hxxps://currnt[.]com/donotcontact?p=4051575&email=paulaa@sol-group[.]com&pc=55836

Analysis

max time kernel
146s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2023, 10:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://currnt.com/donotcontact?p=4051575&[email protected]&pc=55836

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4616	msedge.exe
4616	msedge.exe
544	msedge.exe
544	msedge.exe
816	identity_helper.exe
816	identity_helper.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1060	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1060	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 4780	544	msedge.exe	13
PID 544 wrote to memory of 4780	544	msedge.exe	13
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4596	544	msedge.exe	87
PID 544 wrote to memory of 4616	544	msedge.exe	86
PID 544 wrote to memory of 4616	544	msedge.exe	86
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88
PID 544 wrote to memory of 3760	544	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://currnt.com/donotcontact?p=4051575&[email protected]&pc=55836
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffacdb246f8,0x7ffacdb24708,0x7ffacdb24718
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  PID:492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,1143475389135439658,2164487961991293221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5268 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x31c 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7ad9bb1054aa03e39b3554833d0c3ec

SHA1
cbd5b99ca100bc2f1292df23bf8e2a5a6f9640d9

SHA256
0c3eae39386b4117ad26187afc4933e254468cd12d813271f4b7420cee73c189

SHA512
d1d0b77e0bc412b4ee687e849531a7c9b70200d45d0bdbf38357b6fc59af835522e749b2fd8c2d4cde73518970568c38d73416c97381a11cc6029c14b1678276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
26KB

MD5
4fbd15cb6047af93373f4f895639c8bf

SHA1
12d6861075de8e293265ff6ff03b1f3adcb44c76

SHA256
ddd92f10ad162c7449eff0acaf40598c05b1111739587edb75e5326b6697c5d5

SHA512
f8be32cba15170319b5c9f663c6f0c4ffdd4083cf047d80f7b214d302b489eca25fbee66ddb9366d758a7598efc9b9a886b02c9f751ae71f207cb9db1356243a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
114KB

MD5
2dd437e95307c1047aa7d22ff652a8a6

SHA1
3127bb18e02a7fdf39cb5715789150c2ab4bb21c

SHA256
0da30459d7956602153d2e2561aebf3d0529ece750a6faf0e0d8ea4ddd0fdbe4

SHA512
39ebf339000f6a0c548f5a9cf2c9ed749a993c34236a9ba818eedc4daa9c2c520513d247d1e77e1eb20da01557c4971cc36de88cd997364e47eeddb78f63812a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
51KB

MD5
3ca10a216869a4153a63ccbe6ba52e10

SHA1
38972708ab96cb0418ddcb70de1542b8edd4dc89

SHA256
d85b82b2064f690dd7aa6fbd7b93304e8610f9f07e78312d4c36d4820f43f702

SHA512
5d2a517de95d68503c09576de4d4cf1669e800287e7d801008d40fd0b181e0836bc629de81900378ccd36fa7c9aaf76bde23be303e50aa8a5e2f520145641526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
18KB

MD5
378f04c96a9a709f6d0ddb4861ae97dd

SHA1
be6c923fef062575d5703f931d11cd57e1cf87e9

SHA256
dce1b55d31036d2a15b9c89383b235b39ca79637c31f14561ae15f3567349fc1

SHA512
d4d7ffdb3ed3d597065a6572c82bbd8b40a3a79a435f9766d2ff83fb1b88366948eac00c856f80058745c493e7817fd2374ddb40646c1f2d6c049d5ab752a604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
16KB

MD5
611a59e53bd35dbbaea1fdd1277fd554

SHA1
468694dabbca8ed9b3bbe613af36ea4989a4aa9a

SHA256
5bb153b5d2ef04ddce79f9cd2a4f65e78ad8f78167f38c5cd7342cd10afcd03e

SHA512
60ce0b98fac8fa7f4d0ed42581876ea1fc89a453cf855714f387126f04b2b5305d5f4c4065c5655f9c1a9d5e4922b00c26f5685b8c76588cdc2ced968f8a4082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
81KB

MD5
587c737741e4be5eb090a0e43e49cb6a

SHA1
e395e4e6f2c51dec05e17f460d9fab73b90ddccf

SHA256
a866608fe98d6f69cca4f057f82dd5000aed1240901ba88da93765600b4e0944

SHA512
e707611666c8b40d696217b9369c7fbdfa070eeb0297d5a877d36dccd7fcaa764498961b5498264f527c2e24fddae57e4e4a738f94d6763df0c8d45dcc0f22b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
186KB

MD5
6a8a5417c9fc72474184524eacf71803

SHA1
b053fdfcb347f349a144e1a8e63b8a8360cd3ddb

SHA256
422a6fa57580e550dd59ac5afaa1e0308790dfa04a5869b91ef8d287e096b935

SHA512
1c4bb94e78a7f2ebdb8f1d01c0d535a1081aeeb5e376a10fc39a7193bdc72dfbfbde6b47837ad5aa17488555224a109191736b88a61ab74f7c7405cf3aff63e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
194KB

MD5
cd6468ef274efd6523f4a88f1b419a30

SHA1
8a73b2bd0683913e958bf0b105dd6af4df66de8d

SHA256
9ee71b1d4a85227fa6f46edb71b5629ef162c15695d0661167d1e8a17a4e485f

SHA512
5bf04a530d625768eaa8732b9a47a4dd05d644306594cd56615044cf0d088d6657d9d91e445b26a96f8ba76704dbaee50959eb3436d1e30d7bc0b0c7d3980754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
45KB

MD5
ee52c2cc5bef6dc297115de1537d0872

SHA1
51bf395017d5cd1a68a43f97ff491f1dfc6681b2

SHA256
794b717f912bcc60bb4db2bb3b0df012fbb9439a98fe35dd8a1d7df7de72a6ef

SHA512
7d635115b7d5bbea17c32e53b58cdd5cc0ed1483edb52fdc3a524226db7e99a8ac7298caade62bfb2be825c97a3afa62ece4f72709cdecc9c6b954bf793d500e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
26KB

MD5
c953cd9f2e6b4e2c1debc5720efaba14

SHA1
935da9e8680172a38e64ca4585fc35901542fb2f

SHA256
249b5b26132a31d856f2c43a2900db5f317c9486fa1cf9d179036e1a3078e9b9

SHA512
a27b323e9085f7efe04ccac1da0aabd46d59cd4b2cb2b26c15e6ec378a5e0eb2cbe524c63bb047a52d4b32376c1d3a46140ad7fbfef26d6a5c8ae49782b1219b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
32KB

MD5
3b883a842699326e4f32a96155697fae

SHA1
c267048710cdbf2a27d813c1cd543500d13062fc

SHA256
b9d26420b9f92c093bbc37363a1981ad9254fbb92ad7a4fcb2a7a7b717854c2a

SHA512
44d550d7862cab4cb374138c112c862b5866a797f29764cbddd23cc9ef2092dbbde001eb64c560a1e40bd6a5560cd5ffc010424a21f580a308e5f906a16da244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
32KB

MD5
2d997d1d36e42864beded4be6afc1ed5

SHA1
ca2491fe2c4eefda14c6fbf1aa3a5b5812eeba39

SHA256
42d45036f271af9e9947db55ee7120309f1dca7c3925bffb200998517dd47f8e

SHA512
dc2161597125138d9656ff480cdf7a06a47d9eb3a1388b73ea644cc33eed66933d6b341e55b0d3db9844d89f1ee152effe87da609ff5e3cc19c538bd33f400a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
19KB

MD5
204338681a324b51aadd6f028c1f56c5

SHA1
ebdd4d2e06f85fa1d5368293adb7b2a25e224799

SHA256
8b18456e9ca9f9d7b388eeca9c27df9c42e9c0a03ca6a033734fbd3cd44084e9

SHA512
4e75acf14bb8978a8167f52e7d9c1aaf4d28174754fab76a996e1bdc5ce90527f0e20b80198742100fb0074267f3d8d885bc1ba71f302db8c00aed8f31e8a941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
24KB

MD5
a69aa970266649e0b08c2cb4bc166568

SHA1
d9314a52085a2bb6d284421bb18a4c546ecb73d4

SHA256
ad32b1248207ba91fb945a37d38e7c9deafcba849245872203482db42930d491

SHA512
8315a8c3c328eaaea92dad571ff09c1fc2728920c4b62c0957bf04f83f903f41156ac16cf30297ab5e86f022c3e022764a7a271ebe0b9bfc98d9f488dbe71b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
48KB

MD5
9dc744074c244735a570f5af39a48ca8

SHA1
c91e262e0cba02989827a1fd7af9cf731e67b0e6

SHA256
7c98af303ba4b63c1ef57c8b0cc80c6498edc16590fe059bf37ac5dd51f219f7

SHA512
fbf613f6d0bdb944b7b936bc42a8feebaea34fdd6b2215f984d3c528f01ca7f655784c07a60cbd893ae2599667276650c50e1dd3ebb948f3267717663b7edfa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
225KB

MD5
d9779d94be44fddcc51dac40fc4c22cc

SHA1
ee0e2e3473985c38bd50cff9a4e386d07ce77e2b

SHA256
1b1153c4f4bacfa0b3eab4f009b2d598f973685199f7d11ec6ed6a14fae59dca

SHA512
346d767294bb4d28a6ddbfaf9cf3a13d7c8b0c7fe2b3a94e52ad49a1f7efa408444a505285878ee5fcd704756b33c06b47e04a5812c7d243ad4b2a2c70dd20b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5d005603f7433e13eb4b25f3bcf67786

SHA1
63212da5531e1af081732f64d67a7bc6d7851c40

SHA256
982bd7de8b7caa43d9a29d74c856aca55839c3ef259c54d118add0d6627ff2af

SHA512
48cd552673b4069c0faa7d7600408bc11fbe620dd9535f193b57e9764fe6075d1c61064ba799626bac425f648238e6a8256ea87f538c2cc0aacd9e25ac8d548d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
df3e3ff4ffdfaaf4b6e5af6526de118a

SHA1
beea19d9d1c0e46ad74d6c8b24851630e279920d

SHA256
d84fc183f1c9f3921b311a6a0776644681a0ba290cb632941cbb2e61a5bda53b

SHA512
c5c7292dda771c2f42410717b8c0b384cef28091aa30a3a4f73c49cd354f386ea21b5eac2b40737cb92b0036127a1696c79f5c565471aa193682e56a7921ed49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3c9ed5e97cb4399d891825806ed38d4b

SHA1
8cd92b1847ebcfdea4844f5ba08a71824d53eb77

SHA256
c3b049b46abd9c62d0266f90baabf919cca20029c2c844a4eb0688fd47c0f5ae

SHA512
08312cffd59826c9f3ba3ffd40aeec0c71e1ab84cd5607c61b761e6051c43522c01768326dac8594cbbddeabbed18e83d8e6b9eb6c97ad360bf027520a640804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7cc78dc8717546b687df16b716418363

SHA1
774e812722a2f0a8a000c74ecdeaf49a0daaae10

SHA256
acb52d38cc82fff4bbb6d1eb96157fa50499f770358552bbefdfdeccd06d2202

SHA512
91f29ab23006bedbc67b3232bd7214edc42f2f9ef3834ce816ebffdff5a6623c6644d2e87345eb8a08849783d0890b8f52242a0ce7f3cd35d4abb37637d96e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e0fee18d2cb3f000fe8ccd645a119144

SHA1
362d265d553de8da10c922d4512e503192c91cb7

SHA256
b604e7699f3655aba582dc1c48d767fd51f0ac36836fe5301efa340210ab133e

SHA512
4255d7b0006d723c5bfb473dc6c9b17468a6d4cb7d984ce67b84e11cb03463db00e99c82c7af626e34babc6194bd48737afc5b98a33a5a3afa01688998b70446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
152589e956b7ed32fa04af05d010497b

SHA1
56d138644b6701e1cc3a46980807bc7bdb0a170f

SHA256
e4c7e0ec971a9f363158ac2ae7ca68eb1745f309f1c146e452d2cd708f4aca73

SHA512
4a2d5d402bd6c24579d1b0b52ca86fdaae312644e99c5ef698316c243fb9fd3edb9a1d5c4b6422e6c031239c5cb4b680392c88bd996971c9e25d58e5783e7a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e686ca9d4e018b60804e1d3bb7796af6

SHA1
5aca600e7a6e533e17e8418abc46059eeaafbb58

SHA256
f42250761a5efa55c30d06499f7aa938f252062202c426a0fbe1f75adcc1e8de

SHA512
cb41fe5c6f659b4142070dade2e99284750d8114fa8f059140865f758ff03023432f1c8648a48e82186b7741a81b810a133ce4fdd5ba13a40689e4406429f726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ad963ed0e11f17c8295be3a1a5eea06d

SHA1
ba33415221be01b8ae2facda0a58f56ff7c88f0c

SHA256
1acb5f35f2cb6f6bca796a905424d2490de6e81a41916ea5b3b6940924f301bc

SHA512
780d4e156c30e0cf8a722a0a9d517f5b4c8c22b34fcfc0bdf4af3a74b75efb7415bf6d4de1b681ba4637e1e7fc9cc712b4589e682e9d00f873a7b43578ba7361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e62cc4051e1f8eaa0abda5d730a2496b

SHA1
d15346e40b196bc313cbfe5ac96b3c90b83345be

SHA256
ffb5b740b8777d010f0d32a120092084c3cd32eaceb937188d698ddc22df2fcb

SHA512
3e8f6d89c7c153177b2149d86cd8602ceafedf66f5335a86b19dfa46fc38c47f6ff9a272c3b71b4464a5921ebdf2461fba25692ca916b9715bac520bf1e81a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
93fbbdec697fe5a62565478fd811f0e2

SHA1
08599a014b1b12be346b537b5544a401834c2e0e

SHA256
81348ef186c13f843935497785f83f1e471e8c28b64172ca6128e2c0feda5994

SHA512
fc30b624ac0d0ccf82c74c2f0580c828a4c66bc82d210619929bdd8b57c9f52d47adc492706f494313b1af7eb38cc0a2eec45ae4200c1bc498334b9dd3a7f40a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
81455fa45b330052709a073c838b39d9

SHA1
221ffffe85919a96ade86d90c44f450004d08a03

SHA256
d9e408223fcbb983487bd67cd3da6487c834e74ff08745a334eb80de6eaad8ab

SHA512
cc4ed8a14d7ce9001a47ed4b5a89355368893b9cf96b9dd14a7d597b94dacf185c684dacbf2b0b47e7a6b8bfd7acc62d2dd002dfbf9dca350ecc26dcdc12b3c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8b995782ac6108860f123a0405691490

SHA1
bbe1dfed3fa53a80098717a2f4c2d3a63e0306d7

SHA256
25dc5b2244d4e3fc14d0cc41c56dd75a538c51c514be8334c14f51137299f8d9

SHA512
bd5beda4dc4c1e02d43ef57a815b31dadbb84e404ca42f21af042c67a6f6cea3bc894ad89a6ff41f4ae7f4f2a681732bdddaa3fe4534eb7af355d4986cb9cb69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c55e5da540e1b41908fed9f2fc586296

SHA1
8fa28f569b19818ba4a722bab5655cec8ed9c3b8

SHA256
c10d89521bbe6e461fe1f406989a3e773b4209cd49b209b4449cfa24b4f90c83

SHA512
2a90fe44e9fc26c53b26d259bec850e4de5987151fd8490065a5963a7aaa645a9dea6c982bbe019ab835ceb542f40b4a000ae2216fa3456f02dc254e5c558906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
385878aad519afa6766a12c33ab7773f

SHA1
52df54363b213b314f730c7ffbc320a4682ecb62

SHA256
ffee787f1ea9c67546fbcb38752389f312931a48c6ffb40d6a70cb4543b97e17

SHA512
be466f076d647375195645d7f35fecafc52aedacd1baa6d15468dea1aa73ce74ae581cb2def8328df579ee77eea1e70b656de3f54adbca7318fd45620002d3af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
45b67e5ff408a76d2c2b4b3683700277

SHA1
d46808150984c81b79b8c254332e5ccf48a5ecc7

SHA256
a320959aa940b14cc8da3f55b5443a49204afe568ac905d2494dbe819e1700ea

SHA512
3181f7c1ca4509e52c076816ea79c9c8df527bd8fe348199c21b4061f06cc8b2acdc055986980d000be6b61f00eecaaaf91c5d5a6f4f0f76a92819a46bc36045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d08e.TMP

Filesize
1KB

MD5
fd7cbdd4d89bb32ddc610c291c0ee78f

SHA1
0d4ff95728383e97dfefbc97439efe4f9144f781

SHA256
fcc4ffbe8798217fd2498436680cff9feefce8a70259a8dc5702eb12349765ad

SHA512
ab44866aeb34dfb79506a2f183dd82b93dc6a3a73de0bed1d500c42ee26f34eec256433983c14fba68cbfa88c7533cfdf2e9b01d8849d6277a1802ce6c9ee664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ff63930bcee6dd5a4f809e3906feaf15

SHA1
631390213e78d3754b9dedefb2c355ec568c8de8

SHA256
1b5a02a824e2eafccc33a72ac3449896079627e7fdf0ab227f90fd8470de2f9b

SHA512
ffd5554b09b319c93508c1c4af4a91f5631016719f0bb24829c47bfcc1b6e7e99df1e4dccd45252099f646d593de5a6987af42565dabcbcbd20230443e37b771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8fae35f15bf4ef933019c1f486b2e84b

SHA1
274993436cb719a42720d00523ba8761fa332fde

SHA256
595f95131e6d520ecf30fd8f68df0737bc76407b35b38b89da559d2d336f32c0

SHA512
8bf0065863f464c40b9f5361ed86a9e4c43ab843340fa241c4c3ab14ec8095c9c7b67c159a929412e974497de0daff3627bc77c61246603d07f00ffb8704e01b

Download Submit