hxxp://google[.]com

Analysis

max time kernel
1680s
max time network
1687s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 20:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
184	msedge.exe
184	msedge.exe
4328	msedge.exe
4328	msedge.exe
220	identity_helper.exe
220	identity_helper.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 4016	4328	msedge.exe	86
PID 4328 wrote to memory of 4016	4328	msedge.exe	86
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 3684	4328	msedge.exe	88
PID 4328 wrote to memory of 184	4328	msedge.exe	89
PID 4328 wrote to memory of 184	4328	msedge.exe	89
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90
PID 4328 wrote to memory of 3868	4328	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff969c346f8,0x7ff969c34708,0x7ff969c34718
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,3247368428132819596,7539410591435740829,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
2b23d5318a16cc762d884ba44ccbcb96

SHA1
102d77c4c60dcd999fb47bb33bcfba3678db8be7

SHA256
b7ec5fc2bf95682444e67367d7f210d09d033dc6156822637e006be584487380

SHA512
493574dff04573b48688ce4ec8dd04000bd3aeeee69faa81ccad9f99e038bec2377257b85adafedf2f5ee4022f6c8984b04d298674b5276ae51619bd80bda609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
43KB

MD5
81edacebaee0f015ad81b2115d61dd0d

SHA1
1367c8822ba097b8c45c4e85e4801b296b778610

SHA256
5e6f3abd977827d6ba2ab67f1f66b1a7c7b68bd188c64613389edad3f741e70c

SHA512
00b3e545bc69d1d75ec44a5a1bb692fce8ca1f70df6632a7acfd13bcf120e293fae2a613213b460ba86b99b9e5aa8f549c1abe1b9cdeec01bf763f895940fb16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
432B

MD5
65aa8fbd7aca267361f841e7be6440de

SHA1
e69c7b9e8f9579898b7d63c739ae53dd052aaa96

SHA256
b23b5dc0bbbc7beed078faf0ac850118c5ec926ba17c242d68e87c59801f39c6

SHA512
1935453aa6cc744c5c5815c9ae9848d0c841bfcb5e8b39186eda165c6864435763ea824630c958eedcd70f2501dda24d5f4746cfc3f8f03d620fddb125cb5690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
401fe195f7548ee0d349bc005eff6f88

SHA1
401e44b93c4c9420814109d4e48cbca63e4c1a1d

SHA256
ec9cd7ba91b71ddcde7d66778833a0652dd0228848356fe2ffdfe77f51a365ff

SHA512
a26cb389492837d0ef50f3ee97d71ad02f29b1309042b6066e0faa410f6d435fdf879d33e01c1788f0e7f0c556cc2d4084c5d23b604dab28d2a628b734ae6488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
af65ed27cdb0eda29305f11b00c96cbc

SHA1
aa5ca345146d37003cf0df488ee1ddd6bd4515b0

SHA256
bee5f7264ed99f29788ec35bf08d1f885651dcc9e2e228221abdae89a55b3dfc

SHA512
ab4a51495e5aec1d518bf7d1f21d016f2f48cdc1007c152eb76d22e8e57c626d1e31a6b9e97a981e81fe3481f154c7f60296e637e6c0a86f18f70e7c2316c5fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ddd37068dd549f6ed6a93c91df69d85b

SHA1
813acb597c3e8f92b0fe9b4cc5820209d00ae9f0

SHA256
248e1e2a7a77ac6cded576382da798ee391031f4b7503d7769d31f9573044d1a

SHA512
8e77e02de1489d00f9ee2b6da225b1462af3b75ebe30649bd7e5f6c3196e1e52cd474c959fe6731fab7e70a34f8f7a6c5b45d0d17d9767f6214b6165a9d96f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c82adc072ef19f37d30cf46fe48036f

SHA1
15760c4cebc15895a5b2abdbc3fd5ce68e562b76

SHA256
cec995df31ea793115ca58ee1faaa5e30750f613b7fd335c7c207f50734f7fe4

SHA512
41f674196d03236b5053336999434127ecb8fde47193bed09bcf6ea4554146ad3a1ce611981c4a470cb23dd3203b7a118dc04c7bab842b2a821e338372744483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c7675c91478c2976431f4a6b8a2dac2e

SHA1
6d97c5635bf15b79a53f52adac652f2f14c99ef6

SHA256
c7b3ef9a816481639299e5cad9643284eff03840d1e7941bb7a768ad94e21b2b

SHA512
d6fc5f63359a0cbd9e5af6ee55daf755223292b1bc88490f4cecfa517f5c6de318e69431bc252dc91ed57cd2b4e5bdc7d6cc9981d93d1e471c82bb4576dc4d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb4099ee17c75b4e5f6af7b15e69c4e3

SHA1
c9d001e09499f4856d3f619b33f38b29d42a61ba

SHA256
61a18790e89767f40e1bf4866e786265dcab205e4c5e1d9fc1f663cf83659581

SHA512
e32b7efb63f07e383810b015526f6bdd8d9126e715e54e52c3d84eff0fa31510c0cd4c2e1cee517c0d5023b712230b87ad5c94e579d3e7fa06dd1ddb19b36644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4f5b453c6d3a04e4044da38cf720b25

SHA1
721121fecec259765c0e1b3517735c2b1b575d9c

SHA256
6650e61d1c136812f54cbeb93679140a539cbba31915ac7e38b9b65a4c75c67e

SHA512
2d781a9546a8f6425bdae718843c8f85ca50f9ef04c1b0c4915fa3bb9d89a0db63b4b5067e1b15085b87c36030714ba780531d178ab17a6e5fa38c27db3b312e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1e90fca2029dc1648e8695b50027b52a

SHA1
0776d9148e727ea77d1ee3521cb33e5feb9e85e3

SHA256
ed80b52cf10dd15ff61ed407b6c64270ee719983ae9d71787144c196c2b45129

SHA512
14b32af23780d59096f02965d574da037a32af44a9508e06f392f0a8a85a23c656e45400058098287a676c46b00e59907da98b7f26c77f49d0155d037ec75825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
229ffe9aa8d7cef9edbbc7e180c96e8a

SHA1
94a6baf70bd2addea17e676f0a6f55b87bf23300

SHA256
2ff87d172f72e07e411db76efe0d30666d0e8a00d559ff4ff52229ee026976ed

SHA512
1bf8cb3ff3afd9a576418db807f22b388964c335b68697b207eca4a4703771d912355c49bef280c2e008777e08c735df6349f9f2fd2bee6e89a815a95e0a490e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
d3fdd1d0bf42ac132341035402486654

SHA1
e2e9ebc4abe8027cb66521c3fd7aa97dabb168ed

SHA256
0a90639cd55586dc7c9340a48536bae709baca1039047948a8ee86822fd4f2ff

SHA512
191cf213f1f684825d15c7464bf3372998727d998dc429e4f47aded276a831583c8291f23d7ec2732c70b20ba654046afeebf10b2042b7090b2a5e93fe06322d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5832d3.TMP

Filesize
204B

MD5
dc6f02e45548b3f2317bae9c6b784c6c

SHA1
4e2630b2b1bf6a8af33931544490e5927da492f1

SHA256
afa60e295f327ec5c5b49abee72c4fa68930dfa3b2e22961c0920e780dada5bf

SHA512
9a86f6143e543c3f59225041e9a782a7ea4f88ff00a4fd10c8e33e7b769da7643b7c1d7c95c568961c489af1cbc2e36a68f8d6b9142160d63f17c89634ff50df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33a96546567609972a37954116252a78

SHA1
f317792245c5b35deb14b1009cfb42709a353044

SHA256
6dcfe1a02e9744d13bfa145408dfbb2b85cab0fda3120de420f156082d739397

SHA512
4d4f566169717ecae13f6c44ca718ac37240f320ff346a34f5566e4c0f7e44076c2b450e68f87730031008ffb1b36f50bc2b2e483723275da0933d465c94583d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit