Overview

overview

8

Static

static

1

URLScan

urlscan

https://www.google.c...

windows11-21h2-x64

8

Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    17-08-2024 12:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.google.com/search?q=e&oq=e&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQRRg7MgYIAhBFGDwyBggDEEUYPDIGCAQQRRg8MgYIBRBFGEEyBggGEEUYQTIGCAcQLhhA0gEGNDZqMGoxqAIAsAIA&sourceid=chrome&ie=UTF-8

Score
8/10
discovery

Malware Config

Signatures

  • Downloads MZ/PE file
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 2 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=e&oq=e&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQRRg7MgYIAhBFGDwyBggDEEUYPDIGCAQQRRg8MgYIBRBFGEEyBggGEEUYQTIGCAcQLhhA0gEGNDZqMGoxqAIAsAIA&sourceid=chrome&ie=UTF-8
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2204
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb0cad3cb8,0x7ffb0cad3cc8,0x7ffb0cad3cd8
      2⤵
        PID:4812
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1924 /prefetch:2
        2⤵
          PID:2316
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:2984
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2092 /prefetch:8
          2⤵
            PID:1604
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
            2⤵
              PID:232
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
              2⤵
                PID:1412
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
                2⤵
                  PID:2804
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
                  2⤵
                    PID:3028
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
                    2⤵
                      PID:2928
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
                      2⤵
                        PID:3128
                      • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:3440
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:5036
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
                        2⤵
                          PID:1672
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
                          2⤵
                            PID:2236
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
                            2⤵
                              PID:1012
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
                              2⤵
                                PID:1556
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4716 /prefetch:8
                                2⤵
                                  PID:872
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5700 /prefetch:8
                                  2⤵
                                  • Modifies registry class
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4764
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
                                  2⤵
                                    PID:1060
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
                                    2⤵
                                      PID:3652
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6188 /prefetch:8
                                      2⤵
                                        PID:3000
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
                                        2⤵
                                          PID:2136
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6396 /prefetch:1
                                          2⤵
                                            PID:2556
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2572 /prefetch:1
                                            2⤵
                                              PID:5076
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1772 /prefetch:1
                                              2⤵
                                                PID:3736
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,15578240296428728811,11172982372373867280,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6312 /prefetch:2
                                                2⤵
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:4900
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:2968
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:4388
                                                • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                                                  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                                                  1⤵
                                                  • Modifies registry class
                                                  • Suspicious use of SetWindowsHookEx
                                                  PID:3624

                                                Network

                                                MITRE ATT&CK Enterprise v15

                                                Replay Monitor

                                                Loading Replay Monitor...

                                                Downloads

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  b4ae6009e2df12ce252d03722e8f4288

                                                  SHA1

                                                  44de96f65d69cbae416767040f887f68f8035928

                                                  SHA256

                                                  7778069a1493fdb62e6326ba673f03d9a8f46bc0eea949aabbbbc00dcdaddf9d

                                                  SHA512

                                                  bb810721e52c77793993470692bb2aab0466f13ed4576e4f4cfa6bc5fcfc59c13552299feb6dfd9642ea07b19a5513d90d0698d09ca1d15e0598133929c05fe1

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                  Filesize

                                                  152B

                                                  MD5

                                                  4bf4b59c3deb1688a480f8e56aab059d

                                                  SHA1

                                                  612c83e7027b3bfb0e9d2c9efad43c5318e731bb

                                                  SHA256

                                                  867ab488aa793057395e9c10f237603cfb180689298871cdf0511132f9628c82

                                                  SHA512

                                                  2ec6c89f9653f810e9f80f532abaff2a3c0276f6d299dce1b1eadf6a59e8072ed601a4f9835db25d4d2610482a00dd5a0852d0ef828678f5c5ed33fe64dddca9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1a982b8b-ef7d-423c-b3e4-b2cdeb43db6d.tmp
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  19680f2f5bcd784e5b2afe80c46cdb1a

                                                  SHA1

                                                  9cf2b44b20f0821285e3f2b086c9390a25ff2a8c

                                                  SHA256

                                                  dbbdbc4ce9b641221a4607df8f2cddcaa20848b3c80689ca3d3071e2c61da1a8

                                                  SHA512

                                                  3807c01315cea83384252d3e0b482c17c332d2e7fd87ba75d4108f6a00cdee50820cfb9070e7e4e739d2c5894eb94799671e97610df373d87ff1441c6ed0df9e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                  Filesize

                                                  4KB

                                                  MD5

                                                  722280cfe7a80fadb4e8e36017e6e185

                                                  SHA1

                                                  a6601d6225fe0c3be2a7a2c1480a975ab89c65b9

                                                  SHA256

                                                  842c46deffb05ddec9a8014b5cfcec84347c91e5e3f0999112c38015e4083ef6

                                                  SHA512

                                                  92ecffe2411a4d815913f0086c8f3b2a38b7b123d9a836aa19da0db8efe4bcb7e09c89961dea1b2521aa89a90a38af3309a4e7f881d1440a4ffbe85bd82b71b5

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  2d63f01c7613fc6503b74ca6e0238626

                                                  SHA1

                                                  5772ef00cdd61b7265a73b95391930447366c098

                                                  SHA256

                                                  064a28ad8214aa981a6601c4ff93aa5d3500ff39fb28439ddd0b901d7d9b57bf

                                                  SHA512

                                                  649785e9e8b492d979b0dfeb8525af513a9a9b1f3589b2161816ca9bcc65359e8d36ace930f4308ca3e357a2e9828ff6723b213f62158f4efc76b9db326b8e21

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  fe5dd58fbed5df53fed5ae42e15ae29e

                                                  SHA1

                                                  b8e8fabb949ce846b192107b7a79f7dc90dd6b5f

                                                  SHA256

                                                  6c057b7e9d4f2e2c2f0f640df923e6dfc9219b4f02e81cf6d1e1c0bab852ef58

                                                  SHA512

                                                  5863b0f67ab5714b6e72b6fc452fb49e6283dde488a608ac0c823f46ebc40114d47d0514fe230e4ad7557902862b5d5618c5c72e09f6cfc2bb65bc96760bb582

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  5KB

                                                  MD5

                                                  9af6e25f6e9ae2e40b6a66185e74be0f

                                                  SHA1

                                                  5815fdc7665561c5aefbc01209c7153219c9fa51

                                                  SHA256

                                                  7640bb7a85749fdf2749c038625781a45bd24f33dde665e1c87e1658a160964b

                                                  SHA512

                                                  6504265dfe41ba14272bd6fa3e5148947bd4d1fbdf99e7fb87f3e8dc3efce0414bd1835b28a25c9687bf463e868259ae531c47e5c740116bece7872d0981c6a8

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  31c1e41c7ae5323e1d55a276977a5187

                                                  SHA1

                                                  9d530a2e88773adc658c224fbb24009a52a963be

                                                  SHA256

                                                  676c955e4a4bcc8c8b7786cfa62fff30517b8fef855119c23762412b050dfb7a

                                                  SHA512

                                                  f4207ca95dca328cb7248a174810f99e20be66d35184ea270d19933232622742e969831167c0a5acaa2a9c6605ba592e872bb959700a139b675823fefe394021

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                  Filesize

                                                  6KB

                                                  MD5

                                                  5bc66e84ff9d0a77aded8ed336f5453a

                                                  SHA1

                                                  a51e56334c1ca0236d4dbac9e5391f5762a49ec9

                                                  SHA256

                                                  5113f9f785277084cf937fcdaedd279d157dd4ae3c016ab1ff318f7dabfe77df

                                                  SHA512

                                                  b904a5d36855168114045a4d25cddda98bb9c335b604cdc8479c1133baeb5aefd60e74e9374d0ee2dfe75c81d5219a94a073be279efe417a84aa655ab348dcf9

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  190b3b2c31361166d37577adc7d040e4

                                                  SHA1

                                                  986b231cbcdfd328f461a0e3dc5e63e5acbdc928

                                                  SHA256

                                                  3c52e3e5584a5c3efe76c741b34ead435ef7ba7fc02d0b15df926a229de13ceb

                                                  SHA512

                                                  7e64f5a1d283a7a7dc7cc3bad92e4f84e5d0ee67f31bd0557a3258bda2cfc338564144d4a4463e8d75a41f5ae4e05f03454355b9116b9311a5ec2648f2e2118f

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  332878df54b0a9dcae1ab3bfbc4db9c6

                                                  SHA1

                                                  4a737a75cfcd505f71496f78155b6811394553d9

                                                  SHA256

                                                  6ed3d61516afd88244312e6adef8f070201b6472ca20d08a43c935b45e383d70

                                                  SHA512

                                                  31c3d31ad83e48aed5bdee3ed512a983c5298ecc3d5bae67b1a6f48ed68dea0fe8f16127e3f54c523fc48865c16494edebda05498021841033a6e5b8992bda05

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                  Filesize

                                                  1KB

                                                  MD5

                                                  3655c7e2cdc054d1bc05c2128d54003c

                                                  SHA1

                                                  043b9786ef511ceefccef943732325c5fc2ba378

                                                  SHA256

                                                  97ca35a0e53aa58ce81bab80119d232eacef95b49713f362ebc2f5ab63d403d2

                                                  SHA512

                                                  6006d7a3e0d1f9ce682c185565a8f0f95b350246166e816ce062f7462ee502bb5dd5f41cde393c37f5a847b751093b61b653d96cd32cc0018307900718ac828c

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5813a2.TMP
                                                  Filesize

                                                  204B

                                                  MD5

                                                  cb27ca8fbd29e95022456cced8742067

                                                  SHA1

                                                  0399d063fab6e4ed69866fcdc928158985664d50

                                                  SHA256

                                                  e1084f38387ff0bbe87ae74619ed8b8566afc8ffb7e21dd530e994bedc66ef1d

                                                  SHA512

                                                  7238c4330aa6599b72e339f91cf702a105b551026ec4016539675315010263f26d81c647884f6ad9484dc0a1b5276bb67bb954cbe7c68a4b49a23cee17974799

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  46295cac801e5d4857d09837238a6394

                                                  SHA1

                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                  SHA256

                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                  SHA512

                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                  Filesize

                                                  16B

                                                  MD5

                                                  206702161f94c5cd39fadd03f4014d98

                                                  SHA1

                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                  SHA256

                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                  SHA512

                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                  Filesize

                                                  11KB

                                                  MD5

                                                  f5f38f4ed4675403ededda66340ead42

                                                  SHA1

                                                  1c5275e528b55bd5d9ce4975d541a8e5df7e63c6

                                                  SHA256

                                                  bd74887b5a78f3398d2be34cf23a134e2b125591b45a6817c5b315de50834b66

                                                  SHA512

                                                  2c27c16ace604344477b336820e92a463114df95afaa2b25778d347957dda75af3b73a70bbc9b34a81b0f6ed53b846d396866d5b236c2fb8fd437ac30b92b27e

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                  Filesize

                                                  10KB

                                                  MD5

                                                  c3e08121cabb9380e3d50cadde97d53a

                                                  SHA1

                                                  0e666954e83e97e3883e52092fe2be88a520e8f8

                                                  SHA256

                                                  76e1d3ab7320c4b863adb091b5b77205d81e13eafb539a18ebe3d8ea46b29433

                                                  SHA512

                                                  9a6ef7710781d2f3a1f873129b21990548c1b275720080d87fe4051b464b0aef4ad8625656c388a65163563c6fb2086c29c01ba5f518c5b9679e7227fcc7941f

                                                  Download Submit

                                                • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                                                  Filesize

                                                  10KB

                                                  MD5

                                                  d9c90cc81a3965139958ce95221b3e3f

                                                  SHA1

                                                  e1053a91bd6481e12b86b6a79aae7193e44875b4

                                                  SHA256

                                                  f99e8c101bde6270bec53e6c18f76fb0f7973acf74f15fac1462b85f2872b1ac

                                                  SHA512

                                                  a3d4907bcba240286c401ad824fba47f7d1029ddc0ccc776a52049fc2668a7503adf115fe013c1d536d7acb733610b68432a4ccf5069df06f5b7551605128e83

                                                  Download Submit

                                                • C:\Users\Admin\Downloads\Unconfirmed 164365.crdownload
                                                  Filesize

                                                  2KB

                                                  MD5

                                                  a56d479405b23976f162f3a4a74e48aa

                                                  SHA1

                                                  f4f433b3f56315e1d469148bdfd835469526262f

                                                  SHA256

                                                  17d81134a5957fb758b9d69a90b033477a991c8b0f107d9864dc790ca37e6a23

                                                  SHA512

                                                  f5594cde50ca5235f7759c9350d4054d7a61b5e61a197dffc04eb8cdef368572e99d212dd406ad296484b5f0f880bdc5ec9e155781101d15083c1564738a900a

                                                  Download Submit