hxxps://www[.]google[.]hr/url?q=hxxps://www[.]google[.]hr/url?q=hxxps://www[.]google[.]it/url?q=hxxps://www[.]google[.]ro/url?q=hxxps://www[.]google[.]nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fimported-agriculture[.]com%2Fapps%2F/IcQvOuOAhiRUKtuBFMEv1p3/cnZpdGFsZUBlbnZzdGQuY29t

Analysis

max time kernel
197s
max time network
206s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 15:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.hr/url?q=https://www.google.hr/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fimported-agriculture.com%2Fapps%2F/IcQvOuOAhiRUKtuBFMEv1p3/cnZpdGFsZUBlbnZzdGQuY29t

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3060	msedge.exe
3060	msedge.exe
4920	msedge.exe
4920	msedge.exe
2732	msedge.exe
2732	msedge.exe
1464	identity_helper.exe
1464	identity_helper.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe
2964	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 3660	4920	msedge.exe	79
PID 4920 wrote to memory of 3660	4920	msedge.exe	79
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 4200	4920	msedge.exe	81
PID 4920 wrote to memory of 3060	4920	msedge.exe	82
PID 4920 wrote to memory of 3060	4920	msedge.exe	82
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83
PID 4920 wrote to memory of 124	4920	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.google.hr/url?q=https://www.google.hr/url?q=https://www.google.it/url?q=https://www.google.ro/url?q=https://www.google.nl/url?q=ZFCKQSES42J831UCOWMB4MEAK36T3IE7YuQiApLjODz3yh4nNeW8uuQi&rct=XS%25RANDOM4%25wDnNeW8yycT&sa=t&esrc=nNeW8F%25RANDOM3%25A0xys8Em2FL&source=&cd=tS6T8%25RANDOM3%25Tiw9XH&cad=XpPkDfJX%25RANDOM4%25VS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2Fimported-agriculture.com%2Fapps%2F/IcQvOuOAhiRUKtuBFMEv1p3/cnZpdGFsZUBlbnZzdGQuY29t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xa8,0x10c,0x7ffb355c3cb8,0x7ffb355c3cc8,0x7ffb355c3cd8
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,14106712631757354031,5460702699714432778,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d53f4d836e2571ad2df7e03d177a3090

SHA1
92b8403445936b304bda8ec0e6ac2d61f98b5fc4

SHA256
84cd2d6ddd480bf3e6d7dd87d830026d18da0588e831c27e21f365d3d9cb40a3

SHA512
f96ea17c87b58eb7840b4accff2006eb0c4721bd00ee4103bebb8bf680e6085ed522f5f5e0b20b8f99b00f38f468c58d72fd324a8d7e7a4d766a7c5a7a4de0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
30a3d46144770a2ddc321ed69a8ace2b

SHA1
97b5ad312b5ea5be2d74389467bc9b19e6844f69

SHA256
33b42bb3fd35b5602f994b0557b4fa6d6613decce4e50f1d7d33c2c7f1556f76

SHA512
64bd2f4ff346b68d92a4730763e33f9dafb2af03bf71b619c6f9b393f02dfaa7d378b72c93b33d731417394c373ab7be51c3bbeaa93802302e5ec68fd7f7ff45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47c4ebb0cbf7d0c6_0

Filesize
344KB

MD5
488cd78b117d29db4cf640acb554e61a

SHA1
3d8588a16fa49a55cf75e6859c387fbb4ea0ff0c

SHA256
1b9035df55cab7efb29ba026a82414dbf380a072f7bf9163ddc34345037df104

SHA512
db9e0664c8a089faf2dbf28e8e4195f3b4d77a2b092c81f82833f6819e18cbbde34fc136b1de973ba5b7468a76d37f6ca969dc6dbdfb35e02d7fe1af8c422ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0

Filesize
289B

MD5
9e831ee37ae1242cb6436c3e1764d02e

SHA1
a38343c9b932db9582a9fe42366b2c689d7442a2

SHA256
f0f252107193ffa90300ddf94ba4e32b83b2a467cab764d41dc4d9aa8dd429ed

SHA512
56529a0ca8966967b8a83592fb3f1c7451049801e618211f5c3200dda6f3587145dbd182a97a69dd4b55084422ccce47c5878a786f84a794c10e9e371467282c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e90f3de079e4d23f_0

Filesize
19KB

MD5
d4ac972b2905ca52611731149828e5a0

SHA1
9ed29532afab75b8c04ed96faf6d23b3e35252a6

SHA256
04c920ae95731e8a149380de5036270a8a1bf27f7cb16eda73944028d1b5474b

SHA512
c08724b382381ccb684c814326f193ad31f515a4375a957cef3d534b85402277c088efa66c6462bc6d4dd54a78fd9b80d45b9bfb0165ef70d03a1b6ae1cadf94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e52c8979b0a7ef002bd5a270f56ada8e

SHA1
95ef3614695a495bf655dac4eadd0201de82443a

SHA256
f6721df7a8f0fffb9695625400c80c739df5ccf0c1272c6952f7a64979892ec6

SHA512
de72c0d2811fa219b72f3c5bd1ad03717edc5494bca1b5fa62076623ebdda0a1a680ed999d068af32c9c176c5445d95ad500c7edffebd0bfc780793bb79b03ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9edd3940c805d5fbb373339df7639b34

SHA1
e80a64132af9e79318c9c73d474d804a646477fa

SHA256
0f8e9129b7e419c57e05ab9245c2dd49987f8999e0ee4dea957e9ca275d8a9e9

SHA512
513fcefaf4308c76cc5094bcf89b20ffdaa6f8d30bdb0d470d0555afd95fa66dd84dba1fa631e9ae85a57f147a94571d9adf3f91d8f002b0709fecb211be8894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
7e35a18c00a8e52cc4480f455cced204

SHA1
b73c803148f861a12c3dc026d2a60e1056e90657

SHA256
808a7f850ffc3b8614e50cd1f10a70f2d70e042058fcc1630be6b330852036f7

SHA512
cb4bed2e4e93004e87c3e1a200709b5ae27870374e20814d56fb6e7a90a01e90c9b0ff47a8fafb70be22afc445ae288252af4a888f03293ce2fc050f000023e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
a52ceb109876e5f2e043cf233f00b3c8

SHA1
0c76a365dcb3bbeebc9f7b1b2f2c7dd8953aa082

SHA256
9be5f515542779075dde5de11c27bc9186a6226753baaea9ec45b762831591cb

SHA512
8ae3dc9f7ec81c3b91f6466871a8345ee05869af44e20aff83be60d94e273cf5e0d6b24f96571907306c067aac8cfe9b9645a3ed02b052d9f37ccc7f4ada0a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c7cea8685c99bf4299479dcf10a8f6ad

SHA1
669e336c3206bb55eb4c6c05e5a21d127599ea75

SHA256
04c4151d06b2f850f7b41cfbc8ad7d096c8b1a3777d91016e94acb1582157b14

SHA512
00d35d83799ff02977f808872db8b22406c99f2e7097e23951c70520bbb6c2a24dbfa6b580457e7ab0fb42c845eb87c1fd1c1474c4244795a4ee21f8ee1d4a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3b36810605542d3e15df9d5862456d56

SHA1
aeb89010cc0ff0c1b87331d7ce51720681778bdd

SHA256
3c111c56407ddb6457db405419a99d9fcc490cec7faa79a706ed9f988a4e262d

SHA512
653dcfd79cacac8a62a65f628511a6ad172833f971696294f9e7adeed41be2070d1f3327a9b85d7809c15fd36aaae6616c1556338249a803090acd269344cd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
703e743da9052d526a85c864e5468b6d

SHA1
e271d0a4d591245452c3a018aae6d89cb1315ea7

SHA256
57e204a27a9284d6e99dcfb8a61e53dfc9fc4c7814e3dccd59e8650db431e233

SHA512
d819bafac2d585eb81efb4dbf1cff783ed6eae7ff82d9d65ed539d2c4c83d343f00b860290c14abb5fed0195cc8b8d7d561adaed40aa29a591550cd2f696e3e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1fca8d2562f0776617bf26c6a3706d11

SHA1
3873353a08dff2d38f2e7de7bb7a497e987bda4f

SHA256
8b0a3d00fc56c571f7cf4bb2d2abfb336c3672a7cf3bf263b89289b79f775204

SHA512
bd83ef2ecb4dfcc4c46bdfe452f90cc6f168d02e6f844379c11055bc744a997f3a031e0f29d56e1f0ab6ea524ac35c823bbc330377d7cb2b09751ffe1d2cb0fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
50001fc4baf2cdcb05165ea843adfade

SHA1
c9122d00e0fb29a1ee17ef98115de488844894bb

SHA256
6a4d8ba8e34eb9afd4b05234bb40a00a865e67db05593c242ded3e3995a85fb7

SHA512
0cd5e4e2c1886235e745c4c88ab37bb44daa5991b15ba39d976a6ded678f2977db6d62bdc4d675deb841dd41da08cc7bcfaecba890679ce648004e07985530e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19efe6af438792d4df0dc22a9c6cebdd

SHA1
8cbc842a0bbaa16206af69635f608319c08aaa9b

SHA256
ca978866e8161e838aa21bf436dbb75ef0a1dce855306151b061d4efb99cc8cd

SHA512
2d169ae04a44bb45d82b5a71330ec0eff509ff6005884b89cc7a1f13d1d8d914ea857c1f23617a7e3d6575d7acf0dc8775f993152142677867c35e2087ec76b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6704c21858788bbae4cd7f382b37712

SHA1
8882259372b8dea8163eabcf651eb29279d53131

SHA256
8556c2adcf275ac20b70234c6be3d8eaf119a86958214071897f4150efc76cc3

SHA512
f1f90d2c40ee6d4ddf9c1ebbf9cb905f212dcb134a1c9df23eb775dce1b0b6a2fd9e187ce6d5eb27a22e944a93b19dc41109be06124b14c70c23c3f20355c5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c211e49e40bd9ba26fbb5f529bba3ef

SHA1
1d61024b6369f02eed5ca35e9490aa8785f77e2c

SHA256
b763550073211d7f80f3db7ff26e75be9d5b2f1c2d1ca1a7b8ad16dbdc1233df

SHA512
7ac03e0746e9e7abc05a36ed0f29d4062de06b324b2236e63187d781abc9a99220af6034a5c721458a689222fc77b778190618c68b2b06490ca429c8a2a3ee66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
16621e525d0ff4b8147bffab70a52d47

SHA1
9513dd5f689277c0cc3778fea705d64377b8e51e

SHA256
53e406ac04a7759ad8de125ad4740a25b9d25f9a1c52e67a13dbfb8a51b7568e

SHA512
a56cc75ba916642ba9908ab3906b7c4484e0c987ac4ac58b3d8184b08bf62a118ec3e44ebf3af36478c35a21e14f1f10e438e516fdc4e2583f1199e0ce349918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
25KB

MD5
dc785cefd19b82f9d2db56f22249003e

SHA1
dec5216149767ccbeaa713c8bb74aa27bcfd396f

SHA256
730edb21e78df15dd9db7b13fb4bad0c0184a75469f0c431f6c5965c7f6fbb6a

SHA512
f3bb0510b6359204522516d076994e764fc418fe6623e17984ce771ef42dbf0f4335e6b890036f763b2e33a69a5b35f101fa3b9cef89790c4312a41ab7cb691f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
a8e3b648778c471b4f82b88ed0e6ed77

SHA1
5c0b8aefbabbde87ab63540b2d52ab45cd3bb9c6

SHA256
6fcbeadc0d9aa3ae18b1151353ee43e8e34fb5f1a11bd48457fa52a3d1f5c493

SHA512
effdb0fceac6c1539165ba0d620fd995b7eb075a737445e16a902dfd5890ab5c5ebc5b5fd46497d4bff2f7192a9e9882138c0f6abbd1bbe5b09f416446e4342d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
158d18af59458a5986c5c4b637ebb868

SHA1
53275ee8cafbb389cec4bb90db3a74943217ecf5

SHA256
597bb93ef2c36a96872f6e03e2c32e42c136678cb9567b9d5fb820b9bcbc2ca3

SHA512
5674db62e05671df965c1557f6f18211e4e6254febacf35450437b331b855419202204a09601725fae64fe67761ac0650fba64ecf0b38157be8ee011819ced91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58ad42.TMP

Filesize
204B

MD5
3f85aae09af69669abf8b36d3dee3a3a

SHA1
bc5c8fb9bd5404f3a5d737e19b542ed362e7f12c

SHA256
4a9671557ad5f46f786d0b7218992964d651032526250dcc8adae6fab9a572f7

SHA512
3bae7e280b34084dd2ff40413b82bcab422e689fc85fac70c3c2727e1cf8cda5c37285c297b1963dccd2d659f8683e5e6f488c8def92d0cd1ce50ca60be172fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c84fda28acd54ec3bb33389d7eef7baf

SHA1
c6a57ae1cc50c757780c45450d525f72b68e5857

SHA256
a2ef23dc69196631a7eb20d33e52388e03f10e7ff265cdf63676f05203c0cb79

SHA512
e6721821282a44537c1d48042f1ac3b79c8606cd546eaa48113a26f01192913134a17c2ea234527d3bc8d0d5803ded2dd9f53bce634e29c7be6c4f0469aece33

Download Submit