hxxps://google[.]com

Resubmissions

07-02-2025 23:34

250207-3khzdstlgs 8

07-02-2025 23:30

07-02-2025 23:28

07-02-2025 23:25

07-02-2025 23:22

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
07-02-2025 23:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file 1 IoCs

flow	pid	Process
80	3492	Process not Found

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4332	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4436	msedge.exe
4436	msedge.exe
2540	msedge.exe
2540	msedge.exe
2740	identity_helper.exe
2740	identity_helper.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe
1104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe
2540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 1532	2540	msedge.exe	86
PID 2540 wrote to memory of 1532	2540	msedge.exe	86
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 1808	2540	msedge.exe	87
PID 2540 wrote to memory of 4436	2540	msedge.exe	88
PID 2540 wrote to memory of 4436	2540	msedge.exe	88
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89
PID 2540 wrote to memory of 3496	2540	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d6cb46f8,0x7ff8d6cb4708,0x7ff8d6cb4718
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,5380241354986558206,16614160502166336646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7RTU2QkJEMjctNEU3NS00NkZFLTk1NUEtQzQ4RjBBM0U4M0YyfSIgdXNlcmlkPSJ7NDM5NzE0OEYtREVGMy00OTE2LTk4NUYtNzQzQzNEMDBDQjg1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NDcwRDY3MEMtQzI1QS00OTlELUExOUItMzFDOThEQ0ZEQjQ2fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDQ0OTciIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxNjkzODEzMjAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1MTkxMjcyMzkyIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa50e46aef7f210bf65d44c570031714

SHA1
41993bb24a2c4cffdb5ea9bd4eeb825bf6b6fa79

SHA256
857a7702a47be49f185619891e5c74e34b4bb2515279033f3b5a0a9be2da839d

SHA512
dd5a1e88b2000957e3ddf057329a24dbbfc5408857cd1432799f20c21b967b627627bf1a3caa23e9698bb8133b7033d925487bcf46d864186a707176f8969029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fc7e2abfae997eac3dd58ba7132b3a2a

SHA1
ed7e80b26252b600acc6d89b985f4235b0fb03fb

SHA256
be084d16cf52949ceb38b98ebc8761cd5bf1a6ac9e8c247efc12bb669f5f023a

SHA512
a504e52646c4be5ee0f0d979b0d7a539228ab638394c658d1a88eff86f6db4091146b176484388afa6967a296af7ea97b4d2678577ea85f83d721ef2fe63f928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
c981269d3f0021e315c5b10452605204

SHA1
31bb708a408ee40cd463a06721fdaf44b8ae6070

SHA256
5dbc4b604aad3d93352b5562003c263af0a54018829c418f2ba68b1cce7fe4b9

SHA512
951bd7ef2d54f634dc083c1d5a9011a1d6734123a00d4821ff6b8adba1847b887bddac5aff9f769a8a49f4348a8e3d5958d82743674551be2fdcafa6c834619c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
425b55252d30538df814ead783c47480

SHA1
8778040745997fb641c705b60f0b6dc948046b59

SHA256
6193c122b477929d98e97fdc6ae46251d80ca5b1829ca7f2430e5ffceb6058a3

SHA512
2e985f42b0374a4e468eb4a3d291fc947baf7deb65c1e7e759db2ed4f52ddb4cf2ef3c3cce5f2345c0967ee91a9ced5c339ae58a9e33441231e729b17e4d6ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e74e44098e100a59353497f656a0cbf9

SHA1
d6bd0eb9bf3143ddead953487adc3e5e2cda5d17

SHA256
ce4e0dc9153150b8d7b72bbb617bef3a4812c2a79f01d37e93e0cb075f12be0d

SHA512
bc71045dfe3094e693b773752581dcb28f0ff40aef0cf566d77d0025793a395b377e165ad241a556f501a8241681497152d522354d3e6c9b8327dbd127230bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee0bdd77d1aef986c071076210aeaf61

SHA1
2c5f39764481d21fc54ef2b4d55145bcf6134235

SHA256
51e336786c421ea833a2c09ad8eae660529a76ee01ef2b968a6eef63208c908a

SHA512
4f0f73f65b04f9f299e01817146ee7cff2436aea9c6700dca9537ef842bf4eb200a01a59eac907232abd9ef10773054c161d077ca20f4fbe68f174160254a34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
609485c3d0f8a14aae7b22e76014c699

SHA1
1e9328980906bbe63e41bb6dc6b30fdcb4683bd3

SHA256
de718bbba795c853e73b21a0f5762fb740bfc2e0c68f40c90dcd0f67aaaa1eb5

SHA512
2e50b0218b6739588e0c84e0c3fd1f76b79089c34461af9d3dcce8fc285781f1c7167c21537794eab88f4f79155dcd3932f21685d783a4596506c22abd7c550f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e93ce3aba11378af52cf8b6c61e9ae3e

SHA1
d18dbeb9f17e5387e924ac81047875157f5e73f7

SHA256
0f79e66bff987510c128e9860a9278e17b1298f6601153beb4f60b4f0268099d

SHA512
e87f3d202e72e00f25fce5f5adb4e6613ef8a6a74abb10555a897b8487290ff4328457c46c9e3f2e90c4b38cb68a73dbd9dd470ef97c608bb9d6f7860d10edf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
202B

MD5
f9f95137b4ab6d0d15458f99d29f7977

SHA1
8a1455ae5fb5efcece4b131cccfad7824bb90518

SHA256
c571b7a5bd290b01799c4d0b7bd2143d7dad3fa2e068e188b79e290c729a356e

SHA512
e7f132b74200cb84245b7f7e8dc4a0bb6cc3c2d5849dabaad3dc3eabb00f1a2ce2002238148767fb9d0e969a5b813a8474ca9d31f277adb990c1dbf0411c5b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5885c5.TMP

Filesize
202B

MD5
a3d8a7b2ba5f84cf906e7e50bee3d4e8

SHA1
f046d6a6fca61050a1a29293823bfe8b8914f77b

SHA256
5ea3ace6e2f9009d5170841235bcbaf4e9a7e72d087b8003b18bdfd52eb0365f

SHA512
160e86556740d3138553627507d6429f647ea8d319bf2ecd2cdaa516112df38e7f4f0f4da05b5ca9ba83b0d470d032dd642b04e9696052c1c8027f1376dc83f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
38cc6a08b154c5a34fe84c7b415c35a2

SHA1
0493a262734567cee52838ee723053eb00bff8d7

SHA256
bcb413a564d8745e88e2d594fd80731fa406234b1d72c86c4b3bd66afa2ad81a

SHA512
8eb5c03b616b4e45c362b3e12777f4346da5da1bf93e9722d37f6690969f985323ab89e3427db3d3483c3d6b3dd9bccc7e55f740890d6761fc4a79570c64255c

Download Submit