hxxps://ashraebc[.]simplesignup[.]ca/14227

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21-08-2024 22:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ashraebc.simplesignup.ca/14227

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
440	identity_helper.exe
440	identity_helper.exe
2424	msedge.exe
2424	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe
2544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe
4664	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4664 wrote to memory of 4648	4664	msedge.exe	85
PID 4664 wrote to memory of 4648	4664	msedge.exe	85
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3556	4664	msedge.exe	86
PID 4664 wrote to memory of 3700	4664	msedge.exe	87
PID 4664 wrote to memory of 3700	4664	msedge.exe	87
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88
PID 4664 wrote to memory of 4844	4664	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ashraebc.simplesignup.ca/14227
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82b1346f8,0x7ff82b134708,0x7ff82b134718
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5392 /prefetch:6
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,13080340765377129941,9866201554690817478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3408 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
18KB

MD5
1b2ba9c688b5cfd54b4367673f83ae9e

SHA1
cc868695f7eda94cb64aa1f578742b83b4a569b3

SHA256
96643bfad5a17eada947d707441559202c83a2cc9acb28aa860b7d64e3e55747

SHA512
2f2280a0fdeec22311642c79133ece91f651eb3c31e32f3a4bfd823709c9c8aebdd6ce6fa2670cdc638de52523583f958735b7f9c22be4883b40f7eee9cabe6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
16KB

MD5
01d5892e6e243b52998310c2925b9f3a

SHA1
58180151b6a6ee4af73583a214b68efb9e8844d4

SHA256
7e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d

SHA512
de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b3d9358a9656e62_0

Filesize
75KB

MD5
ad7720b51bf1c4364fd071217e19399a

SHA1
4c6e6662e162c4584c9d8b7f2d0f20392f108752

SHA256
fa0d464439be2d9d1a9e2a9d382982ea3ca21b137096d829bdef24d8b4ed37f7

SHA512
022724eb6ddad19e1279bdf219e577e9682d24fa25ba34c4e0a4bff37c87e3c38d73a7a823ae2f37ee2b1e1c16f6ceaab8b3f85fd5dd4788d055782d7c0ea222

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\77db6aded40c42fb_0

Filesize
248B

MD5
91b058bce30ce691a45575e49a073a4e

SHA1
5c8ccaef102fe7bb7a1e845d3dcffbf41adb875e

SHA256
5855ebd330b6cfa00fde2587424cbbf95ffef132d54a6ce6179485744e94834e

SHA512
b987dd238eb71d68e0e8b26889119540b9d1abf013fc8489ee3a785a96bf2f2d86d1bfd24c409ae861c22bd25cec9779814f7b85eb78100bf4f1bda81b41ea8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
77555d4e922bb7dd6c1f7d534f7637b8

SHA1
8e7c0467af1b58dff52088549b45ba7f9832f046

SHA256
aa83504f46b05774ca9958133426b4d713b29fcde9b8056b9d8191f2f9966a50

SHA512
6ccae42c67ca42a906e54cb9bf3b5fd01becdeb33772f07b00f51d3537781ae7c24f4ba17a89d270de46fffc5b98760471c951d698a6fd2420d7c7b5d240b21c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
b2e33d9001aab6337fa1a216bfbf7eba

SHA1
00d5e4049e32b7197ec27eb421782ce309bfa2b2

SHA256
7c72f0a8aa40ba271d413a1b3c90ecd67beccecdce9f71e19c46215dd3a73461

SHA512
86eab87f9f19ea8f9acf7a8ab6f1f148a1e3151c2db2f55b03b67d39fd2d2cf9490906337d4d8f382ec6fb081a45c54c7cc8bb66ead99acd8e75e631539f7c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
941B

MD5
7357f080f40de16d43d22783fbb10695

SHA1
de88c9dc9670d828c641b389353032a3aa63422c

SHA256
490735176a8770d321c506919b748df6304d42c16585fd0076eaf75e2a3e4547

SHA512
629740d391e1ce36a9bd00c382d37fb95cc6b0f1cf8616aba9a869ab54bfac2fef9ac7d11639df75841c801a752cd89f2669030b491869be7bb59663918241b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
910B

