cecc051a6568f2e60daa72a70d81b69c0e929f11503f28904b3204ecd38a7111

Resubmissions

20/04/2025, 09:15

250420-k8b7mstlz9 10

20/04/2025, 09:09

250420-k4v4ystlt6 4

Analysis

max time kernel
0s
max time network
295s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
20/04/2025, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

data/cacert/LICENSE.url
Size

73B
MD5

d4eeff46fd41c739e4653431fe2511c1
SHA1

f0e013b1593394cf7bb0bc770a7cfc9b2ff95aba
SHA256

b9954f88a27e8457cefcebd076fa533d037711383f6b28ae489d063ef8c61f79
SHA512

c0d809e8e561f19a9629931cda0bd8be8c8b919d6926fd63b50512919637a9ee676369d546744f5d1d7aade58dac8f55d23e2421dd24f255ec033ca3f5b001a6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6136 wrote to memory of 4308	6136	rundll32.exe	78
PID 6136 wrote to memory of 4308	6136	rundll32.exe	78
PID 4308 wrote to memory of 704	4308	msedge.exe	81
PID 4308 wrote to memory of 704	4308	msedge.exe	81
PID 4308 wrote to memory of 396	4308	msedge.exe	82
PID 4308 wrote to memory of 396	4308	msedge.exe	82
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 6112	4308	msedge.exe	83
PID 4308 wrote to memory of 2320	4308	msedge.exe	84
PID 4308 wrote to memory of 2320	4308	msedge.exe	84
PID 4308 wrote to memory of 2320	4308	msedge.exe	84
PID 4308 wrote to memory of 2320	4308	msedge.exe	84
PID 4308 wrote to memory of 2320	4308	msedge.exe	84
PID 4308 wrote to memory of 2320	4308	msedge.exe	84
PID 4308 wrote to memory of 2320	4308	msedge.exe	84

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\data\cacert\LICENSE.url
1⤵
- Suspicious use of WriteProcessMemory
PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mozilla.org/media/MPL/2.0/index.txt
  2⤵
  - Enumerates system info in registry
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x2f4,0x7fffcedbf208,0x7fffcedbf214,0x7fffcedbf220
    3⤵
    PID:704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:11
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:2
    3⤵
    PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2520,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=2664 /prefetch:13
    3⤵
    PID:2320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3400,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:3328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3416,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1
    3⤵
    PID:3680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:14
    3⤵
    PID:3936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4648,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:14
    3⤵
    PID:2764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:14
    3⤵
    PID:5284
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:14
    3⤵
    PID:4452
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:14
    3⤵
    PID:6060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5716,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:14
    3⤵
    PID:240
  - - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
      cookie_exporter.exe --cookie-json=1148
      4⤵
      PID:5288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5648 /prefetch:14
    3⤵
    PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6060,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:14
    3⤵
    PID:1152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5908,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=6112 /prefetch:14
    3⤵
    PID:4092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4968,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:14
    3⤵
    PID:1488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5064 /prefetch:14
    3⤵
    PID:460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5056,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:14
    3⤵
    PID:5132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4740,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:10
    3⤵
    PID:4844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5724 /prefetch:14
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5608,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:14
    3⤵
    PID:2816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5300,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:14
    3⤵
    PID:1652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6044,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:14
    3⤵
    PID:5684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5164,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:14
    3⤵
    PID:4840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4880,i,16666085932737513792,18296606802959671107,262144 --variations-seed-version --mojo-platform-channel-handle=4728 /prefetch:14
    3⤵
    PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5376

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
27d02a9170feb143c10bced3f0c7ad50

SHA1
0e807524dd428900bf3c6b91190740adb8e7e660

SHA256
f7b57a37dd1bf12371382fb12cd8f0ebb8cbc86323a10903d62014195e3142dc

SHA512
80723887c4cd5aa3847d68d3bbbfbaa29e1858ee08bfa2c51369c31e44eee1b627a2ae8cb1f2a5ce75a5a91d7ddfe4ce8f3dcc5da818e4f2dcbc2f746bbe9589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
06f664c3c6b6e744605044624edef532

SHA1
feb5dcd83c97d28fe0182b2fa92407d6d742c6e3

SHA256
f862d0a0fbe20b57f71005ad956b2404f5fc79cd8b69ea1f6a365c70fa39c3c2

SHA512
8176a393287ec4fbd8d042d4b64a9ea1059d6372fa1a39aac0ed99f05d5690f8865d46b7db20d2c036fcc07d4c78062273e51560d83bb49ad745d321897d8844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb45f1791b3697923a5220e0d36f23c9

