ee98bf9f5ee494508100637f46ba907ccedddc4957ed6555c39d7518deed6bf6

Analysis

max time kernel
1564s
max time network
1538s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
11/07/2024, 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

nuhuh.rbxl
Size

5.8MB
MD5

8c524a8b5aa3f958b02c9d03b030dc31
SHA1

e098e23d98f841994bff2f3a4f6a55e58fdeabcc
SHA256

ee98bf9f5ee494508100637f46ba907ccedddc4957ed6555c39d7518deed6bf6
SHA512

4a2780ed6d32df5469dae35e6cdc292984a49c10dfde3184d6b4bb9c2c070c210e04f2fdf82448b3d1d46246504122a81cda1843b3699c712848aaa53bcb1fea
SSDEEP

98304:Gmh4KLkhnxwe/SYJuk5PH3wGineVepB56IHdPf1W5UJx/:GmZLoCR4BKB9HRf1A8/

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	discord.com
18	discord.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3666881604-935092360-1617577973-1000\{61210CF4-DE07-4B37-9F95-976747BCD9EA}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3666881604-935092360-1617577973-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
1556	msedge.exe
1556	msedge.exe
5000	identity_helper.exe
5000	identity_helper.exe
3384	msedge.exe
3384	msedge.exe
2948	msedge.exe
2948	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe
2720	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3252	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3252	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe
3636	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
788	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3636 wrote to memory of 3616	3636	msedge.exe	88
PID 3636 wrote to memory of 3616	3636	msedge.exe	88
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 2924	3636	msedge.exe	89
PID 3636 wrote to memory of 1556	3636	msedge.exe	90
PID 3636 wrote to memory of 1556	3636	msedge.exe	90
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91
PID 3636 wrote to memory of 3408	3636	msedge.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\nuhuh.rbxl
1⤵
- Modifies registry class
PID:3060

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffed3153cb8,0x7ffed3153cc8,0x7ffed3153cd8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9861828164402720707,16954938482074815606,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4652

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
caaeb604a99d78c4a41140a3082ca660

SHA1
6d9cd8a52c0f2cd9b48b00f612ec33cd7ca0aa97

SHA256
75e15f595387aec18f164aa0d6573c1564aaa49074547a2d48a9908d22a3b5d6

SHA512
1091aa1e8bf74ed74ad8eb8fa25c4e24b6cfd0496482e526ef915c5a7d431f05360b87d07c11b93eb9296fe386d71e99d214afce163c2d01505349c52f2d5d66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1fe10b6cb6b345a095320391bda78b22

SHA1
46c36ab1994b86094f34a0fbae3a3921d6690862

SHA256
85a627e9b109e179c49cf52420ad533db38e75bc131714a25c1ae92dd1d05239

SHA512
9f9d689662da014dfae3565806903de291c93b74d11b47a94e7e3846537e029e1b61ad2fad538b10344641003da4d7409c3dd834fed3a014c56328ae76983a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4c4edae2-3091-446b-8729-2b77b3bd432c.tmp

Filesize
871B

MD5
91377c439e20a90979ed765467dafbd6

SHA1
2394c7f5f877a101ca557879f4ffccb7f04e9efd

SHA256
bd1d4fcb9d338db00155703ad125c6ccb36d876c55b645ead1d733c66dcc0f4e

SHA512
75a21685a6f6e1aa3c9f0d6985d6393e26b3fa930fef7e62e4fcaddeda27c39e5ea33de20f54b3179948b2e75670e9dd5b5a164cf48e448e47a9091559295749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
9053e1038b544bbc22542ad26698f25d

SHA1
705c932ccc5f042dc49eee3712d589655c27cddf

SHA256
1cc15dbf1249523068114168de879282eeb6ad4854b4f5bd2a8a06c34cba19b9

SHA512
20ee027e5d6e1f1f33090313001618610afeeb4804e09551e17cbc1120728b3939cbb16c41dc18767a75cbaf6b1e98c216e2946932e2e7a848f288865e00d086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
44260e961398337dda1454b8b6e834eb

SHA1
b6ab26ed993e05e891152cac606c592824cae0ab

SHA256
6f2b96959973a91c2855cbeab48dbf8d78706e3d6fd1595b5cc1a61b466cadd6

SHA512
49a712ec3d225ac7d40d1927bb929c15c8a9579ef70d610259280fae1846377cbab2e5a7cdcca0723229850e8925a6bd93a269fd1160048954be63312a2ed311

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
cf89bbd2bd0702b0ecd964347ace9c4e

SHA1
04f2fcad763a7190e75c9d32ecb2178e328bb349

SHA256
f3152c89f5eecde36f1969994c00df5c628ec8aa2f39635fa6281ae19e6c7e61

SHA512
10439cb96b6aef850220b28ccc57eb91e9c5f1381fe24a7a78bda96001eee0dd8baba5b36671b341568a49bd7c643cd775bd057e786eb137a568e1c1b66945b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cad4a8a34343b9e7ecd22c448bd4c5fc

SHA1
344ceb2a34649e5ee9a5ef9fded488db39197827

SHA256
2ea2b8ac413aaa92c0c24b68c8ba8eec0d077e6284b76536ee368bf4363aa057

SHA512
9f0f746b7456590c5e0ba59d062a39eadd8b0c67e6d7e23326d6674fbe1e5deb7f408c7219b0d34cc3e65b739fa07a4999400a6e19cf2c3f285fb9d3cf80deec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c4fc63f22fb090d5296aa9acc25f238e

SHA1
c33538c6255ed54fa8f9384d1a700f8d4cd8dcbf

SHA256
e911d0ccbb717530d8d900c201d2a619f6497a7264ca189f8098ade37e00934b

SHA512
be99ad8ecf2327101e2e004aaf937569ceab1ea24d800a6acf6bf31c2eabc067816fc0aa639af870f542c296e84175bf49ad63c333d2a57f3e2a8f537d3f4681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
180e9c9e63cb402f232873ea3cc7d6f2

SHA1
04bd925323f04c5942884d3fd85d4139f005194e

SHA256
b7675d3e3ddf875153fdf1d2409a20cfa3487e99ae808555ffe962402564130b

SHA512
a9f536d26c46c46d69d5fea77ec47304eddd59ce38f5bac45e034723fae8970cbbc7d54c78d90d14bdc5c40b0e36a36396ef230c31500ccca3507e8280119696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3b8da4ad876c8c440b3cd50cd6867333

SHA1
a057f39221aeedb778209a15bb9e96c1ee4f8f39

SHA256
2550e50b492f5109194a24bd3ba8e09f1d4fed4906ba0cd8ed1c0d07abadd9ef

SHA512
d4f5511b5c9ec41380618d9eb50bbb4765688b34f81f2bdaef8ccddf60693501c08de279a0fe845bf6fd6ea90930fa16bd9afca13973bc580767925ec029f8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a81abfa8d172ec06d3ed9f1fa1915097

SHA1
8076146bf95b9d4643b6fab779c34eb264bda4e8

SHA256
7acddfa11db422bdcc9e4dea2446ea3982f3ec991a3728c9f426ebd312f4e139

SHA512
a6eff9e2875a3af7d30474a69987dbbbc74d7904b6d1f6b6b50543201be237f1fc3b019662b87d614289bd5e7aaa3a79f6f87afb0c86c244ce1d9bb9fc4dcc3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56725d874780fb324a6f6e0dd65df977

SHA1
50da7d9a1f48330479971b3509cce8fc5ae9db72

SHA256
a7bfa7a7f7afbe38f8f60d695bb2e0e9f0212571cec13f79d0ece677317dca0c

SHA512
b5dcf5e16501532a5f899f309cba002a1d1d37aea98e24011eb3a6d0545ec105b44da976cb7e556db5c3e9ec565522804be9e73269759eeb69e7681d0ae62a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48137d085d3c9ef4ac7b43a4ddb3a10f

SHA1
e582de04c3ae844db0cf70d094a99fc19fdbb696

SHA256
1714a3bcf15bb52de85adf2c11ce9e0dd76459b4a7f0eb9ac7d7c2b666ab4d84

SHA512
3d66a5f2afed5578d41faaa4a716cb5bbc7e66123129ee3ea0c6707ebfa5b571c6f12979333b0a87cea87775c7868fd311b8b62897ea6af2cc5a7fdaf0cf7935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6fbd61f29b966e73b838fa1fe592f57e

SHA1
f1df561b6703820e8aa4b35b1fc5226d9c8f9014

SHA256
3f8ad3d1b3f30600c34f7ee51f068703b349c4ffb733c4da1ebf2af0744f0a22

SHA512
cae28c589af0caed956c6f743cc7b24f6e6a4205e45f68a6671648bb8f76dfa23992b34d466700a2e06642de222a4348515615ad68621ca4d4264e2cf71a135c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
0d02bb3ff96d56a067461a3b26e9aba3

SHA1
eb7c8ab92bf6650c6a73acb91d7de9b9a717fb63

SHA256
e4811333628ee142ab26adb5ea6f3a7e63599785e54495bea3de5d6c8c91ef7a

SHA512
79ed03831b27e45ffa336fbf5ab066beda0ae021f2e53373ba3cfb0736b66906df199fff5672df51576dce918e4517d5c1d6c9855f3e0cc6c9eb57d853940412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e64c64601861a577db1a7e435f14b4a3

SHA1
dc5b12fef560f5bda60719f9791e71aa7130f3f1

SHA256
11e63acb41da84d8c1a73ed6e57a777e99f62955cf7bf909f3996556850818e6

SHA512
0ef3f593c9762ce7b6f4d95306757d0b40ac6200a5c0ad4175a6f101cbc21e880a1f65c21e74578572bc2df35961474ba88c0f6c31cba039e01f50b101bc983d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
6f1bd3bf56a6c3e4358e635406b0a600

SHA1
14ac70feda43e2f95fd03ed7742edf8a076f738d

SHA256
14951d6f4a5f0d56bb567a9be5625984da3a9905d2e9e701906a990906424b83

SHA512
817c70807d68d5c4ea19479105ea4fb7e0fda00fc0323fa515ef4264f8d562022eae26e859672db5422971dd213f0a61f877ae1373afc8c83d903fe4ff7cc7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7da7abcc7d27dda5d7ba998f3d61e483

SHA1
1a4dcd0efc2dd7ad35f3e33251076742e5dec116

SHA256
a62c2a21e4bc27eb6815642bde5f07efb225df0b22ea272de5764deef72d01bc

SHA512
bbf7a1b499ec1ec22ff6b1ea450966e551860962de75daf72e5f1894182e253aa2e6f682616828fd5a418b2daf8b0029f128809f0a80f40717482954411ba5aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
27f2714bb385a190f32b9c194ed254de

SHA1
2d4ffc18d36cc7992ebbf898b4e117d490f0d421

SHA256
db43a868cf54e8a568a8352805ec0fd188294d1a021e09576f6a32a464daf66b

SHA512
216d230305f454a09fc5a3d518fdcb89b3ac4747035a2652df0cdb8c36e01bb5b9b53846bc6d8efd6ade44efc34aaf9ee5f26eab033845ea961692d2811dba83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d731.TMP

Filesize
871B

MD5
ea641b072f5f9af7416d369f9cf7a7a7

SHA1
09b75af9018486ba5a49f7dc7743bc763ae1928e

SHA256
d5dea4edb9e534f560bec4b34577290482655fbaad9e26d4ea9a341f20d2acdb

SHA512
a6f59cb1ae1f6fba6c455713ea90a3165565ed2dfb024f11cad2562fdbc0a41da5b335cb47eab04d87d28d626802a0af969c0a814d440ebe9b112b9045fbe4e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1f28e70787fb1ad54f76dc64764a581c

SHA1
a6eaa6bd2ff6f0d6255681cfdc202f613a2a8b63

SHA256
ee74d4deee24645f2ac762138c3aa679ca49095a0ef9375b5756662ea36e1a87

SHA512
9b6e141bdafdb7be37405c7e97e5017b25e20d6d927e4d68f125e23e5e7ddd532dd45ff42f91df49d76a9b951e9c7a4e6e7a60fafab5d493ca49abffadba121f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a16bdcf4caa982dfd0ae0685f9c3fa17

SHA1
51bafb835294f4d5540788a1f755be2ce7a05486

SHA256
215ac0b1420798b3d40d07401c9bb5919a8742e5f1a8c4253393fd3693ef77b6

SHA512
92715193190f5a110181ea0193f725030db0743e5ce91529a6081e56ce313fa7357bc42f4d7db6256ae2463719b954fcdb85fb55a5bb26eaeb60a5731e9e513d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e11392222edc75888ea4b8ba53392a72

SHA1
f2a37a6c1c2feeffc4874c51f231e89e7b35de04

SHA256
54db92c8415ade375c3bad48797acd940e505de9006be062ec866e73381950e2

SHA512
3e6c44af49476006cd618f828601353337d4f61a37f5526c8587b7cf42cf6749f100dd398b395b29baafe88ec216fa71e5e06e4d820ef4ee167731788d8f88ed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit