hxxps://google[.]com

Resubmissions

20/06/2024, 15:51

240620-tasleazcqn 4

20/06/2024, 14:55

240620-saw36atbkh 6

Analysis

max time kernel
1747s
max time network
1685s
platform
windows11-21h2_x64
resource
win11-20240611-en
resource tags

arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system
submitted
20/06/2024, 14:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
36	discord.com
37	discord.com
4	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-423582142-4191893794-1888535462-1000\{0AE8B7F7-A1C1-4A6C-9A42-4DC2D5F3923B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4020	msedge.exe
4020	msedge.exe
1664	msedge.exe
1664	msedge.exe
3536	identity_helper.exe
3536	identity_helper.exe
5112	msedge.exe
5112	msedge.exe
2012	msedge.exe
2012	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2612	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2612	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 3392	1664	msedge.exe	77
PID 1664 wrote to memory of 3392	1664	msedge.exe	77
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4840	1664	msedge.exe	78
PID 1664 wrote to memory of 4020	1664	msedge.exe	79
PID 1664 wrote to memory of 4020	1664	msedge.exe	79
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80
PID 1664 wrote to memory of 5060	1664	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa485c3cb8,0x7ffa485c3cc8,0x7ffa485c3cd8
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12378377330251813727,4136077615228801370,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:992

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6f738fcca0370135adb459fac0d129b9

SHA1
5af8b563ee883e0b27c1c312dc42245135f7d116

SHA256
1d37a186c9be361a782dd6e45fe98b1f74215a26990af945a2b8b9aa4587ec63

SHA512
8749675cdd8f667ff7ca0a0f04d5d9cad9121fd02ed786e66bcd3c1278d8eb9ce5995d3e38669612bdc4dccae83a2d1b10312db32d5097ef843512244f6f769a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
68de3df9998ac29e64228cf1c32c9649

SHA1
be17a7ab177bef0f03c9d7bd2f25277d86e8fcee

SHA256
96825c1e60e4a87dc5dbae78b97104e6968275fa1602c69053d0192cae143f43

SHA512
1658b0bc504a8a5c57c496477cd800a893d751f03d632ef50aff9327cd33ad0e4e4f27bcb85b20bd22bef2ca65600b7d92e2a1f18fd3d08ad6391983de77beaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
8eaa3e5394b7c67b6ee5c65376bfc673

SHA1
dea46d8d5fd547f682039acd443b2b15c40ce808

SHA256
c4a95fdf6c7d42c55ba9c10e58dc7c9b9cd56d81ccc3133ec20f06c2fb6a7420

SHA512
64986f09d573665ec7d02fd149835427a4cafe047ae19ab15b51c6d33ceefb62e9209baa43652c582014758246a58bc2b6c6e8217e7d9b308ebcdfcf58e67ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d66762fcbc7573e38c561976c635559c

SHA1
d100b720e20b5c4b697ddf021e87cc2eca4376b9

SHA256
b7953d8f7a2df3ec3cb772677c9e06ac6fbaea236973dad9a5562554bee9799d

SHA512
9906d8e47c52df9ab2844f9d9a2f4758526a1012067a9bf952936b24db6ed9d13f82127f27931bdcd8d3ee99c0ec48849f825136f831fd0f8abeded7431f5537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
80cec83f8d63bd64c420a8983ef9d01c

SHA1
616fe1afe7d3a7c761823f73749e7dd5b9dbc61d

SHA256
6517cb682414ade6807d39964a906a21366aa6f611ebb7b71c79272f163f8319

SHA512
827922cad81c5ccae082629ee621ca820969e462d119d98fad4a8d3e8ec60daf53cb964cfc07751f98837d67816dc9e0a065b136a57d463d30c03c7a67992a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ce07b82437980a126e39b3187b10f284

SHA1
515b93e5164f199895124362d4ad3fdcccabeea7

SHA256
d3c177b2eb5742575250c403fb35f3725e98ae5ed0c4a5097ac46de69477943f

SHA512
c120b618df2d59436a4475e04da4615c2b2a8de1c81a2942715714680dfc7fc104cf6feae6afc315585a4be6c2815886617ea2137ab95bd47606b02e880b6855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f90e04385a121c9a7c6ae9608b3e2a83

SHA1
da1d77363fbf122170a4c88163ae2954ae229eba

SHA256
6156159339fb8a71c320062bebb7ffcf450d5350fbaf01e42797217053a78344

SHA512
05f975909227e4920e1044107e630dc6a69826ab323e6cd945ec0c8748e676acd01e0b92b462b37e11d2e64e49397b32eec8ba37d668d9cdf813f96aa0c96500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8c07dbb20e7332ee6436d7cf7af5b98b

SHA1
f5ed256f822685d650e2f8be0a1eb7be1a13213d

SHA256
9a0baafc5b491df77f33acff8104d3dc3b6e8460c5b2d13bd6e3ad6028889296

SHA512
0f307ad8d49353303ef0d4cb3f4972e72b71ceb8a195d149c4a8b1d134a9414de5d8bdce4f9221a710be21b3453b6ff4bab546fb2807bb7d45a56f1b54bc731c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9bb2368c8b8377d49e678d0131c1b756

SHA1
986315c8c1e74bd39916a9c8f2d99e0545bb85d1

SHA256
7e0538e7ee012212cdb5136fd4264283b0fa0e609f44c04440f0af6f6c5c78c0

SHA512
3fe82dc91d25a0e520d4a7e2155cb8e6a370c2237ea1c8283c41d24e86e8d4e111cf1b8bd8b57c7240982b3d34d60420689a6a3d7f5f6a4195149c2b2fcd6c72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d84c6c57e655edf56e9f74d9f1b03a50

SHA1
6a5c57193fdd2d422c836020db9c90be5e1880da

SHA256
94004e0417a8edad0ec38ec794a8c0a091b295615b85f91cfb0991d0fee5e1e8

SHA512
868a2b7b8ede92c4fc7311af232a9603cfb0900d5c56751ffe858443285b0c5d5a7f26aa46d30be4182a69edc642f029f079daf6a13e8056532f9c7225bfc3c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdf2991bbda640aaf05cd3c5ae61e2e7

SHA1
340dce500c91d18befcc57b43a50d4ac883163db

SHA256
d979eca61f74fc318411ac004ff5e7e95aa09ce8019a52234fdec1d927aed44c

SHA512
7d98eaee083e2fdb709b9549fe60b9971d3c089ff8be618592ffc7958f02cfcf0701f0317296418bf58b230d351c587a5cb3ce5c8da58986098255faaa899929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40fbd0f054bb5de142d31c390ea3c9f9

SHA1
4046ecdbe693500225088ab69d12380864d20735

SHA256
1aa2c6d8e17a8ac9a476685928faf3e8eb2aa9a6a2579fde3633c0197135c3fc

SHA512
702d8c10c951bfab2da360bd857f64bfd16beacef3399533af250c0b86d9e80294245f103e0b1ac4e93d527e1d7cd1417491a890ee83d954da9e4ad86b326608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
e7216169c44240746b677c4233cbc765

SHA1
8d77e2f2986517343baf61ea9cc664ecd42a21ce

SHA256
5da1935bc8739bcfa5ab42795138351b85470a9d0d1fbe381b48f3c09aa137af

SHA512
758bf7c17d46ba66308e7ed7cf49b1efdf86a5ea544442a1b580ec692e0f8fbceff29bd7338971ccf1e9910a67a1054170fccfa7f43fc55093b33313711805b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b5cc1eda9c6df5e95b4eb00e4fea5f8

SHA1
0c287e48b2687b2b9c53ac6f86e735f1088cca13

SHA256
6434659d682e86495314a58c4fbad3bb76e30216c2601d1994409a799a760321

SHA512
058cb2a7a2f6bf48b986a5e88a0783cac73869ce32feacbb27a39a66844e60294226aa015a8eb29a24dffa21605e70d74648da058679e9cd6e2c9da88b3b1083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582f97.TMP

Filesize
204B

MD5
92efe9d44668a70a8d003d16d81ba707

SHA1
7703708c2bd64ea4238d33c9ebe7f9a0dee78a09

SHA256
0fec6e4934725c7f2c16d9e0031255091bf21594bf79d924a403229991b0544c

SHA512
2bba33f00ff6c16b1e2504dd8c27af9e09c50385656ae6607cbcec7896469f33756d84a9ec4f364744f4604fcc7d0bfd362adfab69ea2f77d2a10ed91f46f51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
79815b7edd0fab3a3e3336ce8f111b4c

SHA1
5c97b6bef017160a3f40500f4da4d4fc4c1d043a

SHA256
8dd258a492c5fdce57df79a1bdc309167b0d42f96beb807a4ce5869292283e7b

SHA512
b9ca0f3dfec5f0f1ce10cc2612d6e591e5d58bb568ec59f35c25b7a432364ad6f741f5c245c576fccf357135d2b92c0439591bb9e2c17a9594ce636abac1235a

Download Submit