hxxps://securereader[.]ngic[.]com/formpostdir/securereader?id=KBm8zYWsDVZak6QhiiiD182rOopftII3&brand=a0f1f3a5

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 18:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://securereader.ngic.com/formpostdir/securereader?id=KBm8zYWsDVZak6QhiiiD182rOopftII3&brand=a0f1f3a5

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
2184	msedge.exe
2184	msedge.exe
3004	identity_helper.exe
3004	identity_helper.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe
1636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe
2184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2300	2184	msedge.exe	84
PID 2184 wrote to memory of 2300	2184	msedge.exe	84
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 3008	2184	msedge.exe	85
PID 2184 wrote to memory of 1984	2184	msedge.exe	86
PID 2184 wrote to memory of 1984	2184	msedge.exe	86
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87
PID 2184 wrote to memory of 3628	2184	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://securereader.ngic.com/formpostdir/securereader?id=KBm8zYWsDVZak6QhiiiD182rOopftII3&brand=a0f1f3a5
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8297146f8,0x7ff829714708,0x7ff829714718
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2436 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3312 /prefetch:8
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,12634122953129857413,13225830209103111958,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x50c
1⤵
PID:3192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
a5a64c191ddb1382b9cb51f1c3038ade

SHA1
50442fe5203ea62b859028076a4bd680b0ebb4dc

SHA256
67fb4de260645c76ecf0392af9858c31f2d13932d22b213e4223d435c2ff02d5

SHA512
b3f6a61e09415235347e0a7fbe34df41ed6588e1a04759c568d2d99757a353b44903d36fcbd90383bc70368a14027245b28f586c83fa192c05bb19f16c1f94dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
798abf5948763e8781211567a1432705

SHA1
f1bb8ae3a784e260e9640e28dbb32d9d1342749c

SHA256
f9c2d681c0ca840fae3c40116aa458030d72b7696e78f9732281d7af22fc4a22

SHA512
b5c56292c6c550753694567e2b7b12a4e01d4316ba361dde745565936a9890267fa6bdd8783eb6c93b27d7b6be56330044704be624bed04d24c47ac23bc24a96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0aa5ae563be344ec9808d1667b20fc76

SHA1
2fbf721f22b2d7f0f21d6ecbfa21b7104c9b3196

SHA256
e30697a6b0369fc0ffd803ee917d2ee10a8f22024576e37e2f77944da0653682

SHA512
e5d749865c058e1fb371a6c41b44ba2f96d5ea0ed1b8e9229ad1664888a4688914b4c32a49bbf5f615a06777382ae9db961704d37b3b3d57a4f6f859ff3f0302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
023ebcae1d81aecb07dfda3995c1a4ee

SHA1
78871b267e44f6d7e26d1f0bbb265fa343f564b5

SHA256
65f4139f0372e32270832db73ac4328d81c69868aa0b7843d517d52a6d9a04a6

SHA512
78eb64a059679f8927437dce5a66699c8b658d227e426f03906bdf6353dd6308de5aec868d83a1f4dd19bb461d2e53dd985b60f5d6cda54bab6c8dd6ba12b000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
83c09f5741dbd2e916e7aca38664ce9c

SHA1
f0fccb0418536915079248ba002e9cf688d93b9c

SHA256
e8f7438d22b290e351ae719a6bd31a55ae2b370c6909a42502342f1cb007f044

SHA512
32c7fdeff826b07d40e74b77fec2cc902faa65142acd2a27037cede136c57566cb3767f824c3e312237dc0b45b48bf66b157097369614dbb51e16e80fbc02f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
7ea5a3f4c62d7236d4d8379b7bba5e27

SHA1
64ccad52a62446919cbe66f08ae32f14906bf9ec

SHA256
5b17372daa4d05b3cc83a9354a6042bcf32a7a998d617ccc9a024847f8463d03

SHA512
b2a7a6bf90b9d0c39d191a56013ef9ab630044142a7ad7a86595f091b7eb2f7b00a517200c408845dbd9c581756e8061030b7c6c09dd2c896d9fe4656c37ef75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
37d2f4ee94ee8ad52f8a209ceaeb1362

SHA1
a360ad526e6c61051f05d8a4d2ed3d0300db2313

SHA256
7cb59465b69b4ab706520816da8d1858a8b2a9c19287d93165acd8f33eb35d8c

SHA512
f6aceacb75abd844861773f202b1e1c2322495d729d643cff41bf3c4a5d265ba52a24b1c84a11792508ba65ceb276cf2e5db6f442e8a798afa718c8c2b9ce63d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5934b2.TMP

Filesize
203B

MD5
987627bff04442a58864bf45ce6ee4a5

SHA1
07b9ed0dc0f380149cff914879309aa6da27c8ff

SHA256
55bcdabbb87bc90db9e7fc04fa5e93fdbc8944d442a0247f9d99952e546ee2f8

SHA512
9da09a2a1695789313b6bb1d816de5847300236b3a1936b1a757c6a9d1d1e6689458eaeed4838701693a65af42f5aabb9f1cc19dfe719e2a3bca08d76209d652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ea8317fa-a659-4c35-9225-2a388f885ef6.tmp

Filesize
5KB

MD5
af2ce8e383c1400814e759cc9a63889b

SHA1
c8f312e4cc830f67cf8a35383c6c83d4bae90de8

SHA256
4492a7d4cdcb22dd07097ddce851c87970390d23d9380b4c7a81a61805dbf0b1

SHA512
cefb4bcd89bb30f3dbc956b0a57c529bf877b3aaa6fbab4d2116e330971626c938514f55b1e9d2ef1a72a2dd7b42c93a571f6fc17c64ebfdd01904c2f8bb0e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
51d6a2849399884afca51118b0d85766

SHA1
fed3c10048b5dec676d7219e379a9ff773de0c73

SHA256
0b3f7942c81e940b9f58a2d01671df089093df2fdb0ab48363c1faf666dfb8f2

SHA512
0bdc25976eab296ec9c6a52ee984968827b51b459aa01f39441ccb2b2f0c160bf9c64fe8baa049c523d482ab2645bbe0770074a2e3da22421c7d87865d32b300

Download Submit