911634d90157ee1c9932cef230d81df

SHA256
d858dac8791e4680481d3feae34b2a8e887fb40fcbf54f108aea7d568f7b3349

SHA512
261e3018de7aa9338f376f01da04303a6914cb5f3c745db09995e7f1337f62df3203878191d30c690999fbe28df0bf6ad82508ef65f31cb9faad00ddcef92757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d4b5.TMP

Filesize
368B

MD5
549ead3ba1688d87e2038ffac8275ac3

SHA1
307cac40a859bf39932007946973535b7e341139

SHA256
a7a50d33fb0e18232cba47247fd4e13b4261811d674c527560cf188f0cf2f382

SHA512
e1ce4a1912705d5a6648b94681a8f05946dd7bf59d9f9079446a56b08b61990fd27a50b8a31eb1b17340121ad3ce1546295fc9ee8c49b2147aeb6faaa191258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
16bd359ebe51b28cf349291e1253b158

SHA1
7ea3e5765fbbff0cc7858e9906d57963528c9275

SHA256
359b35a6c10ff4a619666053238a72785c025297cdffc87e5b1149f1325a6b09

SHA512
e90e68d8456ec85543051106fc8ae9b153c04f233336162921c1870bd832236be1e6cdb02ad9599f3f2eb1945127698cd50be746a8250d86da3a0cfe078b9c6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f33697feb57eb7483d1f1b41fba2f13

SHA1
28e3737f2ff5de5681e95eb92a3c2b4c444b3fc0

SHA256
2e9ef5b8168a87a757ab9815b9f43419ed67baea83f9048048ad46e2042ec09e

SHA512
79e40e4b5342f408f01c238f7b529ca9b47f92b28f8a683aab35a0ed83ae23d01cc885765ad9b461208b316165ceff7c9a5474fefd7c2716db677f7c1f96eb82

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
6e2dd918b2c22ec9d38424b34577d88b

SHA1
ce9b5ec7934ace13a02d64f494ec8cf6de8ce5c9

SHA256
037e7f2cd9d518cafd37f55edee61feac13b4dfdd35f67b41d7af525d93b7f0f

SHA512
fe292b07ea0f7db690e00640f29b5cf7de32ddcdc887c24075801e1b7ad756e94dab31e297efff6c9def49ec3ac20e22c71ba40afb7e4fb75bf0678b64328eca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit