hxxps://kahootbot[.]org/

Analysis

max time kernel
80s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 04:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://kahootbot.org/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2112	msedge.exe
2112	msedge.exe
3116	msedge.exe
3116	msedge.exe
4544	identity_helper.exe
4544	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe
3116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3116 wrote to memory of 1228	3116	msedge.exe	82
PID 3116 wrote to memory of 1228	3116	msedge.exe	82
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2256	3116	msedge.exe	83
PID 3116 wrote to memory of 2112	3116	msedge.exe	84
PID 3116 wrote to memory of 2112	3116	msedge.exe	84
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85
PID 3116 wrote to memory of 2148	3116	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://kahootbot.org/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdef0446f8,0x7ffdef044708,0x7ffdef044718
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2400 /prefetch:2
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1848 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1496,12379000500207399706,13467816501212893782,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\5f7346f9-b0bd-41bc-ad6e-6a781e37667d.tmp

Filesize
10KB

MD5
7aab2a7d8f490f790a55a93ffd36c6cc

SHA1
c95a701f74d4b599ecb7d9024d94854b0c648172

SHA256
7172cfd5fdaa8fc49460bd673396b0cea38fd29592839afc9829a17bc7862a1c

SHA512
324a1003b979ce54f34243e7650b690b4680eb7fa1b1754aea9c858d53580d9189753326892c466f4de91eb6e04f9fdf36ecbc11ff4bbda75ee05d87b9d1e3d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
19051b2640fd5172633d7ffbeb58b4ad

SHA1
7584877b3574bfb1c929c379e00c9b12549f43d7

SHA256
811f099160130a0b23350cfc17160884f2637b6034b09ef6d9455abe62adb4a7

SHA512
0a4bc0a849baf49e5cbcc53ac9f28869efb700eae111320f6bf0f7a7be789d313e881c466bf03f12beaa5c95902df55911fd79338dfe73c45965c19e74ab3104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
a5aca14a496bf0ae339458f4d2a20b32

SHA1
94cb2e56f749baa5d975d1e96f6b5394701ff8d6

SHA256
2e29dd5dfc13b352281ac76bac3571220785601de979bbb2720cd2d6f02ec436

SHA512
6f7318a0ab7b8e5f39cd663d969485690e4214ccc622688ae5df608c3bebbcc439ac1abd2432b99844e9a6782043c8c3e1381d90c8a8706cc7e2199499b3cac9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1eadc3243e58fad04bccd254035b9d7d

SHA1
d6e9afc926831434fd2557cf770cf48253aa7a8f

SHA256
881d1171f315ebf65db045d6311ce708d5d5003c3c28bd7121c3d3d32f7e42b1

SHA512
c105c45b211303d3b407d4ab41a5aed755bb763b2751d8c150f21903795065db102be1220ad9a9ec727fb95cae19731f3f056392388b406231ad2a737fc9fba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
424288590a85dd6531f20fc2fb85f245

SHA1
d53764b6ff049b41566e8646ceb856deed59b975

SHA256
bb84d59e3cc057fb215b014d24e62a85cf51fc67f14da170114ba831b00fc159

SHA512
4cc4cc00c29a7c4f51e7995a3824a60f698072e00acc76dc1bce68a8bc5caf15b59cdf68a8ad1dce14a5da30036fac06f8a5842d2156ea4d1a2f2c67e922429e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0603585eecb161553c5bb59f1769cde7

SHA1
3b8e6df4d3f13db5eb479346d664b2bb275b8ea3

SHA256
f3c7b3d567906de3a8378fe712cbc4b307876c2ad3ec61e3570762e31fd23423

SHA512
10bb1039c44fd3b1c6e3d5091af50a92a8dd0968a6bf1f3c54c0cb774dd2c4c3124188f9574dfec2abf6e172a69f2ce1d906c1ccadf461e55c7f04cf26dca724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
24bb2c42be78a4ae16bb9f0ad2557bde

SHA1
6888abe41793ffee01bf9d22e6be349329f4bde5

SHA256
840c678771879757f4ba91b9d5fe08f1bbfbfac21b3f899f117c6fdb1907fba9

SHA512
6acce1cb91908618177f259bb9f23bb4d0f1f623b0066e21bec9c2a50deb2f293e067a35d245a8403b3f8ff0246bbd1dd16bd9b701e4443ef2bcb9033f4b8f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d673768ba4d7b83cf55f20c81c0a26c3

SHA1
8acdc3aafb8b70ca7eefa0317c8175a40613c79d

SHA256
b6663c5c39a6e5bc91e670481e3d3266968a77f65c63d5e161abcd5ceff22d44

SHA512
1ab43aeb39a9e95a91668858042e47c1738f41880d97b39fe492ae31e9ff2db671f5ea220c987e493fffa936ac56bed190d1fbe4e3a3964acdbd00bf418d2465

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b549c469ff169cdfad70a34f562206c

SHA1
1c6ddee49ff783fa453c4ff7220abcee9ee50114

SHA256
69810bbae17a1887cae9212142347397f3b55123b2eee48af1f523b76e3ed25c

SHA512
c5f10d3974d8fcfccddb2138ed650fb9a99e8f455f9638146444d239d7ddcf9faa425a0ad8669a8f4b376e8546e145afc92532c36c7acf1873a73392778ad579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58a023.TMP

Filesize
705B

MD5
d0d2a50e1c5280b28b5e8fb49f3d066f

SHA1
a96f9fb8724ce291207efc6e21d37c09991c193d

SHA256
d32871ca343555cf29029cbdc061f468bff216916b36bb0ba3d59791c5486cd8

SHA512
627911d60756bf5de6344baf4a24e1876d0a086b318a92d44dabede3524c003b70b8e30bec5757fb3030c4d5e7416b020694917eac5ef13343bdd2c770c98473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e3513ec1-67f2-468f-bc91-10908d90adc7.tmp

Filesize
7KB

MD5
3fbeec964946d0272c8a37817f80461e

SHA1
f8dbaa508052f8b504210365f912afe00b7335b0

SHA256
426011581b3dc090b891e8a33c69b08ab03cfff801896669d852453dfcc56479

SHA512
42611f7c14a963177805f00f4a529f0245c117c9fc530ae404151760a4f0499b0568f97dc0019c1bf9b7656c5a697a3ae4c6f450ba0963b58cb39d3a3f878e03

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.exc

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
333b211ede2be41520fac6002f26cf48

SHA1
fb858709ee2d7fc0514305c5e9e4599f616e82f3

SHA256
e492d26b2c1e7a6604779ba9ae26589840c113e4499898b5e417765640708943

SHA512
85a5b9b520f76033454bd1fe27b7e97607e0ec849183d8004cd64e4de2c898dde5e8c138c08cac1e1f5baf861b5b5413e7e09d8e4b8dec49d3b9f634ca49183b

Download Submit