hxxps://jcard50[.]ru/e

Resubmissions

12-01-2025 11:52

250112-n1qa3stmck 10

Analysis

max time kernel
240s
max time network
241s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2025 11:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jcard50.ru/e

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe
3000	msedge.exe
3000	msedge.exe
3044	identity_helper.exe
3044	identity_helper.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe
3000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3000 wrote to memory of 4772	3000	msedge.exe	83
PID 3000 wrote to memory of 4772	3000	msedge.exe	83
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 2952	3000	msedge.exe	84
PID 3000 wrote to memory of 4540	3000	msedge.exe	85
PID 3000 wrote to memory of 4540	3000	msedge.exe	85
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86
PID 3000 wrote to memory of 4464	3000	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://jcard50.ru/e
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb993b46f8,0x7ffb993b4708,0x7ffb993b4718
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2880 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6164 /prefetch:8
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,8948286295052246200,10386810310759180478,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6444 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
df18f2804640c24134ad03e1309e2ee4

SHA1
c00ecc7cba6f56ec76a8d6d87e74c5ebaf5cbf2e

SHA256
f2b3d8fac4d7325808078f7ad2a006d10957716e0544557eb3712b9fa5fa5887

SHA512
1a8968388c3c951720dbff4dcd5bfc0efd99f227d8bc33e7c23315e7b56ec2f100614438b6a8ea2f74321042ce90a7492df2a26bb3dc346c995f344b1396f56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
802e9b4c7b284dc0921a5ca90cf348af

SHA1
7fa9d9e691ac13c0807ff5630ddfa72e68d3f7da

SHA256
2264b0fce0cb906f8d7ecf2642568f528a62e967d44f1d3c049b3981d16f74d6

SHA512
0f03b03d97fd60d60d0de5343975800638852b97ef757ce3ceb2e4d4d58508cc22293bdb5091870cb692f2066f848a090229d65510d2465d2df2cc43893fc453

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
c89ab7a6064eff222eb19314a292c877

SHA1
28789f340b472c54d60008925c51a3ba6ba59b13

SHA256
b80d9468c5110b936f961c6b08d4cd226f74128c9f2602232bc66d4edecfd46a

SHA512
388261250479e762272f7ab789d1c00ae2b4622dc3487754b2e1bdab433d45d38108363fb53786eca4a5c640ad457ac9a161663b41631d2eb659dab689e4880a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
6d080e29b7710b3f86671eb3ef068366

SHA1
7d55636b9bc76161d2d73ddadf7f0fbb63fee62c

SHA256
9bfa3a17749aa90cd868449f96889710e96de4c8bba385263792a446e11b70fc

SHA512
f0cd0677675d1868d60db829d1b11580cebf294adfafe8e517e7b2d7bc49a4ae6f1f15951624988bf0aef8c3195de0dedad64400069f8e080a1ad57bc6197471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
912B

MD5
d7bcd4895dc1b252b3305f192d19d963

SHA1
722de733e10bf5f11af513ad182c062a98321808

SHA256
a81a37e9f883d6fdff58d08180500d6c68af557761094fa55086413e67622ac5

SHA512
11ce392dc1d3d1f37a1232facd4e5529fc914e5641b30667c3892dd87a2675b40f0b87eed8af8bd65006b5659bf34d6d2d3a563ddf697bca3de01c845148a2ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
623B

MD5
c5bf8c5b62bb8e58b5d0d9fc53a96e0e

SHA1
d373b5546aa8fca945bd76adf1db271eda27d60b

SHA256
47fe0f3848782fe8fe3305862b9ea9dd652575ccebad86f16f83e9e389ce5ade

SHA512
a9c6f5df656d1d23b609a92a74134ff379e08eae5ce15cd0e7b57f5d58a7c624eef43f914cb8cb91cf95081ecc81ddf7f90685a982a05be5eb77a95abb37706b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
5db1e2148a76a36adf0fa876fd60f9d0

SHA1
7e2f6815e3e309a70f33a3e1d25e69f5417e9c73

SHA256
d914370628e79cb91d8bed8aa0488fcd31efbc274fcb6cfd3faf3651e58600f7

SHA512
7b5e82012104e63631c2a7d35efcc0c47c63d1b70d5cfcd63ccdc6281547952ad0a0544233821e9adb739238e6cc15affd172c1d3917f6404b08150321c64a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d898d8f75493449ef6b8c6efc3744c50

SHA1
85ffa065afe4b4d2dcb23753ab6990f6d73f6689

SHA256
734a0273532149c66eae58bfbf9f8d2a7b471e7a603af0956ed867f47d2f44ae

SHA512
4d57dcceb90bf3f2756cc2b1ef385ad54468b56dcbf12cb42110e3fd3ddb12f1a64343dad1f56ce31ee0899ded9b95644298773f07b4724cfa74b4ae5663bcdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b313cdfe9c2ae8e288c5687c2f688d5f

SHA1
49a05e20d2494679bb4c08cadd75b965af5b489e

SHA256
c86653d001d246810083fb6a7a151fca998b27e1f78a46be2e14b7e023f58278

SHA512
ae70ffd400b6b67996fb4bacf8dafe54e2b7699cd8b8fede64c1d740faa61f1e6d9325ddccc7ab9be87ffcad6ee156b5fdb30a480f076f655aaf4e566ddd4a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8bba51ea7c20ea6cab273b464c08de15

SHA1
c57caf329148dff82bd3f7dcbb4cf06e0eef5872

SHA256
e4c96a7f5b360b151bdd8d10ff774b505cdf89cd851c4ae392fd5bf77a23e5f7

SHA512
4a845d8b81243585bc9049301a58d0d68c3c2d476724e68b0e69176eacaac55fa6849cca66d5d554f77b0f80bba21a672ea2e86d9fea65f179e278d8bc413c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8912710d4f5af35a7a4246f615cb379e

SHA1
d646f2300428e857e12af4175d04f0a5f50eb11b

SHA256
89264570116722b6ac44ca2ef2e941453914192809a2492f3666486d68f63979

SHA512
b64f898110fde40a01f3845aa360a7be7052eea3958243e8179a195ae14f5e72756e9d93d4bb7efc1260d50fe00a6267646300739367fc0f7f2921ad836f4427

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
e3466d35994b964bbfc6da6c97cd6cb7

SHA1
7caa6c25f57a9ab31db922b60d0868ef1841b51b

SHA256
8a0d2dcfff4e29b0a156bd2120989f98b27166b79cbe6fa6bc51d84e965f13a8

SHA512
b2337c88c0786c89547b3650d454eb36046f8fa91d6fdac383605de1f4a853cfe0eea5365c5341e0fc9cc10c224a779dbc7fed8f20d9bcaa7504334855ca6e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b5a4d528a402f0cf77d97cf7bee76b36

SHA1
488f449a1a43b0ab8573374a01bc62291ad07965

SHA256
faa78789007034fe51162d7f3ad820ab8ed7ea05e3b65e536e1478b8e31b3917

SHA512
e73b896103dbeb6d46ba357495562cfc53fee1ffe6556660dec148b0ff6ec11348dcadec460dde58086a8a45c85d29e8a9d4d626ba3d48a3e81303aec201216a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8be10178c5c01159ce55936e6b120294

SHA1
956b517288b73ec4b4dd272bafd304ee2494e00a

SHA256
134782dac4e7d6b3db748af364501f4bf13792a4b7e9eb50128db52976ac6b39

SHA512
d76611b7aaad02acce12ea6286e5832af1b791a53a054c989eabb86247d5719849fcde97909987286fa929a45a1214aa37a754b86a426b0398b3226b5ee206f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe36.TMP

Filesize
203B

MD5
b5a3befd9ca0592dba73d8ae5c6edc0f

SHA1
42ad02022efbffcbb9aae9ae4f72be11cc14a4ba

SHA256
4fe2b01f819e7b0a785b6d036ca49a1a4bc98d3871d0bd1ff7afa6638612c837

SHA512
7f53e47a9a97e9d09f307730da2a88841ea86d394eb67b47142ae79953cf0b559c270b1f8f9f2cce134674a23f92a332148b7bc98be8dee288b056815176ee73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5f84de4adb51e6f3683be0a7abecbab0

SHA1
1b08449207b15fc8fe83718a5d524275645cb05d

SHA256
2096f02412db142d1130665d19eb3678d703bc8efae890afea2cd78684cb6fb0

SHA512
e7bbbd95086f6999ebb669fad27254fdee165323763bd30bcdc224f4b5de8f9040c1d501e050924f5327bbcbf5e84a51e0c0c0704cfe92793840fbe8db9faf47

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit