hxxp://google[.]com

Resubmissions

31/05/2024, 06:38

240531-heedssab7v 1

31/05/2024, 06:35

31/05/2024, 06:35

31/05/2024, 06:35

30/05/2024, 03:56

Analysis

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
30/05/2024, 03:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{AFE5EE1D-22C0-4666-B12D-575FB7131CF1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
5068	msedge.exe
5068	msedge.exe
4912	identity_helper.exe
4912	identity_helper.exe
1584	msedge.exe
1584	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 3248	5068	msedge.exe	84
PID 5068 wrote to memory of 3248	5068	msedge.exe	84
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 3932	5068	msedge.exe	85
PID 5068 wrote to memory of 4240	5068	msedge.exe	86
PID 5068 wrote to memory of 4240	5068	msedge.exe	86
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87
PID 5068 wrote to memory of 1028	5068	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaef7f46f8,0x7ffaef7f4708,0x7ffaef7f4718
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1348 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,493956856006222143,2814063475894831567,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5236 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x338
1⤵
PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
1.2MB

MD5
89fe452a2fa7abfc6c38a58c12ba9b4f

SHA1
974d32ed56246635dadb3db69752735dfe3be2b7

SHA256
d0548fbc9f09751d4175ea95faeef4fb1384c2208a2b9c93eb46ed0789ec8095

SHA512
6aa628ca5fddf25e238338752464710ff839743390cd0f46752bcd7dedab80c9ba15aa375c4825624081b634a1ceed2b7317dc775d5d335621db911c38ba852b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
7152b553a399ba998f03acdea73b7f46

SHA1
8fb3d3c34c8f170e7284dbb387f47d59f055468f

SHA256
ef6de233783c5877b9bde634b3bd3228abc4f1360f1fc19abe5c3ecb774907df

SHA512
6bc322fe980163b6997604ebcdb96bca7a109e7825bb77b33e2cb7f0092df8cdf30d27f593209ffb751a4bd854522029d0a3ea1b6b7eba5632c88f4d513132aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
14a4d06ce5e52f7a40a13937c18a7b87

SHA1
7e928a66d52aa700af4d932edca4aa79acad187c

SHA256
12152b45f916826fe3fa5c2390fec2ac727b7744b08a0fa0be13299f3a448652

SHA512
8cd54fb6965deb94ee4b2518330a2e95092905795d7b83171a1b382936b398f36cf892b98ad25f9caaf4f653c59b16d359d3b3653a9b7590a7703ba397575929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c2506c04c7d84de20c9c0d6873f3aca2

SHA1
50a2333900178c08d6780d87ed16b058b0c640f2

SHA256
00c419f2f7a424806565d8c43624ee0d843d39b1cce7a7588e72c233811f9cc7

SHA512
7331d3b5e97af4aea51b616613d3b072f5ff77f87a3956055423b8641df39286cd73e9f5bc8210b8cd3b89b76f9a2526546a1c0bd75777fafafb988be4248c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e4fbfa9e81ae0efb642557dd5c7f8fe9

SHA1
e07dfbbba68033e71d8324ae39cd8003abf08e11

SHA256
868b3be15a0a2a104cb051ac5ac1bf007427d96f25e704a65a2c328d4ec77703

SHA512
54cc11818b1905fa61b3babe31a399ccc955a043871b26abd7183afed8b812b2c40c82b3f3c7a24b3ba5348b080c8a2eabcb1557ae16b00c371496bd3ab1da2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bccae9f9639bd7e3212d9c14f2cadafd

SHA1
549696d06f5d91314acff99de54c0a3f1874ebff

SHA256
722a832406c347833f9fbb043e2aaf27c68a1bda6c63cf0466035019ca136b57

SHA512
f6d2ed41ddbd977ee48bd15dd35ff88074192d273b2f16fa73a83f1d64567388f735eebe6ebe1091aebf8c87fce7ed0992b889fba9adf9ca82b6e05fc32f4563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7deabb58eddab99a8a6844eb08aab0b3