MD5
5c0324711cc344c3cda800a6b390e701

SHA1
adc5d9fdb37aabc9f339a2d777fedc8f0a0cfe15

SHA256
4ac37d892baebc36c55fb3e3c25743f8c301dccabee87ca5868a1fdc94d54aaa

SHA512
7947a366a7ef9f49828581a073004fb301a30a3ff865bbd81c774b7e5456aa6ca2aab82b9b7807f35f44ede9a832fff5567439b99ba5b424b47a58365feece7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
36db3b44b94f1d9fae7ae3f530f5f25a

SHA1
36b58ee16f7ab08d883c2d98266dfd22bee73b0a

SHA256
9db82a82e112d4cccae514d4a90626521495c54a0746d698a50e44ed05da2e5e

SHA512
ca95434979ea7d2f1a82415b4be3395feba311c109458abefe63d1cf74d19a282a12a42e99d04ca203766a2625ae0d690f3b7b6ee9edf27a838727d5a5ad7f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e2aa0884c0f5132bdd9575a966986c1c

SHA1
eda03ee6639a2e348e50782f8c54957018937f7b

SHA256
4625d3d5611dc9e5e4174a74e04fab3283a3cbbf9ccf707ca3cceaf481f21c65

SHA512
349a57a44e00abe2ce9b5a21d663f4f3bb44ada811ae08f141d9e7e565e66c82ff658a725604b4feb7d8d912200e5a8af35bf278f1d2618fee3f599622dfad39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bc2c038873f81213f0ff440823ca565b

SHA1
1f9de1b56154d76cfcdbba827f35d36af94f90f3

SHA256
633652aebfdbfb3b94a2f1b71756a324d0b4d4972ca62f8280fa9151b305a4fe

SHA512
69d2f5d2ce55e533a45b1c34a558d6c92bd6e13301b37b7e860d5ef0062704934f5db9371dc54775f4c04bed2a58a08c6d70705a07e62cc3e14c0d41e3506dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dead5cb3632abb2a528784293586ad63

SHA1
aedb68e2d06abc2fb9ea2a6d7d0f1a9e4a41f0f7

SHA256
ca03cb3bd451a36cd130e1299b9424a47cb574bcb60ac5c65cf11e864f017db8

SHA512
b95144ea342d1fcd9f6852e1ae4e1f364c9e254b80b7b264be254d60e948038c7cdaa4bab381db61218f36db62e448b2037d2d17007094cac8f0cadc99830b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0112fd9857ba774a9836b6e8022df8c

SHA1
42298e7fdb24e428d6be45d4b39594ba7a1b2b2f

SHA256
17c2b5c4325115fbd6a66fa15521b22a5a46b9e717fd5ccb9dafef250617c60a

SHA512
1fe4c1641ca6fe6748688929fbb5e3584eec136eb24d16198e7bf08c06b51b2af67f7c4de0c4358e5767b482660cb574629d4d4b9e2c092fdc33779afb3d0a30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1617d476b6e505b687fdf35c3b99e991

SHA1
090e2a6e2e4403604d314975abe8717d56fe6e75

SHA256
04c300fe219b2b83f986bfa2840f4be89a1e5ffe83ca6f4e1f4250eee8ef2162

SHA512
ed8069d6d04027c18aeb16d7cfe29a922ef11f1e9986b227c8d70f0abccbcd631c40606ea2e2d139601c40fd13e8cc4477c8be69f5344368a3632acdfbaa515d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72bdd4606c849ef8d49b18ed129a5c6e

SHA1
2b31bd86756f8589df3c60a46aa8f0a778e4276d

SHA256
f4bee3bea01b033b09a9dbfe653e17184eba9761490d08f35d44d96620ddce00

SHA512
c6e17ec7dd787a453f7120a9999ae20b143eb46f70deb58298a7826c505780cb053e00c9a40c3f9597acbf619349df3bfc0ca3adfedff4830a70865dba5c9036

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit