hxxps://shorturl[.]asia/WpyNX

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.asia/WpyNX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4472	msedge.exe
4472	msedge.exe
5088	msedge.exe
5088	msedge.exe
2096	identity_helper.exe
2096	identity_helper.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe
5088	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5088 wrote to memory of 4816	5088	msedge.exe	86
PID 5088 wrote to memory of 4816	5088	msedge.exe	86
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 2156	5088	msedge.exe	87
PID 5088 wrote to memory of 4472	5088	msedge.exe	88
PID 5088 wrote to memory of 4472	5088	msedge.exe	88
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89
PID 5088 wrote to memory of 5108	5088	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shorturl.asia/WpyNX
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffd566546f8,0x7ffd56654708,0x7ffd56654718
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2042965358469139756,18159616655091256041,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3584 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
010f6dd77f14afcb78185650052a120d

SHA1
76139f0141fa930b6460f3ca6f00671b4627dc98

SHA256
80321891fd7f7c02dd4be4e5be09f8e57d49e076c750f8deb300be8f600de2d7

SHA512
6e6c9e348e948b946cfb97478698423e1272c4417bc8540e5daa64858e28be8fda5baf28538aee849f8bb409c17a51c60e48a3f1793e3a86cb27edeb32aa30a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f09c5037ff47e75546f2997642cac037

SHA1
63d599921be61b598ef4605a837bb8422222bef2

SHA256
ba61197fff5ed487084790b869045ab41830bdf6db815503e8e064dd4e4df662

SHA512
280bff6eac4b2b4fe515696223f61531f6b507c4c863ad9eef5ab0b1d65d264eba74fb7c9314b6920922142b8ab7605792211fca11a9a9ef0fc2ae995bf4f473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
93b20d5b6e8a9e64d2e0fd508b5af166

SHA1
6cf22c82bde711d890e57e83e857b4f5594a0808

SHA256
e2ec10bf4699e76f22a70d4eb7004852881d922698b390e8412018a04ea7a901

SHA512
5717decdbf95551d246c060ac7d7309ad7b57203ad0f11459e66e35c50cc6625e8daba4096e201d5df5286e557cc69648fe68d6d1683feb94f129be0c33a2ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.r.oblox.com.co_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.r.oblox.com.co_0.indexeddb.leveldb\LOG.old

Filesize
400B

MD5
ce890743dbc79e3bc42a596395871d9e

SHA1
6d308c43299a4254cb8adbec61eeab00f55e62f3

SHA256
ede04fcb13b68d41288ad80b82f55cf40816a6044da8ee2a35d9a5aef9758db3

SHA512
6ac45a4802197839931cd53063b98a51f3dd61c2db3ee402291679737abe83413b023bdfa287c588f9fe938d504478fa509a97c095d284ee4204a9e1318e57e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.r.oblox.com.co_0.indexeddb.leveldb\LOG.old~RFe5a1917.TMP

Filesize
679B

MD5
e10b6436880dab87953b586abb9b4eda

SHA1
2b508c8ae591daa50ddf70f7f59a1388f8b459bc

SHA256
8eb088c1b19280e02b0e75245648a907ff018af9ae7080ab4e448c5283e02213

SHA512
adde9a53ca06b581f1967126348aae07fe9f7a11633d87a4d332658ca3befa8c45a796c082b1fb876b46cacadac6cd04ce6ef34f77a56db902d3c6b09901842c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.r.oblox.com.co_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
0b780485ec39f0e8be6941b842efaade

SHA1
0319bb757b29c03196c83b52e326b5c7e50e45fe

SHA256
cd5ef67225260d9c4de4156a06673117c5f0ba0d1ffb37531947ade7bdf1d4da

SHA512
57fcc51d3d6a422a8c862e46d572694d2cf1f386362f7f8b0c7454b3c50056d7c2c39c0b35cf3701ed2470537fe653e0a79e69a04bf5dd7cba4b359ac06867e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3006af9d6465d35a019d7d84df1211be

SHA1
aa7295c67f525d870d75edcc05a6951b8088c3b5

SHA256
3870ab162fe5b12591d127e6c9f5a7605911fa00a6c0cba85160118411e2255f

SHA512
87d71e3a5a9f3c4b8e2eedd375eb443d0c976533119e15a4908b93f94dfb8445931a30d5271ef4386c12140fe717679514d332b130a2164f6a92742d498aba06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e15e4e7b6a7805bcea98731335b26e6

SHA1
c5f0bd65325c829eb5e41e9af070e3ee46027b0b

SHA256
16146e45ce7e6c0069b5a259113b91d75f65d193fc2d66df847695a1be2d37e6

SHA512
6cb1f81b1bf3c12caa22c8db6927bad3fc8bd1cc78df5fcc794de9ffce8b1527acea6792abc4366ea4971b0d540970fcd09be487fe29d334b1929357fd657ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7c5c84048261d40806631535c18576d

SHA1
26a10ece419b1c7883bfc48ba5acd82352b8bdef

SHA256
dae94b8a907a8a5f35cd6d980d4a80e3c96e2ae739dd6579c56ed5b5e1422ee0

SHA512
0b4ad9ea6f4b009315313cf3adb291f98922d2bd8a4da0cadb5cc40efa39ec9466ec2f18cb501f216412186f753049d6b2b5d23be64376818c53a5620e2f45e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4826c418ac34981ff6910520d213958c

SHA1
97da0063d150147556eea94e0b0757264a9e5527

SHA256
048369ee4c39d96833c23e6cc6d7e3e04e8fde034c5d32cf7b03567992ae872b

SHA512
c921ea2b6e67061f0a5ef18d2d6a6de131467c0876f6e917e38e0eea599e78ff193d7d96e9c889ed695026a0293f7646d4438bcc58cdd3e7a9f26ad71e02c91d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
e0b0c1154ef3522a5443ff5f53697da8

SHA1
36181a091b9ace175aa73037affbb8aafe9c2258

SHA256
5e25891074182850a6b522eab3715ad67f43bd6fe4b0fb5c2dbca0aefe4b7da5

SHA512
737a59327f9400ecf48003208f3231bc85fe9ff0fd4bbe07e185b2069c984e06cd03aff869b479f1d9292fc828468bd5fa8b9f58fb1e24b9fcb3fdc6ca9b5b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe585918.TMP

Filesize
48B

MD5
374bf2e877c662423a29f4983e69afa7

SHA1
bb55644c3e7313b4227caf4793e4da60da63af11

SHA256
3ee3336f1f290b5efe24f72479cb54f884914a3b81417831f8b7320dc4372f6f

SHA512
6e4546dcd5ce44587c10bfd1a5cb3261543a7960acf21d884431ba62bd19f21f16b321760b2c40924c704ab58048ac92c92f2f3e46e021ae737df1bf0805efd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
804268d74c2fac3f715be1e7dc2bd8cd

SHA1
46e0534d0d60b1ac83a17ee18d53e0f18a5b53c6

SHA256
d1e8424a084c06ffe50ab4d20e9531d65025fc883a6887524cff169bf73ab08b

SHA512
1ef1517a9f5913eb9459481ed1f2cbae6e571d711b687ba395247954b0ff6d148017fe6c5827ea6caaddb53d655f91a6ca73960e590d5ce13753f19d2087176c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0b23e9bbcdd948f49855f6d8cb2261b0

SHA1
99905a83fe8d8a220799df1cd25821f7f3421895

SHA256
1370fb3caa18fb1d9f00496ba8a34faa24429f4338e473808aceea4ad4ee3259

SHA512
0b370c07ab015b7b1b61be817c100d92cad7dda7ce752b7878700c36f925cbe8f7a8000fbcc2ea030d4f1911fa5f92f2e160fba9c547d6ab8e8c3af472f593e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1df88b6e769a83caeb882f3ffeef1f85

SHA1
979e04d0e94e3317ad08d7777519ec139a2a22be

SHA256
53b62b2efe4c9c098f5901a2ff9f9cb871e2e0c7d7c944b47c74fd4c9a707a75

SHA512
53816d5c30d0c1d04c63200d1a9d0ce16592872bff78f15ec2e1597318bc1a20c4d8b6ec36da01609086c741ccdb48f28f9942ce456468a6d15f74108880320b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39d83349bb12f8dcf6acf1408b949204

SHA1
42dd0bb45c692242a18a09b7e8c30cc6db2e861d

SHA256
226df2ca9459b09fefd925ea0da5101b27d4f67dffc965dad26f59ba8419a345

SHA512
52b2bc9c498be589bb89dad42cd454e34ccb31e2cf6f81c2e881b1ef9b825da95e8cad64f445a95c6380c21094066577069286b9782462adee4c690f82b5f22c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ce4b8e082d027f22b0471006b2c62234

SHA1
0fcd5f0eb3d6ddbb1712ce9002662e75c2c9e79d

SHA256
fd8d2fe3c419c108ab88efc988ee3ba71ccce34ecc97da4c4feee1d3a04dc670

SHA512
c982564664d84f1c68553ec26e243610185c0e6ac1d55c3eda1f7630ccd707e803226b0c605bead2283d1c61898acdab21cbbb6bd53c393e7a3d59cbac1e0a19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4df42dc441ea1934fc7476557ddd1d0

SHA1
96f2c09d8b8bc7c6df1e9980bfaf435b832eed5a

SHA256
12a5997d6c4b851221ec658b2a925c615793e2b368c4a0c197380f344b2e038d

SHA512
b120a2191b1b37e85211f698b6527653739419261e4887433758531818097979d6531b269be65dfd724ec3f076468b5483928f744c5abb951265cc4c7fe9f445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585176.TMP

Filesize
1KB

MD5
af34f9c9d87532c11bb850c1a564ce9c

SHA1
7f10bd17ccacf5b394b2ef02359b03dd9f4d1bd3

SHA256
ffbbd9956a264de84560c9e60daae3b8a0c9fa87b8dbc8a15769abf9d8df1614

SHA512
d96fe3fb328e75b4ca50ff0690781ad8f34a278928cb37b7b0edf8eedb2b4f0746d78a6e5439cf50be9c4ffbb67305957306120b96241a282350815b602082a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c46f3e0fbe0b0c7c5a8ebdca796b7d69

SHA1
48231090ddcd732bb1ae83f9eac8d8faa3c5d299

SHA256
0f38c12f82200272b1c13844d88262d7b5701b691e2b9a5216525830760700fe

SHA512
1c1dafc73addb526461e83677f4a59001493f12e15a9b88cd859b51af0d9b9398d6e81af3e28c53285cf8bccb79f24099cea6ff93f35402840ab390ee73b19ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit