hxxps://support81-montreal[.]com

Analysis

max time kernel
720s
max time network
734s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/09/2024, 13:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://support81-montreal.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{FD0CA6FC-0826-4094-99F1-A3F66168F7E4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1888	msedge.exe
1888	msedge.exe
2908	msedge.exe
2908	msedge.exe
3184	identity_helper.exe
3184	identity_helper.exe
3496	msedge.exe
3496	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe
5624	msedge.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe
2908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 3180	2908	msedge.exe	82
PID 2908 wrote to memory of 3180	2908	msedge.exe	82
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1064	2908	msedge.exe	83
PID 2908 wrote to memory of 1888	2908	msedge.exe	84
PID 2908 wrote to memory of 1888	2908	msedge.exe	84
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85
PID 2908 wrote to memory of 4496	2908	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://support81-montreal.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8234d46f8,0x7ff8234d4708,0x7ff8234d4718
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3564 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2216 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2192 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7719336048498452094,12813212824389914152,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4829218222c8bedb9ffe89dffd37095

SHA1
aae577f33f413ec3d09f2e7ff5d9cc20a602241c

SHA256
49239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b

SHA512
03e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15e9c4b4eefb3e1c08a010e748e10f58

SHA1
3172378f2c7a00553ce086dbf53fcf3126c5a724

SHA256
07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

SHA512
811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
72e6f95694abf5d10fa0e3d2556aea61

SHA1
b6ec8b9750a42829558c5228e9b21ad9890611ad

SHA256
5cd3f1ce17a2a2bd80549b73b4d5f0dec3a549a8d71828642f9ec182f7c72444

SHA512
c3cefb6e6131c73ef10d027063140f4bf620c25db2dae6efc24823156313893f0ac4421084762908b19c52324bd673f546641b3bbfba0ed34a23778dd0052331

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
70209df29e4b2f7bbd6014d18d9ba6f6

SHA1
2db710d4afd6c02f3a5246c162e64630c23a7da5

SHA256
f80f4a11dd5cf889ccf1b3709069d8762889309f52f18219bbf9e79bb1db3af0

SHA512
ab3d77bfd237d0749ee3ffb583eb0256aba94c6e6a6c2d8434bc31e80805c44e141fd1b97dfa7d296282b1f94d2fee4346768c41a22a9fa05adda0b2a6076e90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0152c2f718b7df6f75428decbf976f89

SHA1
ef772510e5c5e05cca653d70b29932e17f85214c

SHA256
43d55029e32f473f870c80185e9607af551e8dbfa6b34bebae4e0dcdd2cbc4a8

SHA512
96ab0e781fa01ffc2012cdabf81ff7e51badcfc9d883b7185e9458164ca300eddbe0238dc1629ee550f3a87041a13ae51481493cda4f23a1c4341ef52edb422a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1e67db9c46523ae3b0baf18de61a0b40

SHA1
7a01bd8f53c111c78118458935d65a4b23222c31

SHA256
238508ae7b74750364abb57dae89ad51ff93ec75acf442e0392a41532cd4eb2e

SHA512
9dc06c07f381d15376936436373e8ebbc14ec2927ee1423f75bb50b035df4cc1e793b2b2a38241f897ca644f487b1e638f918f1c13f64cf4acb06d1a2054decb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c3ec49212097197a1004bf7e4d2b9be1

SHA1
e543db9debe9ddba0ba68a3eca64d147cdb1f4cf

SHA256
89bf3e3f4e08aae3a1f2795a4c9cb6f39e2ab89a479a197ac6e31e9340dba33f

SHA512
ead383593de4723758373a459ede50e8621301daf21cc7c3e0c7a5dcdfdc135e83e0d7504b5278f36f744e85520b03f66d527fd2dbc2e9a7bc8fb4cb0f0abfe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7640252d05c82c8a46e965321f33a42c

SHA1
a7f27e27d35999b4190cfe6f4d6472532c2d7d75

SHA256
53f042c6c9a4e61646b357b1a8584db0ba6ea4ed172a890665aed366931a2075

SHA512
572ff7efcada8030f6a64c81fcb8aac6ecd0bb8cdf1d704665e1127e7f0c8a9249d4ada96463ef5e549938c80f83605d253d0413024b91b6580290833bf659e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
54728a372a46eedce70f893883bb2aae

SHA1
c95c28246046184ed8af95f885aa5f30c2dc1ce5

SHA256
d8c15e8ff0d4d8cb6543f229972a399117c3a19510e86517f1b41c3308d55ee6

SHA512
25fc327ad45e9319fd9c34882ab5e2840b9c1245d2612a15990cbed07d5b34ba3c96c77bd347604c92fa567cb7b45d617b53965072b822699b4010dbea6b6853

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9db650db23a124a90bb579f41785bf98

SHA1
b3c46a821cbfa22964bf444789dcbc4948b3099b

SHA256
2f54bfe8a511f47c4a1c31926bf681d23412a19428fac72f834a5a5e85f76107

SHA512
b1eb307d05eda36d82fde114cb3300759d835ae2fd83546a9bffe2c96ddf1e9c006467c53de68e4a6b3f56f80be73e30c28728ff55cda2a2c16f8cedd395af68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9101d3281cf584e691c17ad6d14ee6c9

SHA1
4b989499e784e63dd607e22d6f9c3bea3e6b7146

SHA256
02fca8f4ca68a4fd91b45520ebcca229b53d7622ea35919004571fdcb2bb5874

SHA512
7773946aa49529c5c4b307e619a6562f0c2c51e3d1176057c511077f93b2c8ea18344b803022f4062c20940b4e54b81637aebcd42eaa4032d46f18639da475c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eba330120b9f4b5d8f19059c44c380c4

SHA1
7cfad338e4e81cb2373ed7e023578f25d3c5642f

SHA256
6e7d4c9b343bceed8b9a8ba936a2f6db00b4b7ef7a3667b7b49418ca5917fd37

SHA512
79525df94ea2a60f1b1ec3d5bcddb68f8b928e972b88352bd381c6d738c87535292436c669246824cf8dcddb6884cc824ce91ebc6601d24b1f3a8b2292005895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7915ba0545666aa5833cf9f9f86d45d6

SHA1
743ecc319bc2a54973582d4a5198042a48fbe8db

SHA256
f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

SHA512
a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59f86da869c501c6925996f6538e5aae

SHA1
8c44c0aca0045b717080b9197d8af9f0dd117531

SHA256
f4e75cc2ca3c0fb20820b46cf9ee6d868631a3480a6e9daedd8cdaefe512c6db

SHA512
9ae5f8eb354a500f342a4b67fc0f3411176972c100f067c740fc705140080d30dc88e4f39b7def11f0c5f257c93a478c1457b7b39b930226c14596b663099d9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591b8d.TMP

Filesize
538B

MD5
6f41e1636464c1afe8a64fdb3d7ea670

SHA1
404f88ac58c5e4fcccf23f7e1847f6fd26a24f6a

SHA256
465fad2bc3e13cc7bffb3b0e13dc6f74ea513547739a1ad9d5d722076c067b87

SHA512
d39806aa84c8c1ad5b09dc48922bc3cab41b6dd8980ae36df75593fe28038d67c5acebfb9f2465d623721f1f0074857a59ba8fdb9a3f65e96de134ffddf3f9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c09f7c2e-86e9-4e2f-a84f-43fc58b8f2fb.tmp

Filesize
2KB

MD5
d1804665819d4c8936587905e78f3e4c

SHA1
4e2ea81c7e1494159eca50127747c602e7b41d69

SHA256
271c4c53cc2cd6adf2acc82f6763253b0fdef330c4976a7cb6e540b6fa93e066

SHA512
4c1930c598acd32dc240405ca7103183857a12efb2ee9ff3979820601271f5dbadeb520cb63dd2c85a1d2137f32c42ac6303ccbbd4f5f1016afd52b3845adf83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
40e1a050e9b2f72f563ac5fed3f7484a

SHA1
51f047885927af879d50c300d0aef1e5e483f1e4

SHA256
895235b6dfc668d796d788fa0c8d7cfb0bac2af8f7d730b73e78b9b230e8ca19

SHA512
bc99a4239bd3409ef0a1f3c74cbf33723f885641ca9555f3e6123bab28662ffdb1839fbd1580295fa3dc0b01a585891db949b04026bf2b9442e7a9160d84faac

Download Submit