SHA1
c69d3a06096b3689fcd47d5cbf387686cd141f8b

SHA256
d69ebfa3ba4572f0fdfd65bf0c040ccdc62af753d965c125ea8419d441599319

SHA512
dbc93165aa2561e6f6a99c0ced37d8411bee683269fb06ae52697900aadbd471910edfbb103dd3cd34368da9d5027a32a6041d9f9f6563d13830760633864a90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3f1671e55c6e5259f0d0f5945853f42

SHA1
eac9ffbea1aac56596660223468ad90c3855cae4

SHA256
dc577dc83d60d27857429f93eddb113ebd5e026f6a7eaf3b86dea74a03cf6b6b

SHA512
7748778963372d814ff9f7266e7dd4436d872113904e7906537c86db82613e6b9c316b51623019140ae4bc66a8ba5439d7d50bb2d6fbed924b19c620ca7ea9fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07514c1cd4ee81781b47bb5ab127a4f0

SHA1
f4eee76f424be5a09db694f04f4f0baaab2c3b04

SHA256
7d2ede13132296ce6eeb6c844eba7fa2784f17d7220ae03a273f00e0b1effaf5

SHA512
0e28169dc7d34cd9d666a264d82648af6918238da1d2fb3a15adf63ff93aef7ae677bc66325af3e1724edf9c7ad45bad548b15bee8b719941e627f76d891c87f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a9a9a2f9edababa537ee4353b706e84

SHA1
178f069cd0b0916837dcf042ce2d9c31c45c2047

SHA256
d126f77532f1e4f55285a935fc0f6db911dc9bf8b5e8d2197f863f47b7e7f862

SHA512
efaa33ffb12a9f7f61ee37a395c0a2957d359b90cde49116bfe6fb87ab263bfbc14168b23171ffeaab6fd93b00fffa6fa2062fe120fd51ca00eeaa1207ab8291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
83e28641a85b372a857cdc0981f48824

SHA1
b754c9a0b3f715ae537ade867f1215076aedcd10

SHA256
a465df1e92f44fb139d32d6c18ba1b32d866fb7782a8d38c91906ab8cd643c16

SHA512
01720225de7e571169a3b6f73b8de34811e2069fb94d51e2a84ea7fd21217aa51f11c71d4460bda3c5ca9dc9c4a1605ca3fac9ac713b8a6530b1252895e1d501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
b9d99fc052d159204b1696fe35615b77

SHA1
86b04c61fd8e885ae0b6b9f23416d2e087be0bb5

SHA256
4553e8b20b616eccaffe29ad121f85c2fcbd09cfa5cc32e29b9b76fe00e4ba10

SHA512
252b8cda419c278f43523ad693add20c5e49fdd1e24a164e4bb93092aef8da240bb1b7477f68c6cf59447d3473071ae1b2392999a0cc8c3cbcae570d3d3ec851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588519.TMP

Filesize
372B

MD5
00390fc1f02482e4b619932f39faad00

SHA1
90c90502f02a6387183d8ba850a45389eac04e25

SHA256
587dffa0e822fd68dd860d394f6914250f00e57f24c2936a586d7db4e65acd2c

SHA512
7f7fd141a992e9d58fd414b7edb221cce9389901af8794f7eda574bb2b5e3e91e6a2b48b8b93641f7665d2b2f592cabe56efb58d1724647b995f638947f8f2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
15ac06dd6239c82879767a93018a86fe

SHA1
6fd4e99655b73e426c43732548ea8544d8b7e289

SHA256
ab17412ff81d3ab06a604ccad6868fd6555ae5a170c0a3fef39a3ebc52a16be2

SHA512
75a14731b1046115a66362b8eec237f1211f3d92de621e2dc64dea1c8cfe6e8c371711c37cbb89b87e5d0933ca2ff267e20e64709e65afef371d9f5b30f743e1

Download Submit