SHA1
1552067cebc6f54ffe17c504cbfa26f9167058c3

SHA256
b28928198b3d644001c9c58ff6b77d060ed22e63b714a70c811601aedf6bc6fa

SHA512
70588029b73a010f10911bcf928bf111634cd443e3a734c8a08df05221c246fa0ca3a3fb801dd9fc6ca2184d19126a0ca86028a6b178b3588d718adfe9905105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\e814eb87-3747-4129-b1eb-b6165d96b4b8.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
514596d8ada02237e5a6aa5454eee0a1

SHA1
1f41adeee35fc7f8ac946e346b4aee08fdeff5a5

SHA256
53036ddd685b66d124b2b7a7826c5da23f574d588d019df95a8d24ab3373c40a

SHA512
07ad3b748cdf560cb92ddf62074e7d9ae47887881bcdc9259aa775e9503973bb16eb2225508d44762197a912a4b669f0626270848518fbbc5cc81813b40c3f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
2bec5e1299d6ebdad08f546d70fe7e11

SHA1
abb980a283a511153e4423076e53d5b28650eb67

SHA256
a8c12033d579821f23aaddd6da58a4fedc98a85201539a4b70abbb573926af9c

SHA512
cbbca2f51704c1c1c8c3ba1cf6e526737f43d75c20b605a2bc359c5a03a437bf0b3fbbe8318778bf9c98a4d270c4e3f856da987e531eef0182116d81cbbb9b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
819d48c398c6bf9b63ddde12e2b3671c

SHA1
e0a287ea7b0c84ccd01c6c9fa011e3d2a7cc47b9

SHA256
832fd430651606f5082abff29bf08e91efb0ecb3f3747849c32f0f6cafaa1ce2

SHA512
ae1b51b9617987e5eccffe77eecfc54c6c0b296c91f097eee44544f128177b7298936dfc6e7171d5da77e5317f520475469c75ab546184c0a637b353fbb3fe17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
e44b2ae58b4fb7798cb9dcb81c43886d

SHA1
10f3915fc522ba97b4474d2948d8af849efe1973

SHA256
edb3f3d6528244b2759805ec4c059e8d27c0e497e6573cf80ae1bb27e3e3f2ed

SHA512
d34abfdc5a292b9d48b11520a0503ca1621388914f7d96d359e4d9a0c569b578ccb421168899278d5b4b0c3712f53baed468e2e5fe2dd55c6727ac24744b1500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cf33c14f-ee8b-4c88-8f35-0942f525877c.tmp

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
4f6588b5d43d91d5a079a73a5b6b6f89

SHA1
acb3964220711feb3048003c992e48992dc08ef0

SHA256
5ee5192d9dc432116134703ce280d861fe593935546e45b5a247530b6bd8fcf1

SHA512
16323dc7cbc6da4a577085a5525c421c6f5c00580e3f78adffb367749371d1b7a60a7bd580bcc8d80c1c80e6743f1b114fb074046e81d32a3b75157b5a2a6dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
5b4a02b11e7481d47f106f0b0392d1de

SHA1
c63f1fd066c9c88689b101ac584405be6243d0f5

SHA256
d1124a80031b88150688c213e58819bc61a21ff29516ee32839c57a80220ca96

SHA512
c1635d617b922be3a2723ab7395e047231eec6e76b3ab0015b0fbe6697132ef626e5507e21367a89a95488424c1e4fddb08839d014200a663faaa18c6800eff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
670a3c7b663e728e21358f009c8176b6

SHA1
cda61833da6f634812bb052d34becc58d5e6dcd4

SHA256
de57c41d72d799c98fc58aca0155a23744e13fbe7bea7c595bd51a8320bf4bca

SHA512
4e512253189ae3a3a232fcc2768130b2a49a69d1d09f38b6fe9590462cbc11e3216e43a462a5467cb43f7ea5e907b7b121e085c4ff9c3a5b2361f4b60d23c10b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.39.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
1db0c159a8afc8073ed9f0a83f782ae8

SHA1
0874d03928cc347db7f5c7720fa6c23321671fb7

SHA256
f7ee28dee8d78ac7456a683cbc673e8b3b57bc9a1ba37c0d6d5d4332a7534d93

SHA512
4fda31e15918efa31ebbd69965e3fa1702daf6b1995af2c010a63e55030ee2f3affb4c45ea6275b7d4c35c0e61bdfbd3051872f392725394489b4c43e8cb3bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b36e76dd7b3125960d701942f63558a1

SHA1
20f893d066bc5fceba4d3aff99e7aa5e55af8457

SHA256
fff40682c9f76e64497f523590b315238c5a4ed3e15a0026083253673f3a1fe1

SHA512
d234f81e8b6d28baeff2e636b703c711e374425548613eed098f32676920c20e8329118607c7c734d56d72cf267bde92452b71073d9ba98dbd3789353ada6204

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
8360fb9df69e5f13fe2f8b40be01d983

SHA1
f728f86d8f2093ab4c2df12af4f40f0c39a64317

SHA256
a2964b00a8a91626b35a09bcc86d5bff4099db68eb45879b8e714a10be05e038

SHA512
46e906cae1f108eb3b95a3b8c9931c7201430dbaa52c50a0cffa33bab23e261ed1f3f7a5694407375a34501ed173688927c093a148dd75afdf1c1283d33b7336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
f26f0adae4928909f58dde1ea39208ca

SHA1
f809289f0cc2d59d6c3fb856f3540fefdcf45d1c

SHA256
a17970d27a225033279c1b45a8a2b63f1939e14ac96131a14562426613c920af

SHA512
e179174b1785e934fed68a38eecbcded80634f8d063c2c9a7bf24532e08d6374f06c443fcb0f4b036f84d09f81b6aee855f2a165cb32c6f90a7579810df86f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
2bdc833a0a9961bb3497a93d6ef6141d

SHA1
740051c3befb827f78d826df068bd7ecd8eafb50

SHA256
97b1795e36bd505b467fb134e3eb38510eea4e23b6c348c83ee0fe2be002aeec

SHA512
10cc9f7bfbdaca02bd56d90f5abcd661c88b8c0743eee4a80a62389a0f1a1a3c54c9eea233706533a44129ed433889f4316c05bf9fc4d40bdd866f423721f5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.76\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.4.20.1\typosquatting_list.pb

Filesize
623KB

MD5
488a70b7d4621e059e32d395221223aa

SHA1
774b5a2124f5c3d8d210020dc53e5033b04a5f76

SHA256
8c87afec8dba2f1a072c3fbecc7fa8fb81e93a64639bf9c00e24b4bb712b57a6

SHA512
bab1b4716e5faf0054cc93a969d1a79e6ee9d11d054d102afa0ba564142f444cbe9508aa013f118b701e4ca5283b0ef5a3a4859a67709a441bcbb8b25e78ca09

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_1586077648\manifest.json

Filesize
116B

MD5
d20acf8558cf23f01769cf4aa61237e0

SHA1
c4b21384309b0ff177d9cd3aa4198ab327eb2993

SHA256
3493b321a7fc5e183ed6f223ae55ce962541717d0b332d16bdc7cbcadf7e6f78

SHA512
73d082cbd71f6d0f06c7afc1bf63ee41c9a8e501df3e56f21a551b2d369a0afc8306894c8e0a38d0324e2ac403ec506ac1ecd8e9b61a9cb27134a229ccb13725

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_170336047\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_170336047\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_1867209641\manifest.json

Filesize
145B

MD5
207f8230e8e90b79c9a957fcecb35037

SHA1
838fd6a9aa7ac1083a1b0cdaa29ed39e7e593a51

SHA256
fcd7d9808d01ba6f20fef9d34aa6dfaed249bfedf85cf12ce8299d58df3250a1

SHA512
8cf890bcb56d20f45a91b6d46940f7a5cf98307cd80ca05561704a2965f2984634dfd3a07d3aac089cbb2c8fafdf74b8152fc1f6c1404fe338c5eac4efa5f5f2

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_19935154\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_415779168\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_454690112\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_454690112\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_454690112\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_454690112\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4308_546965105\manifest.json

Filesize
118B

MD5
78b473ee6bb38cbb39886624887efe63

SHA1
d40fe3eba931ed08c8a68907ba20773a9987b3ce

SHA256
3a4a45d0995fcb759016fd1d875e1fc913a14236e8f7d3ae31930ee3f0477329

SHA512
92d03db5c60d0a805c896865e245e25ca43675677237e2dc38e82336cd3ac239e0dd878046d5bbfa50ec3206392857ac3305d64da6d1605e22b76a4f3e69ad18

Download Submit