hxxps://gridreferencefinder[.]com/?

Analysis

max time kernel
267s
max time network
258s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/08/2024, 09:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://gridreferencefinder.com/?

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1164	msedge.exe
1164	msedge.exe
4008	msedge.exe
4008	msedge.exe
4516	identity_helper.exe
4516	identity_helper.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4008 wrote to memory of 3888	4008	msedge.exe	84
PID 4008 wrote to memory of 3888	4008	msedge.exe	84
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 2640	4008	msedge.exe	85
PID 4008 wrote to memory of 1164	4008	msedge.exe	86
PID 4008 wrote to memory of 1164	4008	msedge.exe	86
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87
PID 4008 wrote to memory of 3512	4008	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gridreferencefinder.com/?
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff82fc046f8,0x7ff82fc04708,0x7ff82fc04718
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,6474983247937997770,1856190076511594356,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:2412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
dd62255c6e72b80ce88a440481d3d22f

SHA1
17758b8673c033ecf7c194e5d1190bbf9516c825

SHA256
16921001068e64b8ac9935d54eaa1dca108647370c5987443732ecd4f0f56249

SHA512
19cb0414fa378f59229d6296a4165e3a073fb6c6b812969c7015d3f73e7738c70893346740396986c6148ca1fcd5e7a8021aed775c808eb67ee9d1b301f0ee76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
3a802d1dac32ad02d6ebf6af622806ba

SHA1
37e85bfff2f95792aeecc803e528232e6d66c857

SHA256
57132423b6746c515911d964b47241dfb94fe5f94cd7b12cbda790c58b38546e

SHA512
1c0c981184425fa7f4d6cb3d3c8b7d93052364185652e647dad0c009ad74e4a19a5ee5d6bafd9cd4760eea69fadc443cd4fbd12d27f54324d4964fe717b30a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a6e67261156c23163d25ae95baf7681d

SHA1
580620e48dfcc3225d81301c2607434b2823e3a3

SHA256
3408c9290b5f05e622dde28a85587e9bc8cffd94f4c058ae513d95cf65a49cc8

SHA512
32de1f85be9dc9691f125757e32865458a358234e1c5da89a80a9f1f0613f75e1d5621c341eed640569fdcf48d0a0f45301370d7ccaaf330d7ce18bfe2f72fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a36d6cd78a7bf78c2ee92bbbd90ba306

SHA1
984d6e941d6c660f0e3f30026ebb138edc3074b0

SHA256
3b8d0e7253dffe46d5a026ca0f53bfba449a8adc8d7df2a7f8363f704a5f1476

SHA512
4cdfab0da9acbe8a6f445535f7e0777b9d0b421c3df597c2f7fca417c752bba8503ea903dd9ca9048a2e46b685dc4691747b00586ad34764045ba9ec0bc96c29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8f2da72f983f36badda4e8763b37de05

SHA1
7596d768fa4701a8a863279628d205f81dddbd45

SHA256
7bcf49bc7a3d624a0d85ad128256add7060951228506cb8a791e133fa66102cb

SHA512
c2e65fc4208ac0daeff524b11ab7ff9b827246a9e3107ccad9b01e1365212e73023a0f7ea86e888a72e371ed59a088f5367f897802337326ebbc5305b9107471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
08d32fb5276de694efdde9c08453a625

SHA1
2ad5badad3a547fd3ae52cd501fc9b5ae59687d5

SHA256
bcda4ab3294d784e221e6fe087380418ffb8df62b9692c897ff9db9fbe4d7235

SHA512
e2ba30bc72325f2139c3164bc00376f67094989eae5fd97573714ab99a0d093d678dd3d7aa1383b20db91ddf232ac845252dea19c060ec1fc3d86d28df4099b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bc3eb2900078f1edefe7a94f79b80dea

SHA1
6f48298d5b6908e5b471f41b0feeaa692411ea37

SHA256
782585f436bebf24fba651f19051506fdbc52e38fd98ab465d316b7e9830acf0

SHA512
611dfec237130ee1e62344834327e8ac38887a49a4b00a3ad7a36743354e391b86d4bf08448042c7048d1b2ab2009ff6ad6134b8bd036116625ab2bbface6003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c29d24de5bf2ac9bfdd2cf3c406d6985

SHA1
e97a91c63f7250dae17e734d80fa5c2fdec207a6

SHA256
2719d182fb8109deecb6b78698713d51b02cb1366901be27a4f741940d9b68de

SHA512
5a56f7078b2b61759ae2da15b9ae40daf5fa659e8e8177aed5ca7163c20ae4728cbacf63121f12efa955c3a6873ec5899f1c11b7dc6e929d69a141b2377de1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c2be9a706e2a7660cbb8116896179938

SHA1
93f87a23815ceb66bfd4dff6487a526c5d1ef25d

SHA256
d56c01e562ebe1824208ee1071960073e8832bb3b4e2c1583efabbfc040b84a1

SHA512
334a19b5d7bc5f778fba397c6d89ecd3f531a056a8cf8160013e43f6228a43d1e5b4ec0c549cbfd314797cf8bfcfa6c905da96c87ea85eea65a42eb52eaf25dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0fc49e5af6fcdcb49832ec06aeab2891

SHA1
1960ff36fbf11674e68faf6c392ec00f576983de

SHA256
e6b141b9c2a82a4c78b2df767ddbea82ebd7cac9b78a3405a865f0c6b661aebd

SHA512
5297d821413bae5dbf330ea62f024ec989361b2ab89f08fc3968787b928f124eec52989d85f3238392aaeb4b65888844e6a36c59826d29a742a9bb7efb97c4fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2230dbfaad47666d3aa72c58df86dc1

SHA1
e9e694192d500b3312fb5c8c53134cd5e4804049

SHA256
b4da0d60c2df43cd3dc4fd31857d7db13affff69b408f2ca2e2fadd2509a0554

SHA512
19a230e730defb854add118a035473884abf470df10312b1ae11d60885700f885d97254817b19a60e13563c92c63a00c0326821773bc22490cfec1cf7f588386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9788795ed38e5042f3939e1678ed4d7e

SHA1
fdfbca3cbccc94fd40ba2a06c81517586ecfa6a7

SHA256
183c07dc696f5bb3ae6fd1ab2d941805a0bc4e3205900aeed587c63040f22aea

SHA512
aefab2b596f9117310c32fa53a29208b48b01edce04d1b7fca070bb4adf7529e1ebc5f0195a0730b73c0ad943c19a81a50a6c3633746a191d2ab95557fe6cea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d07008f72328f3526993dcb4ee980e9d

SHA1
463e0d39e3794614403fbed632a270b1a89c197b

SHA256
d0589ba1558bc00ef67904b37e44e196390da3f20c62877df18d1c73fd22ef69

SHA512
7fd96a671e1cc51884a01d6a43438ccff5b98ce411ced96cb5401a5eaef040fbe129fc9b0476118e7aacb13ac5a62af046c564c455e3c855e26d5c6648d8dcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d428.TMP

Filesize
1KB

MD5
50b8ccf61ee2b85eec4790e34e6c45e0

SHA1
f9029a3e045df55b543724835f6f8ff17751d59c

SHA256
8ede0982c8d1639e6462e2ac979c449ae931860d90cd485faf54834e0f25592c

SHA512
f78e8bc0e66c2438142968a78adc03ac2b78c0ee75c5adc12fd2321297b8811efe5f468f3bd0b2a57b84fd281c807ef735551942b32b0db87a4d41138fe0a74b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
63f6a3d8a912206f38303d4a61b7fbc6

SHA1
d037d7987c20d077f0c711a5027ff65596411313

SHA256
c5201e4043ce9e9bac8eabc52182bcc3b8b959db3ce8a67ea9bdd009a7c1ca23

SHA512
b38c764011ccbd34026d29cb238f1b8b14b3b0f91cc641a28a2f819dc3d9829cf5f1d97102b0495f50fc84caa645c837949c96cbabbfb88faccc205b6cfcedf9

Download Submit