hxxps://acard50[.]ru/e

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15-01-2025 14:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://acard50.ru/e

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3973800497-2716210218-310192997-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3008	msedge.exe
3008	msedge.exe
4484	msedge.exe
4484	msedge.exe
2948	identity_helper.exe
2948	identity_helper.exe
1440	msedge.exe
1440	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2716	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4484 wrote to memory of 3040	4484	msedge.exe	77
PID 4484 wrote to memory of 3040	4484	msedge.exe	77
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 1812	4484	msedge.exe	78
PID 4484 wrote to memory of 3008	4484	msedge.exe	79
PID 4484 wrote to memory of 3008	4484	msedge.exe	79
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80
PID 4484 wrote to memory of 3204	4484	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://acard50.ru/e
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbbaf43cb8,0x7ffbbaf43cc8,0x7ffbbaf43cd8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,8072394929053422125,3867226348806651998,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
003bf97d7716508aab73bb8f5204b980

SHA1
3e620b6efd8a25fd5f34938cad9bce58b71d94cb

SHA256
3e0e15d8b7719624c1063baf24763d6475c8e8726eb4e0b8a3cabe7013485644

SHA512
82cfc18c4548ad61ddd70af0a58d70da872d0489a804c6c0ab16865f67a4bcf3022df7e1147903b9de46a017eaa521c443bc43da6e663cb7bf8e7b1962c0bbc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
94863cf1c88d154a3be535326d1e8722

SHA1
15f6e6b277d68bbe1a15c45fa0ab9e827aca1915

SHA256
8cb2b2a86bf8eefd2fbcf775a55ea1722493645e4a5e5c49d10538c86b5256b4

SHA512
a0f7d5911f9c8f723d642f29c55c117c35f1258dc9bafd66bc9234a77b652e42941d71a5e73974b5035f01202f94b70989e3169f87d4b95e7afa3ddb1f0fb21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
543B

MD5
53101a0df921a4395c292e67392b6dc9

SHA1
cf4f2989940c4a00a286730c931350ee3a1f1f63

SHA256
d1b5991122a82022f991f9eb2a56b821cfef4fa56cd56411b2acde8cf08f4e64

SHA512
043214b659811422a79527b1bb08709a0a21420141155ed51f1b78ab3221c0869cd22fce7035b2b9e00d7cb9bbf314e7fa5adfcab59dd6561f42dc18d92f1ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
8921cd8255a233f8e3f5e27de7a60415

SHA1
220df65531a4144e7740228f1c3efafc505a5d34

SHA256
6524bf0d4de21e3b24374184e6bce32e088a35e326f27e29364e28c551684e7b

SHA512
2f58a38806c26177c5fd58c928e85f3285b490f71fb6ef4735dcfd58b277af686eb0bbe1f54cfae033e7c7f8430b7605103cff6709e625248b0f16168a4417d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08c237bdc1f18431152b25ae7a75c645

SHA1
b87c73dfd1c6782c4601bd81ed88ec8e5c8553c0

SHA256
843720272c25beb23b8cc442b87c1faba4e5a4caad121af80dc77a11ecd7b3f4

SHA512
34de2dfd598f249d1aa9187bbe7bf9e4ba68b846771661e9d3e9d70baddee04fa4f69e3162dad45a418a108a111a7a704620e40ced59969bfa1163a2a2e23de6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3489282b501c4694443ed2e95bc2ad49

SHA1
885b8beaa08372f6ccfaaa3d39d0022d98f820bd

SHA256
30cdaec14cb79d1f30b6a72687579d0196bb5b90cd9324342e2258f7174d25e7

SHA512
15e99824a37edd0180ff208247478dfc8720fda3eb3ad08f010245ddec77951dbd17904814aed0c1faae7ea4edca41039066b24d4894258a0aa20ca5e37c1489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f19bf3e1ab3e9f5484bf33288d747f38

SHA1
851867cfce4132ae5ad7a50f28333b37f2c30d9e

SHA256
f8e0aac1d61a9488f2cf9bb07545006a011dcd877bcaa0209953eb85f4f139e2

SHA512
3655c48c8b8ec0467485f5357deb04593bad06466ac3e07a9895f33b0be70eed970dfe0da1e20ac3252371fc42ad290f6d510679f3c2f87991b50dccb212f70b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
324957ed1db3ec26cc8c4aee432125df

SHA1
e3e5aaf856737e5835aa41363c8c0c5505f69e19

SHA256
165a97985fba926febc8115c2936ef7b329820f67ac7516edd5947a37c5a0f00

SHA512
a212fd6b754c6c2bec03b1b602e543f5a425c8974d1961f6e5c734779fc0f05cd8faa8ea4a69df88bd9726fd9707a5488f0786368af4b5b4d314a6997e104041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
496df3f75b707fc1c4d3cf7b82679e51

SHA1
010c0340a694ede28c27eae674d0a47f7bb0eac9

SHA256
0e55af751c4cc9a01cc6350a820ae433406e3a86e83475083cd64b707b0acf95

SHA512
4d945a3dad790d03029863d418b7df8516aa5422736d92bae9662bc0f421f0a7800a53627591f583ffa72597d180f2d7072becc87b69b04bdfbb6d40ba9ac8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58d3d5.TMP

Filesize
203B

MD5
4ccafad8c589a9a0b8dc778bc0ff7de4

SHA1
8a7b274ad4de0aa3668aa985142bbe7bf0bfda5f

SHA256
dae5883ba9eb5a1991d8985f420961b01bf5d122cc70b1db9ec9dc6f47c2142b

SHA512
85418918795b31da94c273fc1f5d9a0e48b1775ccf463bf46b617fe2b39f5b306f5f623dcaceb1774f5ba37fe1e1953ea4c0e7696be9aa400ebc6e7a6677c36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a64670e160d0e0abb5270642d246160d

SHA1
0767e5d1328b7494a8cd485746f6a3620550ab9a

SHA256
075ac403dd46c38160b68d2a30cf24638ec17cda8542edb32be3c1a9f312c5ee

SHA512
17accf2dffcc83d508a0604039532ca67eabe9057f1022d711d503e79f1d17e9a7fb834444e412009119b43c44011c9b1b9acc007409d2ae6ca28ef895784b8c

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
76fbe77cbc68f3bd5f0decad25775716

SHA1
2ebc2dea0b2224ea73fb5413d94ad38218122bf3

SHA256
8d59129db45c9f234318144380c9d167d89a9faa8e2a6aede9b5a3bcfdf650b6

SHA512
1a5d850914bd033defe42de3a333c2a7497927a07289258acd5ec08e973b4ed45030b0f299d6da5bac16ad607ed471b3db52a5c9676a532ecaa0836682618230

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
0c71204dc7dd088aa8f1b279e29d7bf5

SHA1
475dbeb8589312574e6b5f3ca2913b8b80af155b

SHA256
28f655f695c0992c73fa7b02fca2c93b65aec5b8c82297e1be30ed9016eb54a1

SHA512
f10ec78286923446833e4f19900a790be0440885688fe273a811648de090a765ea82ef8ccc062987ec12285e0de608b803671d01358a18dd4504f90845169826

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit