hxxps://sc[.]link/Egn2P

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 20:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sc.link/Egn2P

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
828	msedge.exe
828	msedge.exe
1504	msedge.exe
1504	msedge.exe
3652	identity_helper.exe
3652	identity_helper.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid process

1504 msedge.exe
1504 msedge.exe
1504 msedge.exe
1504 msedge.exe
1504 msedge.exe
1504 msedge.exe
1504 msedge.exe
1504 msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

msedge.exe

pid	process
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe
1504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1504 wrote to memory of 224	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 224	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 676	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 828	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 828	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe
PID 1504 wrote to memory of 1724	1504	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://sc.link/Egn2P
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffed44d46f8,0x7ffed44d4708,0x7ffed44d4718
2⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
2⤵
PID:676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
2⤵
PID:1724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:1408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
2⤵
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
2⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
2⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
2⤵
PID:3640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
2⤵
PID:3120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
2⤵
PID:2744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4556 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,16758417878244053067,12272437614653711943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
2⤵
PID:3380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0c22bf17-9183-4bdf-9de3-34a4efe1c50e.tmp
Filesize
875B

MD5
78e2d11862aacbe8d26f4bcbb55d3dfd

SHA1
a8883643fbdb6a53ef5d62fb93c1b8de0df9a45f

SHA256
070fd0263a1ab5fa5b0a2781055564d81e80703ec811d184e98f051125e4015d

SHA512
62e4eeae987207c1203378060883748be49b89b2f9a4636bb9c4a15ef7fb2dcbe48aba80574418480e9cfd07b8f3908a1f94dfd688276479b44a5d4e03b86f9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
43KB

MD5
db2a509594a5a1893b68ab6751b4821b

SHA1
de248758ad71bb86150de155daa2fae0ef82186b

SHA256
7205ea02f7af5c57824a95597af310a9a7f1cddb053abb3b4b82af8f09fb6f51

SHA512
37a82855bfdcd0f93c097883437c22362b8cd79530885f981c6e03fd6f2f80a8177a979a005feec10b61aa2b84b49faf0a05e548d472655eb50ff4df5b159e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
70KB

MD5
ec080122ae1c52b26dd5a8b316ccb509

SHA1
857e7fd84764f0102ac414aa5fd264d30dec1826

SHA256
629b4db51c51d1b8927103d83a79caa04caff9fd53caad5c1c1f3410345e06a0

SHA512
5d38767daebab4da8b73a43246995e706a10aaceca4ea8d7400c7b8f1f6074d66b314cbe5f8b1d0a12fa266a0a3dcf122b0ea0083b5eeffc4c5f328225016f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025
Filesize
30KB

MD5
362865aba843f5b18f77a61603602abc

SHA1
5adeeb7863792fe2a202d2693e1a6e102cbd1fcb

SHA256
af1db82c929ad84f3cfbbf225d401214ee08f131a823630358a54bb413911d26

SHA512
223564a3162a4eb094ed90c153f3e41103f7de5fd13555f95e63d49b6a84c41028d55b3d3f084092366b8f2979a8bb9231014cef055537656805c026e53f1bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c
Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005d
Filesize
117KB

MD5
4f7c668ae0988bf759b831769bfd0335

SHA1
280a11e29d10bb78d6a5b4a1f512bf3c05836e34

SHA256
32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1

SHA512
af959fe2a7d5f186bd79a6b1d02c69f058ecd52e60ebd0effa7f23b665a41500732ffa50a6e468a5253bb58644251586ae38ec53e21eab9140f1cf5fd291f6a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
a4e2f89c8e48a0c50ed22a6c9c463a6f

SHA1
7491be17f01befa2ef277cba4b86381ede743422

SHA256
044922f9d1680486840d1a86e739c99f6e5a07c20cf3594d0e962994f09cd04e

SHA512
8dd4f1f042ec5b326ea6584d58ddbbf96307fa9a5d4236d7ae6f671720d4120e96000024291409e8aacf849de10ced7d703c731ab2a1a0e937e7041aed23e153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
7db27502ae8a50c2e8169f3f5be40784

SHA1
c43a8baa6a85fb692ed58a4aa4d441140731c139

SHA256
fd065431470e71e15e04e2df4eb10578f0da46b4e6029d74b95211e66d176c30

SHA512
dacbab97e199d007f976d7809ec430fea0e1b73eefa3d6ab414d38ac46963ba2c556ad911561ee18fbde949f28adacf9bc689014e364039d2865b41ebb5558d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
f5bc8628d1b44ce87362804f6b47b474

SHA1
acaf3510218e0a21bad22eb80857e080513c8c87

SHA256
864630af7e85c8a8920977d768d3c6c2584543c92b57819d6c2c8dc763a6fb82

SHA512
fdeb64d651a3520f856c46d286ecd0fa7de11ccee751cf02dab0e7453c2b29aeae81298f9b83406f6038d5a3fe5f209d28c051954bcf81cba3cfe45b51d8f1da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6e78d85d1a33e0e9652e4c029de9088a

SHA1
49ea8775af241963becbeac75f23e52a6a34857c

SHA256
42cd971a81fbf42083952d7c6657be2cd3977123066fce019448708a7083ba4b

SHA512
cdb1fcc2f67d1cff6ec74701d9415f91edd198845bf103b8d12ee894ff4c1b0a9b1968f07e76d4a6a44f846b58a0d98c1009456d9df2f9e62fd61262d4732d6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e733b5646bcb75cabb5145f837634234

SHA1
d1229eee666793b65c1dfe6b4cab808c15a93680

SHA256
c73dadcb84c15a5da7e45f4066340e2b95357bc4718fb4dc565fa16b8893847b

SHA512
c89fb908e673adfb017e3c15e4e4f414955c5dfd2de1fea8c213e1c1293f907371e99ba16861f2cc356d509608750bb53dd660ac8d20b8cabfdc77bdb0acc10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d06f1d6b597212dc314bb03d7c236ad6

SHA1
2356983979f9f5a515202a8499ecc82860ada771

SHA256
9ba5ec909b037ead3d911a228f3e0e578ec07e26b15b89c9e69c19e6407f8ef3

SHA512
c1078da110995349a2c67d8fe3b8bd6305ac23a3ff4d0e4d108482b57f12381a50add7ef190df0e737a02c0459bc289b419246f4889a4bf162af3227e4202fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4df84e246ee3ef3dd9f2b904f4bd9ca1

SHA1
b33be442ea28ef352470cb84721466c14fc5736b

SHA256
3b64b2cb80f241ebaf4b32864afd5f2bcbc964bc82db6dd88fc2a7187a3ba21b

SHA512
296dff526dfd8aa03b3942e728065df0b812e227c8b9aa844c3dcf991bf66e382a29bf530bc49dc9d0cf24a07919efe661826a1a00314245a42a794a8ba10dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
875B

MD5
84e590f570aceb264a4ff4fc3f7fb58a

SHA1
ca735f975338698529c1a98baad516e5c7fba66b

SHA256
9cf3cfc5546b97e15847b55265823e85ac7dddd8f85e69bc11ab62b0c301201c

SHA512
abb605301b9f6189ffbf88cae1ebf2101e7d2af1ff4be2ed73d91248349fff3b3fbbe409e371d82137e9d367a01e1215cfeb516f3ec697abbc24988352357276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
41f052646ed4e8e35805783711d7c5a0

SHA1
c3817d568ac076ad1e88b1fd8e284f011e96130c

SHA256
e96086d4591eee0c53fcef8860f83d45cc41aa476c75ed987fc7e4e6357d218d

SHA512
6be5a1e0a77eb9703f41a53ca3335bffe6022d6bba0de03a7c777cde0bc1d5a640c809bf0ee8d570bcce6ae5811e1d24722db894dbd70d87084bddd8d88ed2bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a43f.TMP
Filesize
707B

MD5
fd9a87ef7beca3c3b75bf48bee64ee16

SHA1
1e6b595d1d8e6ae90f53aab8253c92662bc84844

SHA256
cd6637336ab4e9ff308ab0def7ceda646935b090cf76b0142086e9619f7c9c73

SHA512
2bd4d5cc6690046dbb6add5ab532ee9f2d6ec111d10dc2cc8d316c54bab62020624544130fdb672052b5d2989410820cac9bdf8f52dcdaa2bec4b03cd147ef9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5512fba-7135-4a6e-adb9-446e93fb3116.tmp
Filesize
6KB

MD5
0aeca647b8f5c384b26a1df68481a9db

SHA1
273babdde072cb5e9cfec6412244f0b34430327e

SHA256
593dd8afe5824bdc50afba8d4ee238248fb2efaf5113337bf80d610e48107aea

SHA512
6f8425459f50dea7e5ca939233f0d6c58d2e4c45144d62b77946f43ca461f7a3fc56d148af995d8c40d428b5888b580ff310e9c1993fbc429235d4c786152004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
bb94362ff535a07771db2e375ffcb1a3

SHA1
bcfa358126f48ca1a3d5c7a11308db3829ccf67b

SHA256
b6ed18ef9a169a8ce49530d4ff3042cc75d9d414aa01bb983235f024425bdc47

SHA512
a87985f27cd5302b4687e9925fcbe030da40437eca8b31a67cff4d3ad48610696d8d57b7fa5b6b24a4295348bf0b2f0e22f2aa6ef1f24f03fa242b40c9f3f030

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1504_DGPAEJODSFCZWJSU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit