hxxp://Google[.]com

Resubmissions

23-12-2024 16:10

241223-tmtdgavjal 5

23-12-2024 16:06

241223-tkkcsatrej 5

Analysis

max time kernel
900s
max time network
845s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2024 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://Google.com

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4000	msedge.exe
4000	msedge.exe
3884	msedge.exe
3884	msedge.exe
3116	identity_helper.exe
3116	identity_helper.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 1532	3884	msedge.exe	83
PID 3884 wrote to memory of 1532	3884	msedge.exe	83
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4356	3884	msedge.exe	84
PID 3884 wrote to memory of 4000	3884	msedge.exe	85
PID 3884 wrote to memory of 4000	3884	msedge.exe	85
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86
PID 3884 wrote to memory of 1476	3884	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://Google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b7e846f8,0x7ff8b7e84708,0x7ff8b7e84718
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15317303936910414276,3989945492030095748,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
eef5c5e507484b4fd5f23c0fcc053bd2

SHA1
12eba0320825f5f7bc5b61593a36af330bc46ebb

SHA256
734952acbc212d8f6c003d438a38e5ff0f651c5bfea9c573eed298bbb4d79cfc

SHA512
ee5e73b03b749d034814e6a74f16d6a3d68ebaf798133d2919d29f930959f21d5d194a48c28510dea1c2d18ba62522b982731ebe6e9d606a8c085557d190bb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
201436bde2f90390501888a9a523cf24

SHA1
51577b5938403786f69e938d713f604a2baf72ca

SHA256
6359975811dc9847c46bb6b0b36a654ed014cb4fe17b0971b84a2711d6e22d0d

SHA512
99e21775cdb5b1d95ca7483a2b711c11a9f4ff288405a1a066b7ebecdd39d57fbf8b394782e337c6fd175d56da6b6da172117e1ee26a5cb1aaae2b3d16d444de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9adfbc90b2de1dab6809c5762a55dd9a

SHA1
db479477e5ec77fb097fe147d70f1cca6a49c56e

SHA256
81da1a15e16ed562c971e1e39636c601c6c1b4f6979ac9b89c0a7596135cd56c

SHA512
1e22a46d365fb1dd2b953de3d36e025fa62a2ecd371ca0263a910217045d98658281d6a04b1daf2e2f1c95d70f77a78af89a32339736b274d6ce7e30482016c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
60120017ae20301193a268af6dafea3a

SHA1
7a40e7c02939af76aa088cf4b36890bd640eec30

SHA256
97d6216447db92efc837d86afcf41d3551a37a0d59481fd6402e7a8bca8f69bc

SHA512
f8c41cb1e8aaea885f51fbcec66f3d3d7fe0d84cc033526143dc7e45c56ed8e14ce73cb698f38a3f111ce09c304e56dd609ffea9d935ede9acb874f596945060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5ad7a426248c06cc549b270d0f849d5e

SHA1
01f08d1f7ae33534e5fc928cdc9d28decc0ce271

SHA256
fbecd50a56283b911d8d212e097de6f2475f8d3304be0d858684f0798d4f0220

SHA512
3d855c2cf87c1579c3469229157eabffa1e49ba344103ff7698b356fb7985a3152ae5b2cfcc7621df185c586b5d2da9972b676dc666f72e2abbee8d4601d2f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fce41776a2b9f93cf5ace83b154866d3

SHA1
62d2bb7f8e9c5e8169b8127545b998aae144bfc5

SHA256
06db5620c0eb834490559e54b1a97e6fd75745655662f48643fe7871d83c6ae7

SHA512
d15569cb41353908c2e81729bfbe80e777fb73775906ce60e4d002d9f4680eb701d57b800cfe57d4bc9af1ab564e145ed2db37f2b53d02e44e5597b3e2be1350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff68937e1f3791bc2848a001f4743da8

SHA1
3659f2bab6e9635f799c556494447b21c73e3da7

SHA256
bb3a85d6f3bd9fa87df687f0cdd6fa89ba266a1b05b079d2533ef1f1b03825e2

SHA512
2a026629564082129bc1a04b846659c40c08f4aac700c7c36b44c5bb9e04ed32d245b2536f01fd0aac680c2022c0085d19cc72eafba7a4ba9b2edf42c2874d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
925102b7b436eb68c3acf4257e6f36b9

SHA1
cd933f3647e204346489dd7cd07e2f8df6cafcd2

SHA256
225f6e7802163b3064a696bd8fa159bbf8b6f2be0dc8a466acc4698950a7afad

SHA512
8e0245eb3b5545c045e2a4d23efdc483e60ff848294f637ec6095f99e1edbb5ce8fda661d86036d8096aa96b67c075bd8053709530cc4159a183939ad80eb3b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69c0ffe5dcf42011254a10fdacee0a06

SHA1
64a3d417976c9a050ba8b40946661e9e933e3c68

SHA256
d4e0620fee910355d69fd097f9c38034b1d6f4e2f5f1f54812de7bb78f29b942

SHA512
fa68553d6dee1c41cb9693d7f1549994dc61a903533cd751ffb033b1a084a7a6ca47e4511fc0e78c03fb7e7c03af9814f4cfb57ac5ba8515b2488844922c0642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9715664ad588fa93e3e37713425f70cf

SHA1
431be4bfb0dbb933ec4e88eaf852f8738f99f055

SHA256
534a48519d6ad219889714d7ee042bb9f4ae84258f4c53d289dc6c85f36d1aa3

SHA512
e9f8ca8eb9db14237c7c6dc2cc8a1ec3be071b18dd4791b8d2e85c497a7484d0d17536b82de1b61fb1c35fc22b036240ce21d07a94a1ac894979de1c94bfb715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f94d0f2066d46195dc69af6071b08d5c

SHA1
0ee15cdc49da7008efc3678f4e435ada9326b80f

SHA256
0a26c023a1ed82bf5a5fb9630a378a0182fe7edea9511943cee7a27eda6fe4c8

SHA512
4ddf08574d7fce7447f2d7ed2d08bb1c853cabe90034816e8cfaaac0aae5b27445a170b99a81f4c6ce865016d591f4d71ead8a48120dc26aec568b379abb6bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
acf96e05ddfd705c658a04f75222cf13

SHA1
629d2ee99534b7e04a904aa552c0e7ac31c888ec

SHA256
c3c7a58584b16fb166d650632830cc143ba7fd672409e37aafbf5b98e70136c5

SHA512
47b5e178b2b7d1d3026d29b8216995003962aa916770497e27d6613d3b7bb168cde876b0a44825113cbb033b8dbec5ce06309540c497bd4a5b51bb1dd9e687d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
604c41986a468e88cbf6c987734dd96a

SHA1
eb712f4c2ee66bab5e870c99da5429044c02eb76

SHA256
b8f8b443d3205e384aaddf886a10f4f795c6fb10cbe3086c28bd5b1e9dc77731

SHA512
adce13edb490894f9161f63c48f25527f9b09cb99777e95143cbfbe6fcffb603fa215ea36cefa216254e926647107891e2e53a39ca373264129ef2541c5de8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587ac9.TMP

Filesize
536B

MD5
dc7a4376e9bc806a8f994252f6c36818

SHA1
c7737d678aa237088d1e05c3f5f0928349dcda43

SHA256
639a079742f792ad31bc9820132ea228f4b9fabd90ef95e7f7e9f36333ea0297

SHA512
398de8eefebb00dba02dd86083ac5ad45d39cc52d539dd42518ecf31c8f2448dc2086dfcfa3e9bf7c7e69849507af0fb2fd737c22072071ebbf07ec0d3697105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0d1addabeb3f4b32902870bf5447dba

SHA1
e33a562e8856b6795d5af49832be34f0c9bc4164

SHA256
0063599963eb86a19493444a33b27f7c0a562d2af69db6c803cc302b7690d62e

SHA512
046472e7e7fa26a549106771dd9f3b52b667c9e2a0f8a6543b760a426d1d8084043667b0b8311aa4b9138edd752c74809a3a00e8da0172b5bddd3db266d38835

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit