hxxps://hogdental[.]com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9Vld4TWQyST0mdWlkPVVTRVIyOTA4MjAyNFUxMTA4MjkzNg==

Resubmissions

04/09/2024, 05:28

240904-f5y5savfmq 3

04/09/2024, 05:25

240904-f4s75swhjg 3

04/09/2024, 05:21

240904-f2a9jsvfkm 3

Analysis

max time kernel
130s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 05:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://hogdental.com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9Vld4TWQyST0mdWlkPVVTRVIyOTA4MjAyNFUxMTA4MjkzNg==

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3536	msedge.exe
3536	msedge.exe
1724	identity_helper.exe
1724	identity_helper.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe
3536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 3424	3536	msedge.exe	83
PID 3536 wrote to memory of 3424	3536	msedge.exe	83
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 1288	3536	msedge.exe	84
PID 3536 wrote to memory of 3360	3536	msedge.exe	85
PID 3536 wrote to memory of 3360	3536	msedge.exe	85
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86
PID 3536 wrote to memory of 960	3536	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://hogdental.com/m/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9Vld4TWQyST0mdWlkPVVTRVIyOTA4MjAyNFUxMTA4MjkzNg==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff5b8946f8,0x7fff5b894708,0x7fff5b894718
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1912 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2044 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7934741999351489282,15831139070617981519,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\50acd422-0cac-495f-9d7b-06968fc181fc.tmp

Filesize
372B

MD5
2c118cc56e7f58818cb4e80527c1afa1

SHA1
b119b08ad24652779bf2a9240b2de2d0dda19abf

SHA256
fb974ee19fe8799c8c283e8321679219ed8b590ee7508a3d05092afa64931a23

SHA512
02e392f26eae6fe3d69e420be2055a49b3bfd8ce4a850cecf947bf5e571ddc198ed995af78c80aa5e3c5b590d2be7df28ea60d2eb65744e58b5df62b99a66586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
16KB

MD5
be9aeb2a05f665e3606faf11c09b542f

SHA1
5644d0bd4e12fdfb7235166d2883fc7acd0a2c5b

SHA256
13ace8ab3d9e2cbaf3fe1768b9ba1fc5313a5541607b4c07121c0abbb7fadfae

SHA512
414d629170d10b1819d008ddfd9aedab2b99e6bc6666a8b870e17b7b5796d84b94cc0e117b095fdda3ae6374ccac8cf5b2f2d4490e0f71509b22451c59ad0508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
211KB

MD5
e7226392c938e4e604d2175eb9f43ca1

SHA1
2098293f39aa0bcdd62e718f9212d9062fa283ab

SHA256
d46ec08b6c29c4ca56cecbf73149cc66ebd902197590fe28cd65dad52a08c4e1

SHA512
63a4b99101c790d40a813db9e0d5fde21a64ccaf60a6009ead027920dbbdb52cc262af829e5c4140f3702a559c7ac46efa89622d76d45b4b49a9ce01625ef145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\522b2402ddc94a60_0

Filesize
289B

MD5
a0feaf136d323be359d25397218d9675

SHA1
58684836eaee32e0a7c9f1c95c140f968f798e68

SHA256
f68e94c2eda47de232fffd6e8b27679bebc5e528913ac11d70a2e5d02ccdbc0e

SHA512
6adb250399c3e9a66840746785da27ffbb9b85565cf3866dc09d10ff32716ad6300ad8f81ef2a910d4f937910c169ecc308806fd1fedfea15a8be0899029ef82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61903da78df6cee4_0

Filesize
367KB

MD5
5db398c41e37be5669cc9bad0ea282bb

SHA1
99ed43a2fce6794d40dd56ca1df780ec3704a02c

SHA256
5eb1f752db5967e928b7fdc9b4f9871c28d49bc2cb26f0410ba60bb08e2dd374

SHA512
5b2862f2dbc89ff85ac93a2798a19f2012d408745d0e1a814e3382dbbbaddead485a2318c3adca78762d244fca7c13a5498c06f20e9404de9a2a29acd04231ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
fe55354ccd2825bdb6a2d77f6dfbeb80

SHA1
adcf93a01eb6a62909603f92cf2e74a9e6d45401

SHA256
9caa378e02a4ab588c10bd5907c1d9424e9c30634893b99fdb94fb53f6a7a390

SHA512
3660a616820bb8cd13d0153f2c64928beb420def303088f111c67b626c952aa13756514e2252763bd05e5bffdab7cad7ff3bd368f00649b75ba9a1a5e15d0c20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2629f608d199b6374e01464835bdaba8

SHA1
19472610fddb80b94837866d890bc8f6d3559ee6

SHA256
eab3eb7e27c27f851062e5672eef2e1a24846a7cdce747750b2be7c8b0de0703

SHA512
77e4895758cf02b502ae43a915cfea55f0daa6375994e82502660d0603ef2d99c05f9ce216ef087f4b44f0c9ffef1f6abe8a4231bcacef363963243f4dc70885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1c3446826fab9d487db32aa6faa43157

SHA1
cdffba369ac9b64445c59382d84c476b75cdbf90

SHA256
e13e4e7fd400750dc262ce9789d0cad9a7f18ad7b1021daf239c9b8f63094b63

SHA512
3a0ee81e8ed32a7d37957cc6d206e04194b808e648c851c4acdafd7965767bba07aa6beb027db4e5aff38f982065d4a2cc8b9424829363b4edcadd2185cee823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
73fe01f6aaf97d78fb2cd6fbb6950d98

SHA1
383ba7ab73b21dca8a1f66fee99239726eff1f4e

SHA256
f6517e2721c512d94b0171043b6b102b95d57a23dca433944538cea6c847ef88

SHA512
960e766ba1aa0a1facede02759279c5c88248a5f4057327483639a49c6cca1caa343f623d5d7d7d446e794265a212b408a144a4f569afbcffc96db115a63bd2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d31352062002bacc71a550e2cc369b4c

SHA1
babb81da56bcab60a4a8e007d5ecc0e3c52749a3

SHA256
81b06dfb38b0f765d82cae410021e54c106d1ab0c07b96eb7fe5068ca217ecaf

SHA512
d15e02eba8a5a8476e7628ac05fca703fa62b5386c043b05098a35419852364cdc21ae6975c42730beb88ea7a143b2cfe88c028e9048c918813b3da9071c92ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ed8ddccd41241192d4b94954a224b3a5

SHA1
3e8dfb364ab78c65a8dd757c9193599852bc05e0

SHA256
266f9fc6f7a08c07d242b16e29d26defdd09ebc961f4f5f6ddce37fe3111805b

SHA512
2ba546aa09bd9ef1c960131339e636cc16dc52ac9a7f7b7ee51f397cc62059a53d0e7856ae4420042a7af6bcd3cf666bc992d8886671e74e5b3dd6381d74a8d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77a899434c8d3649e611b7fe67a6da6e

SHA1
e5a73540c5161b77ea24e8884015494cd790189e

SHA256
a3bb175eb2e40af2786ee791d5885f837239205a0f0d2a4da6b1da389ae4f6e3

SHA512
9e59c13ad0214f0f4ce4a55905e54ba121be527b12b50ae05d3e43d64198c5492a9b1a74b67df07085248915b900d47fba20b19e0c1cc7f5e73cc00692210ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c9478ec6c973b8e4fc4f98ff0c94af97

SHA1
8c86942f44f2264d329c5f6b4281004d2ef9c530

SHA256
e8cf034c69c56bea5debf944c56bc67a3d9119da0a47b33456b794fa9d8e47b8

SHA512
04c98d8bf38cad5aff17d2b1d7b07a7049ce9a9528140aefcda64d2daa6ebaeee67d456d332f528bc7f7987016d33678c755f49b411d7e7f6ab9886dfa02cf4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
81d5e05ee71f6a24ac0350f48487c9b9

SHA1
f2ca2e79b2b6c31df647621721fe3c885f6b73d9

SHA256
998c2015a23e71766d0648a3dfb76f06af8c5fc621ef73ffa4cde62e19c557ab

SHA512
f547d14a8806a3417c8fdc178d9ea6eb8f02cf8cf084efca9ef0e584ddf982c472572499df3171be59a74a42ee9d38aa35361071c168c39a3664ea739d52bbf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584fff.TMP

Filesize
372B

MD5
9935e82d033c3426998a790304ddd44c

SHA1
0cae0a62ff140302745f499d4e31d7a14d04efd0

SHA256
fd06482adbfe55d3a2121ed23caae089de4c07c7bee09f54fcbb66cab290de42

SHA512
ef1425a47344e5cc4d346f638d4f05563457fb2c18038dc0c0d57921d28ed1188f192c625e6e540d1c0e25f2c45779a2f5bcd458c6c3c1ab9ba294aa743ba354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
26dd01b57184a4d5efbba270bfab860d

SHA1
f8484b3ce015e2212c2ac56460bdb2d7fce8c115

SHA256
41d8df6aef9570509bf0b87120e1744ae9c726cdb528b010b4c97c10b9568dee

SHA512
a0b1ed46ec493223c35c9fbd02477d2c4d8a2e71d1ce689316be35ee2946bf11ff37c4cc5df5e8ee206f86ab2c74955bd3cd706290f62d6e4cb9dfc5d49e0a77

Download Submit