a70d32929fc3667bf1662fcebc5858db8d280170cc185ef7121a5384f323129e

Analysis

max time kernel
126s
max time network
128s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
08/08/2024, 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

redirect.html
Size

6KB
MD5

9dbb4993346fb9b8999ad1aaa2f9ae58
SHA1

79d10a501b754296e4295037b000931651cd45ef
SHA256

a70d32929fc3667bf1662fcebc5858db8d280170cc185ef7121a5384f323129e
SHA512

f7286ec0e76ae44bb489bb6a91eaa6caf09546ae1509ebd4e11744f33f8775dff4f3ad1133d44872f72a6f60bbc178601a7b0450c4b95ba2f0739bfccdafd216
SSDEEP

192:dqHLxX7777/77QF7pyrc0Lod4BYCIkwO2Xa:dqr5HYr0+CIkwO2Xa

Score

6^/10

discovery phishing

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
51	discord.com
59	discord.com

Detected phishing page
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{EFC5BAE5-034C-498E-93EA-DAB4E67A32DC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
2784	identity_helper.exe
2784	identity_helper.exe
2872	msedge.exe
2872	msedge.exe
4316	msedge.exe
4316	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe
3784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 4532	3216	msedge.exe	81
PID 3216 wrote to memory of 4532	3216	msedge.exe	81
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3744	3216	msedge.exe	82
PID 3216 wrote to memory of 3452	3216	msedge.exe	83
PID 3216 wrote to memory of 3452	3216	msedge.exe	83
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84
PID 3216 wrote to memory of 4576	3216	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe15373cb8,0x7ffe15373cc8,0x7ffe15373cd8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3336 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6460 /prefetch:8
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,15316408563295794292,8234764024324251773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6340 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
94bc93f2e395a84c6129adbf04dbea3d

SHA1
b677035beba18f6e22844f63e6ad3146fa958be3

SHA256
0b0a1feeffc5e27b9b91a1ca32ba33e995836b0673ac37006ebe3ed04f478e07

SHA512
662c0111fb4cb68a193b19c5bcdc4744622dad7933008f880f7635e5b3bc9513daad954784d15675f994eb26bfd7165ea5a76c4bdbc3b916bfa2cf48194ede9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6723b42f798280a3cccf6c1079b74ab1

SHA1
474a01dac066b070a3efd290e001db1635b46c93

SHA256
cce9c4c9cd27dcfbf220d0f12aa4190206f0b3a1687f2d334ea719a1080027e2

SHA512
9921d8dda2149d06ec5795ca7652c4a6ceed97b7d3ab371af1f4a1041c76462162355a6c7129049c1fd5a2f5972cd304dc0f22168a8268f3465df43f045cf22a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c72886d862b5b81385fabb974c751a85

SHA1
359cde21f10cac78f87136c87d9809eb2af57cc3

SHA256
f222d608e5875af3f30dc422a598e367091d41f067b8813f110d4c1c3f38f4e2

SHA512
76d84d57ce5a7b113e5d815d13ca74a0ae011d0430918746457e95d710d75c56eaaaadcc6f9901f5376d972a15fae994739189570ea6c2dd119885504e1754b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e12d87aaf7ad810b85839246ebeda9c

SHA1
8451fa4e889afb05afbebcb61abc97b40cf22b5f

SHA256
818a96dfdfdf442399fb2b8c137c6db3e32e519eadf06288131ee1d70737ca2d

SHA512
25409590e256dfc8957735fe7d8b83b75a64283423f7a126b90570976593cc72ab80e8be02990b57707eb671903a5d0ecdd21d85b54ae958f5f68972375e1e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f77d9c6ea64658f87d2cfcc3dad14f65

SHA1
59e461fd0d36a48c0626322c35e12900c9bbff99

SHA256
ef90140db8295bcabee8e7fda942564b494cd46d557f6c766d7f03f92160dadd

SHA512
7845885d5e3eb9d598119e2e44cdd8a925eb19816624d2d5d6aa961c1d7f7844237bfc98d9e7f552d147ec0caa764fe935e26a9a7134edad6bcebdd616f8965a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03518c85e5753c19a3851d98c1298521

SHA1
08f5aa15246dee8aef97a12770eb3141a5edf51f

SHA256
56d362069bea5139da557f4ad2e10672dc16153f1b4990f6ddf5adf934a42636

SHA512
04a9d1faf3065aac45e18231f663cdafcd57231cf6c27edbdc2f4fa1066360ac0a8399f596623d8e1960597b9ee04e1eca9a26c7292a70372b3297e1d1545e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
3236f77f6cc71190d9c4e2e791ba60da

SHA1
e46e91d6e9b0974ddcef482c6ba4785e2daf3543

SHA256
fabde12fd2312ae04f19e1628a2912b2540e34c3c9dbb3897b7a78200a4edd00

SHA512
02e1f8b12acb88954bbc2496ae9c3fee91b3238a5f8685c8ad7cff1d5fed61aa45de6a19cf732bace78b7c1363d8edfbdd460901dbf4218fc1c8d7142f0f4705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
0ae8a76804df58ae4be43cb0e50cdfc9

SHA1
5487a660492203b6e2823746eb043d98d689ca8e

SHA256
fa3de05b55342f01e6a618c24c8430ef353b872dd8514eabdf628c9e865f05e7

SHA512
a9b40fc67ae8c99ad98b5ca7895768ef9c47fadcb13a15169f9e7aecbe14eddaaa99db81370a5696efbf38045d5000bb561dee40804003c9b1e967d168080151

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
74e520d1613941b975f14620d458256d

SHA1
eb58f7e71b62ed96c030bb72ff31013533a95ae5

SHA256
21ae0335fb5a69980d5ee98da24e9d092a59e9e0302dcf0cbf6a6544350dac0a

SHA512
d5250ae46b76b0712768b86deb3bef23bf269fb534afd522c08d3c532aa0981a61eb7732ba7323b7b6d6b3f42589a85b113db86c006264a669a1816d66658d90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
d4fdfb4636709a8d34f800836eeb125c

SHA1
aac44a1c67ff99863cdf01711315d2c9679870f8

SHA256
a3ec7b4eb2ad38f1c75f959cc61380847329b7d66a9d5be621f5d2a137152589

SHA512
4e93163e5a7d47c52ac4019febfa854f96cb95c1e9bc5da9606d00f37f3a49fb6fd6efd0dec3518e297ab2e72f9fe71a7c7f42aef2c0ac6dff4b502d81220ca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5854e1.TMP

Filesize
372B

MD5
e2c79f07301fa845226c51799947bb05

SHA1
9a05e897b0f0dedb8665b28afda60cc93349b998

SHA256
04b1bbdbdfe268f4b0b2ee68494b4784fae38550a8e6127e17862014a4bba266

SHA512
06969acecfb379d61dee4331ba4bda0f7643a805a7026cfe2b2d7aaecbacfc1a1ff89ba1531e7ce7d38ce4c1d0c1e73536b3ae4155d0a8567c57c962835f77e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
454c216b7ede2b541c80d7a53d23962d

SHA1
1c94752868f8070634783b1b9f0380a8a9b30ab9

SHA256
2ebca49a1eea94f0898f8754174663d25a666b02ccedc20d4cae327389cf76e0

SHA512
8b047f5db60f9ebaa6818124537776deb1f0ad14270e439661e31b77803e07b0a21d2ff81b4ca8718fadc09cba72faeb9e134a4688d941025e7d91a35039c67d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3d51252edd9f492455ec6e700a1347e7

SHA1
13687270f610272d45f0a2a5d3c399c6818c0afc

SHA256
cd8add730bdc4f8d1f11b044cb193e427935d375be02763411c87065edbd7a79

SHA512
2fb917755c9c2ff460390fe052d1e1f234978de582580a4a39e8d8139e52285f851fb14e8e05ff524ab9276840887b79affb756e633b65b4ee3287b3f065eefc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit